last executing test programs:

21.991180714s ago: executing program 3 (id=638):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x600)

21.545971285s ago: executing program 3 (id=639):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
sendmsg$nl_route_sched(r1, 0x0, 0x4040011)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

20.999769325s ago: executing program 3 (id=641):
syz_mount_image$ext4(&(0x7f0000000200)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000f40)={[{@grpjquota}, {@i_version}, {@grpid}, {@noload}, {@orlov}, {@errors_continue}]}, 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x210008, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r6 = creat(0x0, 0x104)
dup3(0xffffffffffffffff, r6, 0x0)
io_setup(0x58, 0x0)
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3)
chdir(&(0x7f0000000180)='./file0\x00')

18.803231238s ago: executing program 3 (id=647):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="c100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f00000003c0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES8, @ANYRES32, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd520839bd791f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399ca072639251325e38177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8964f99a04195ad43adb611", @ANYRES16, @ANYBLOB="4599"], 0x1, 0x701, &(0x7f00000009c0)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF1uOF6/lIClFNqVR+rj3kFNP6UG30ENJ74b23BAo6VHHQCGXnHRTmdmZ3Vlptbuy9Yrz+4mZ+Wa+x3zzn52ZfSC+AL6xlmej+iSSWJ59czNd39leaI1tL0zm2a2ImIiISkQ1Ikk3JauR5d7Kp/h25Dml5QEfNpfe/vyrnS/aa9V8yspXBtXrY+Lgpq18inpEjOXLg8YPafGT/bvvae/2oe2NKukcYRqwa0Xg4i/P1Co8s70Dtjp5H/8nm3fK9Kl+lOsWOKeS9nMz173UZyKmI2Iqov3Uz+8OldPv4fHaOusOAAAAwFHVjl7lhd3Yjc24cBLdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdVPv5/kk+VIl2PpBj/fyLfFnn6HBo+EOJnk+3lk5PvDAAAAAAAAACcuFd3Yzc240Kxvpdkv/m/VvqN/1vxXqzHSqzF9diMRmzERqzFfETMlBqa2GxsbKzNZzUjLg2oeTM+7VPz5uF9vNW7mhzHcQMAAAAAAADAOTY1JP/++MFtv4/l7u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHiQRY+1FNl0q0jNRqUbEVFFuK+LTiJg4294eSdJv45PT7wcAAAA8k6ne1WRqhDovvB+7sRkXivW9JPvMfyX7vDwV78VqbEQzNqIVK3En/wydfuqv7GwvtHa2Fx6k08F2f/rlkbqetRjt7x767/nlrEQt7kYz23I9bkcSe5lK3srLO9sL6fJB/359kPYp+UluQG/GSuk76ezqJ1n6z73fIlSPdIgj2t9o5dCSM1nueCcic3nf0hoXiwj0j8TQs1MduKf5qHS++bk0eE/9Y/7B4L1P7yvV95ubM7E/Ejej0jlDVwZHIuK7//j41/daq/fv3V2fPT+H1Nf7Q0vsj8RCKRJXn6NIDDeXReJyZ305fhG/itn4cvKtWItm/CYasREr9SK/kb+e0/nM4Eh9Nl1ee2tYT9Jrst65f/XrUz16+hT1+HmWasRr2Tm9EM1I4mFErMQb2d/NmO/cDbpn+PIIV31lhDttybXvZYtOmKJ2eNm/jdbkcUnjerEU1/I9dybLK2/pRunFvlEqnnWjP49Kqt/JE2kLfxj4fDht+yMxX4rES4e9Xtoh/eteOl9vrd5fu9d4d8T9vZ4v0+voTwOeEifymB4oPcMvxlR+cBezeZJdU3NZ3kudXhXx+m8zYj7Lu9RppfeJm+Zd7tRrX6m/jIdxp+dK/WEsxmIsZaWvZKXHDzyx0ryrnZZ67+FpXvpOq9r5Yaf8futhtNrvhyK2vva3bYDn2fT3pydq/6v9u/ZR7Y+1e7U3p342+aPJVyZi/F/jP67Ojb1eeSX5e3wUv+t+/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7e+qPH9xut1spa/0Slf1YyuFajtVcMJDagTE8iyYfKGaFwsv7o8d7QBgcnJvPuPWX140wUozUOL1w/wW4kW/vP19Twc1GM8jTCLpJ8mMrSSysinrrPxZ67W8bPwancn6gfuVb9wHHlieIFWyp89Fdvrd/5GouIfoWH3DjGjuHmA5ypGxsP3r2x/ujxD5oPGu+svLOyOr64uDS3tPjGwo27zdbKXHteqnD6o+oBJ6T8dqJjIiJeHV53wECtAAAAAAAAAAAAwAk6jf+FOOtjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7elmej+iSSmJ+7Ppeu72wvtNKpSHdLViOiEhHJbyOSf0bcivYUM6XmksP282Fz6e3Pv9r5ottWtShfidg6tN6gNru28inqETGWL59BT3u3h7c30U1O9slOOkeRBuxaETg4a/8PAAD//9qm8z8=")
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x41, 0x4)
clock_adjtime(0x4, 0x0)
r5 = open(&(0x7f00000000c0)='./bus\x00', 0xce942, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000040)=0xadfc)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

16.699619632s ago: executing program 3 (id=654):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=0x0])
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)

10.513026121s ago: executing program 1 (id=671):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0)
io_uring_enter(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000080)=0xfffffffa, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x100201, @dev, 0x4}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, &(0x7f0000000000))

9.521408623s ago: executing program 1 (id=672):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
sendmsg$nl_route_sched(r3, 0x0, 0x4040011)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

8.932536467s ago: executing program 1 (id=673):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_tree(r0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x40000000000ead}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000500)={0x10, 0x0, &(0x7f0000000440)=[@clear_death={0x400c630f, 0x80000003}], 0x0, 0x0, 0x0})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
dup(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

8.228345772s ago: executing program 4 (id=674):
syz_mount_image$exfat(&(0x7f0000000100), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f0000000140)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
write$binfmt_script(r1, &(0x7f00000002c0), 0xb)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3)

8.062084377s ago: executing program 1 (id=675):
prctl$PR_CAPBSET_READ(0x59616d61, 0xfffffffffffffffe)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

7.7114523s ago: executing program 4 (id=677):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x0, {0x4}}}]]}, {0x4, 0x5}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)

6.229973196s ago: executing program 0 (id=679):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000188500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
io_setup(0xa00, &(0x7f0000000300)=<r2=>0x0)
io_getevents(r2, 0x6, 0x6, &(0x7f0000000580)=[{}, {}, {}, {}, {}, {}], 0x0)
io_destroy(r2)

5.955429131s ago: executing program 0 (id=680):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0)
io_uring_enter(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000080)=0xfffffffa, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x100201, @dev, 0x4}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, &(0x7f0000000000))

5.633651511s ago: executing program 4 (id=681):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
sendmsg$nl_route_sched(r3, 0x0, 0x4040011)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

5.609831203s ago: executing program 1 (id=682):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000180)=@keyring)

5.055329864s ago: executing program 0 (id=683):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_tree(r0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x40000000000ead}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000500)={0x10, 0x0, &(0x7f0000000440)=[@clear_death={0x400c630f, 0x80000003}], 0x0, 0x0, 0x0})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
dup(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

5.054756024s ago: executing program 4 (id=684):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

3.960154095s ago: executing program 0 (id=685):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x44, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_COOKIE_WAIT={0x8, 0x2, 0x1, 0x0, 0xf}, @CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8847}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008014}, 0x4)

3.929692228s ago: executing program 0 (id=686):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

3.466166741s ago: executing program 0 (id=687):
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[], 0x24}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x606)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000180)='syz0\x00')
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r2, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x5, 0x100a, &(0x7f0000005480)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES64], 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a3a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006461a0000000905810300020000000904010000020d000009040101"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000140)=[{0x4, 0x0, 0x81, 0x7fffffff}, {0x7, 0x1, 0x5, 0x5}]})
setgid(0xee00)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}]}]}, 0x20}}, 0x0)
syz_usb_control_io(r3, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r4, 0xd01c4813, &(0x7f00000000c0)={0x2})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)

2.999562444s ago: executing program 1 (id=688):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_tree(r0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})

2.915199201s ago: executing program 2 (id=632):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x408e, &(0x7f0000000240), 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x200, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c)
listen(r2, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x3, 0x800)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000800)={'\x00', 0x11, 0x8, 0x9ff2, 0x2000003, 0x43a11306})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x10)

2.291346759s ago: executing program 2 (id=689):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xab4b4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = msgget(0x2, 0x292)
msgctl$MSG_STAT(r4, 0xb, 0x0)

1.212183888s ago: executing program 2 (id=690):
prctl$PR_CAPBSET_READ(0x59616d61, 0xfffffffffffffffe)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

1.052293883s ago: executing program 4 (id=691):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0)
io_uring_enter(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000080)=0xfffffffa, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x100201, @dev, 0x4}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, &(0x7f0000000000))

739.399052ms ago: executing program 2 (id=692):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
sendmsg$nl_route_sched(r3, 0x0, 0x4040011)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

287.880674ms ago: executing program 3 (id=655):
r0 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_tree(r0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000540)=""/4096, 0x1000}], 0x1, 0x80000001, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000300))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet_sctp(0x2, 0x5, 0x84)

188.588313ms ago: executing program 4 (id=693):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@dioread_lock}, {@usrjquota}]}, 0xfe, 0x444, &(0x7f0000000980)="$eJzs3MtvG8UfAPDv2nHS5y/5lfJoaCFQEBGPpEkf9MAFBBIHkJC4FHEKSVqFpg1qgkSrCAKHcESVuCOOSPwFnOCCgBMSV7ijShXKpYWT0dq7qZvYaZw4del+PtLGM96xZr67O/bsjJ0ACmso/ZNE7IuI3yOiv569vcBQ/eHmyuLk3yuLk0lUq2//ldTK3VhZnMyL5q/bW89Uq1m+r0m9y+9GTMzOTl/K8qMLFz4Ynb985YWZCxPnps9NXxw/ffrE8SO9p8ZPdiTONK4bgx/PHT70+jtX35w8c/W9n79N27sv298YR6cM1Y9uU09XOl1bd+1vSCc9XWwIbSlHRHq6KrX+3x/l2L26rz9e+6yrjQN2VLVarTb7fM4sVYH7WBLdbgHQHfkHfXr/m293aehxT7j+cv0GKI37ZrbV9/REKStTWXN/20lDEXFm6Z+v0i12aB4CAKDR9+n45/lm479SPNRQ7n/ZGspARPw/Ig5ExAMRcTAiHoyolX04Ih5ps/61KyTrxz+la1sKbJPS8d9L2drW7eO/fPQXA+Ust78WfyU5OzM7fSw7JsNR6UvzYxvU8cOrv33Ral/j+C/d0vrzsWDWjms9aybopiYWJrYTc6Prn0YM9jSLP4l8GSeJiEMRMbjFOmae/eZwq313jn8DHVhnqn4d8Uz9/C/FmvhzScv1ybEXT42fHN0Vs9PHRvOrYr1ffl1+q1X924q/A9Lzv6fp9b8a/0CyK2L+8pXztfXa+fbrWP7j85b3NFu7/mdWG9ebPX40sbBwaSyiN3lj/fPjt16b5/PyafzDR5v3/wNx60g8GhHpRXwkIh6LiMeztj8REU9GxNEN4v/plafebz/+DWblOyiNf+pO5z8az3/7ifL5H79rP/5cev5P1FLD2TObef/bbAO3c+wAAADgv6JU+w58UhpZTZdKIyP17/AfjD1LMTe/8NzZuQ8vTtW/Kz8QlVI+09XfMB86ls0N5/nxNfnj2bzxl+XdtfzI5NzsVLeDh4Lb26L/p/4sd7t1wI7zey0oLv0fikv/h+LS/6G49H8ormb9/5MutAO4+3z+Q3Hp/1Bc+j8Ul/4PhdTyt/Glbf3kf7uJpBuVSrSTiNI90Yz7P9Gz6X9mscVEX9Nd3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Ix/AwAA//+UFuN0")
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000480), 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x3}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9f, 0x0, 0x0, 0xbfb, 0xbb37, 0x5, 0x0, 0xfffffff5], [0x101, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x545b69d5, 0x2], [0x0, 0x0, 0x0, 0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2e]}, 0x45c)

147.912986ms ago: executing program 2 (id=694):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x0, {0x4}}}]]}, {0x4, 0x5}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev}, 0x10)
r2 = dup(r1)
write$FUSE_NOTIFY_DELETE(r2, 0x0, 0xfffffed1)

0s ago: executing program 2 (id=695):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="090000000400"/20, @ANYRESDEC, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, 0x0, &(0x7f0000000080)}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000003ac0)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000580)=""/75, 0x4b}, {&(0x7f0000001880)=""/93, 0x5d}, {&(0x7f0000001900)=""/69, 0x45}, {&(0x7f0000000300)=""/11, 0xb}, {&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000000500)=""/28, 0x1c}, {&(0x7f0000002980)=""/4096, 0x1000}, {&(0x7f0000003980)=""/175, 0xaf}, {&(0x7f0000003a40)=""/121, 0x79}], 0xa}, 0x101}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000003b80)=""/164, 0xa4}], 0x1, &(0x7f0000003c40)=""/18, 0x12}, 0xaec}, {{&(0x7f0000003c80)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000003d00)=""/168, 0xa8}], 0x1, &(0x7f0000003e00)=""/87, 0x57}, 0x7}, {{&(0x7f0000003e80)=@tipc=@id, 0x80, 0x0, 0x0, &(0x7f0000005140)=""/86, 0x56}, 0xb}], 0x4, 0x40000000, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$sock(r6, &(0x7f0000006640)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000400)="f165163afcc0b8296b279d1a62c2a318c9d88469e1c45ae81563f387f3de7659e90b688f0e08422d5621406426164a47387b51b531282886bf045dd9e69e3744977f1db26363ee573c1886aa76b47c94e8e113e7863ac0ab542b76417d5bfa2142a6ccd29f591f9194079cc10a31deedb2dcb41d891be4bc35afd597dd72cf630ef45e92177270d4bea051583416b9c13895c8424dc5600c70d5b5ddb53d11fbb65cfbdd034bcf60f02cf641b833c74b51cdca937c96cf872562bca15c1fb500279c3c6ce3b988ba6e7824c168118c9905db31073a755c403edbf32a47b12a6cb6", 0xe1}, {&(0x7f0000000340)="e74f541d24c4b951ef3de2451fcec66e15e60170b42af9", 0x7fffef1f}], 0x2}}], 0x1, 0x0)
fgetxattr(r2, &(0x7f0000000280)=@known='user.incfs.metadata\x00', &(0x7f0000000700)=""/144, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r7, 0x6, 0x1, &(0x7f0000000080)={0x0, 0x43, 0x0, 0x4}, 0xc)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xf)
setgid(0xee00)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r8, &(0x7f0000000040)={0x1f, 0xfffb}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11)

kernel console output (not intermixed with test programs):

1][ T3611] Bluetooth: hci0: command 0x0419 tx timeout
[   60.691669][ T3611] Bluetooth: hci1: command 0x0419 tx timeout
[   60.805761][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   60.820624][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!!
[   60.829632][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!!
[   60.838720][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   60.847724][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   60.856764][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   60.865776][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   60.874762][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   60.883779][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   61.234492][ T3611] Bluetooth: hci2: command 0x0419 tx timeout
[   61.243117][ T3611] Bluetooth: hci4: command 0x0419 tx timeout
[   61.249181][ T3611] Bluetooth: hci3: command 0x0419 tx timeout
[   61.259571][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.411494][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   62.162603][ T3669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   62.249085][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   62.324738][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.363906][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.878027][ T3675] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   62.920649][ T3676] netlink: 216 bytes leftover after parsing attributes in process `syz.0.9'.
[   63.140651][ T3685] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET)
[   63.148005][ T3675] syz.0.9 (3675) used greatest stack depth: 19992 bytes left
[   64.055755][ T3689] Zero length message leads to an empty skb
[   66.973648][ T3751] loop0: detected capacity change from 0 to 16
[   68.027987][ T3751] erofs: (device loop0): mounted with root inode @ nid 36.
[   69.150275][ T3783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.20'.
[   71.083879][ T1387] ieee802154 phy0 wpan0: encryption failed: -22
[   71.090482][ T1387] ieee802154 phy1 wpan1: encryption failed: -22
[   71.256709][ T3805] netlink: 'syz.3.27': attribute type 39 has an invalid length.
[   72.028275][ T3807] netlink: 68 bytes leftover after parsing attributes in process `syz.2.28'.
[   72.099428][ T3807] infiniband syz0: set active
[   72.104317][ T3807] infiniband syz0: added bond_slave_0
[   72.189236][ T3807] RDS/IB: syz0: added
[   72.193864][ T3807] smc: adding ib device syz0 with port count 1
[   72.200115][ T3807] smc:    ib device syz0 port 1 has pnetid 
[   72.643270][ T3820] netlink: 'syz.3.30': attribute type 10 has an invalid length.
[   72.765906][ T3822] binder: 3816:3822 ioctl 4018620d 0 returned -22
[   73.259701][ T3824] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   73.334457][ T3820] batman_adv: batadv0: Adding interface: team0
[   73.491492][ T3820] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.320805][ T3820] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   74.395687][ T3823] netlink: 'syz.3.30': attribute type 10 has an invalid length.
[   74.404314][ T3823] netlink: 2 bytes leftover after parsing attributes in process `syz.3.30'.
[   75.221984][ T3823] device team0 entered promiscuous mode
[   75.227665][ T3823] device team_slave_0 entered promiscuous mode
[   75.405557][ T3823] device team_slave_1 entered promiscuous mode
[   75.533679][ T3820] syz.3.30 (3820) used greatest stack depth: 19960 bytes left
[   75.534697][ T3823] 8021q: adding VLAN 0 to HW filter on device team0
[   75.570197][ T3823] batman_adv: batadv0: Interface activated: team0
[   75.580835][ T3823] batman_adv: batadv0: Interface deactivated: team0
[   75.599280][ T3823] batman_adv: batadv0: Removing interface: team0
[   75.652929][ T3823] bridge0: port 3(team0) entered blocking state
[   75.681658][ T3823] bridge0: port 3(team0) entered disabled state
[   75.716106][ T3823] bridge0: port 3(team0) entered blocking state
[   75.722634][ T3823] bridge0: port 3(team0) entered forwarding state
[   75.807212][ T3823] syz.3.30 (3823) used greatest stack depth: 19328 bytes left
[   76.120118][ T3863] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[   76.205011][   T23] cfg80211: failed to load regulatory.db
[   76.239444][ T3861] device syzkaller0 entered promiscuous mode
[   76.299829][ T3869] 9pnet: p9_client_clunk (3869): Trying to clunk with invalid fid
[   76.321500][ T3869] CPU: 1 PID: 3869 Comm: syz.3.47 Not tainted 5.15.167-syzkaller #0
[   76.329511][ T3869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   76.339582][ T3869] Call Trace:
[   76.342876][ T3869]  <TASK>
[   76.345815][ T3869]  dump_stack_lvl+0x1e3/0x2d0
[   76.350531][ T3869]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   76.356181][ T3869]  ? panic+0x860/0x860
[   76.360282][ T3869]  p9_client_clunk+0x2d0/0x390
[   76.365070][ T3869]  v9fs_statfs+0x170/0x4e0
[   76.369504][ T3869]  ? slab_free_freelist_hook+0xdd/0x160
[   76.375067][ T3869]  ? v9fs_drop_inode+0x120/0x120
[   76.380108][ T3869]  ? rcu_is_watching+0x11/0xa0
[   76.384899][ T3869]  vfs_statfs+0x133/0x2b0
[   76.389247][ T3869]  ovl_get_lowerstack+0x1ff/0x1fe0
[   76.394399][ T3869]  ? ovl_get_workdir+0x1350/0x1350
[   76.399553][ T3869]  ? __kmalloc+0x168/0x300
[   76.403992][ T3869]  ovl_fill_super+0x16d8/0x2a20
[   76.408880][ T3869]  ? ovl_mount+0x30/0x30
[   76.413152][ T3869]  ? sget+0x4b8/0x4d0
[   76.417147][ T3869]  ? free_anon_bdev+0x20/0x20
[   76.420768][ T3642] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   76.421831][ T3869]  ? ovl_mount+0x30/0x30
[   76.421880][ T3869]  mount_nodev+0x52/0xe0
[   76.438009][ T3869]  legacy_get_tree+0xeb/0x180
[   76.442699][ T3869]  ? virtio_fs_zero_page_range+0x170/0x170
[   76.448545][ T3869]  vfs_get_tree+0x88/0x270
[   76.452982][ T3869]  do_new_mount+0x2ba/0xb40
[   76.457512][ T3869]  ? do_move_mount_old+0x160/0x160
[   76.462646][ T3869]  ? user_path_at_empty+0x12b/0x180
[   76.467867][ T3869]  __se_sys_mount+0x2d5/0x3c0
[   76.472562][ T3869]  ? __x64_sys_mount+0xc0/0xc0
[   76.477340][ T3869]  ? syscall_enter_from_user_mode+0x2e/0x240
[   76.483356][ T3869]  ? lockdep_hardirqs_on+0x94/0x130
[   76.488571][ T3869]  ? __x64_sys_mount+0x1c/0xc0
[   76.493353][ T3869]  do_syscall_64+0x3b/0xb0
[   76.497785][ T3869]  ? clear_bhb_loop+0x15/0x70
[   76.502478][ T3869]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   76.508387][ T3869] RIP: 0033:0x7faf5b3d2ff9
[   76.512813][ T3869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.532432][ T3869] RSP: 002b:00007faf5984b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.540885][ T3869] RAX: ffffffffffffffda RBX: 00007faf5b58af80 RCX: 00007faf5b3d2ff9
[   76.548880][ T3869] RDX: 00000000200000c0 RSI: 0000000020001340 RDI: 0000000000000000
[   76.556856][ T3869] RBP: 00007faf5b445296 R08: 00000000200003c0 R09: 0000000000000000
[   76.564839][ T3869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.572817][ T3869] R13: 0000000000000000 R14: 00007faf5b58af80 R15: 00007ffe8bfef3b8
[   76.580847][ T3869]  </TASK>
[   76.583887][    C1] vkms_vblank_simulate: vblank timer overrun
[   76.610971][ T3869] overlayfs: statfs failed on './file0'
[   76.804989][ T3871] loop2: detected capacity change from 0 to 16
[   76.836478][ T3642] usb 2-1: not running at top speed; connect to a high speed hub
[   76.847027][ T3873] loop0: detected capacity change from 0 to 2048
[   76.854993][ T3871] erofs: Unknown parameter ''
[   76.921013][ T3642] usb 2-1: config 95 has an invalid interface number: 1 but max is 0
[   76.939844][ T3642] usb 2-1: config 95 has no interface number 0
[   76.990915][ T3642] usb 2-1: config 95 interface 1 has no altsetting 0
[   77.098165][ T3873] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   77.171283][ T3642] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[   77.180797][ T3642] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.191624][ T3642] usb 2-1: Product: syz
[   77.196788][ T3642] usb 2-1: Manufacturer: syz
[   77.202199][ T3642] usb 2-1: SerialNumber: syz
[   77.317684][ T3574] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   79.156824][ T3888] loop4: detected capacity change from 0 to 736
[   79.362180][ T3888] =======================================================
[   79.362180][ T3888] WARNING: The mand mount option has been deprecated and
[   79.362180][ T3888]          and is ignored by this kernel. Remove the mand
[   79.362180][ T3888]          option from the mount to silence this warning.
[   79.362180][ T3888] =======================================================
[   79.498112][ T3898] loop3: detected capacity change from 0 to 256
[   80.235576][ T3642] usb 2-1: USB disconnect, device number 2
[   81.688723][ T3915] device syzkaller1 entered promiscuous mode
[   81.892948][ T3923] loop4: detected capacity change from 0 to 256
[   81.991475][ T3923] exfat: Unknown parameter '“æask'
[   82.120179][ T3929] loop0: detected capacity change from 0 to 512
[   82.389284][ T3929] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[   82.417753][ T3929] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   82.473804][ T3891] udevd[3891]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   82.588632][ T3929] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   82.622083][ T3929] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002]
[   82.688740][ T3929] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80)
[   82.782549][ T3929] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features
[   82.829285][ T3929] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,noinit_itable,nomblk_io_submit,noblock_validity,data_err=abort,jqfmt=vfsold,jqfmt=vfsv0,barrier=0x000000000000d95a,debug,,errors=continue. Quota mode: none.
[   82.919876][ T3929] EXT4-fs warning (device loop0): dx_probe:893: inode #2: comm syz.0.66: dx entry: limit 65535 != root limit 120
[   83.052321][ T3929] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.66: Corrupt directory, running e2fsck is recommended
[   83.587991][ T3929] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz.0.66: path /14/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[   83.626060][ T3914] loop2: detected capacity change from 0 to 32768
[   83.754353][ T3914] (syz.2.61,3914,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   83.795118][ T3953] netlink: 'syz.4.73': attribute type 29 has an invalid length.
[   83.850906][ T3953] netlink: 'syz.4.73': attribute type 29 has an invalid length.
[   83.865165][ T3954] netlink: 'syz.4.73': attribute type 29 has an invalid length.
[   83.872060][ T3914] (syz.2.61,3914,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   83.878629][ T3950] loop3: detected capacity change from 0 to 2048
[   83.903068][ T3953] netlink: 'syz.4.73': attribute type 29 has an invalid length.
[   83.970475][ T3950] EXT4-fs (loop3): Ignoring removed orlov option
[   84.004884][ T3914] JBD2: Ignoring recovery information on journal
[   84.249000][ T3950] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,errors=remount-ro,. Quota mode: none.
[   84.596283][ T3914] JBD2: recovery failed
[   84.618666][ T3914] (syz.2.61,3914,1):ocfs2_journal_load:1082 ERROR: Failed to load journal!
[   84.660875][ T3914] (syz.2.61,3914,0):ocfs2_check_volume:2429 ERROR: ocfs2 journal load failed! -5
[   84.709013][ T3914] (syz.2.61,3914,0):ocfs2_check_volume:2485 ERROR: status = -5
[   84.769579][ T3914] (syz.2.61,3914,0):ocfs2_mount_volume:1824 ERROR: status = -5
[   84.857340][ T3914] (syz.2.61,3914,0):ocfs2_fill_super:1177 ERROR: status = -5
[   84.894396][ T3974] loop0: detected capacity change from 0 to 256
[   84.913761][  T154] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   85.167371][ T3974] exfat: Unknown parameter '“æask'
[   85.262876][  T154] EXT4-fs (loop3): Remounting filesystem read-only
[   86.284400][ T3995] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[   87.118067][ T4006] loop3: detected capacity change from 0 to 128
[   87.493659][ T4018] loop4: detected capacity change from 0 to 256
[   87.739167][ T4018] exfat: Unknown parameter '“æask'
[   87.833032][ T4021] fuse: Unknown parameter 'L²?s~nF"½}¼ü<„ hò¤ø!™¬ÖÐkæ3­¡h¿r	šŸ'
[   87.866250][ T4021] loop3: detected capacity change from 0 to 2048
[   89.271662][ T4006] sched: RT throttling activated
[   89.390798][ T4021] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[   89.452999][ T4021] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   89.901003][ T4030] loop1: detected capacity change from 0 to 16
[   90.044615][ T4030] erofs: Unknown parameter ''
[   91.191187][ T3559] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   91.192472][ T4044] binder: 4028:4044 ioctl c0306201 0 returned -14
[   91.769425][ T4050] loop1: detected capacity change from 0 to 512
[   91.776076][ T3559] usb 3-1: Using ep0 maxpacket: 32
[   91.878223][ T4055] 9pnet: p9_client_clunk (4055): Trying to clunk with invalid fid
[   92.050947][ T4055] CPU: 1 PID: 4055 Comm: syz.0.102 Not tainted 5.15.167-syzkaller #0
[   92.059129][ T4055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   92.069276][ T4055] Call Trace:
[   92.072561][ T4055]  <TASK>
[   92.075490][ T4055]  dump_stack_lvl+0x1e3/0x2d0
[   92.080198][ T4055]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   92.085843][ T4055]  ? panic+0x860/0x860
[   92.089946][ T4055]  p9_client_clunk+0x2d0/0x390
[   92.094719][ T4055]  v9fs_statfs+0x170/0x4e0
[   92.099234][ T4055]  ? slab_free_freelist_hook+0xdd/0x160
[   92.104795][ T4055]  ? v9fs_drop_inode+0x120/0x120
[   92.109739][ T4055]  ? rcu_is_watching+0x11/0xa0
[   92.114527][ T4055]  vfs_statfs+0x133/0x2b0
[   92.118865][ T4055]  ovl_get_lowerstack+0x1ff/0x1fe0
[   92.124004][ T4055]  ? ovl_get_workdir+0x1350/0x1350
[   92.129137][ T4055]  ? __kmalloc+0x168/0x300
[   92.133562][ T4055]  ovl_fill_super+0x16d8/0x2a20
[   92.138444][ T4055]  ? ovl_mount+0x30/0x30
[   92.142705][ T4055]  ? sget+0x4b8/0x4d0
[   92.146691][ T4055]  ? free_anon_bdev+0x20/0x20
[   92.151474][ T4055]  ? ovl_mount+0x30/0x30
[   92.155771][ T4055]  mount_nodev+0x52/0xe0
[   92.160033][ T4055]  legacy_get_tree+0xeb/0x180
[   92.164719][ T4055]  ? virtio_fs_zero_page_range+0x170/0x170
[   92.170552][ T4055]  vfs_get_tree+0x88/0x270
[   92.174985][ T4055]  do_new_mount+0x2ba/0xb40
[   92.179507][ T4055]  ? do_move_mount_old+0x160/0x160
[   92.184636][ T4055]  ? user_path_at_empty+0x12b/0x180
[   92.189854][ T4055]  __se_sys_mount+0x2d5/0x3c0
[   92.194548][ T4055]  ? __x64_sys_mount+0xc0/0xc0
[   92.199323][ T4055]  ? syscall_enter_from_user_mode+0x2e/0x240
[   92.205307][ T4055]  ? lockdep_hardirqs_on+0x94/0x130
[   92.210503][ T4055]  ? __x64_sys_mount+0x1c/0xc0
[   92.215261][ T4055]  do_syscall_64+0x3b/0xb0
[   92.219691][ T4055]  ? clear_bhb_loop+0x15/0x70
[   92.224362][ T4055]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   92.230254][ T4055] RIP: 0033:0x7fb602d2aff9
[   92.234662][ T4055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.254261][ T4055] RSP: 002b:00007fb6011a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   92.262669][ T4055] RAX: ffffffffffffffda RBX: 00007fb602ee2f80 RCX: 00007fb602d2aff9
[   92.270628][ T4055] RDX: 00000000200000c0 RSI: 0000000020001340 RDI: 0000000000000000
[   92.278586][ T4055] RBP: 00007fb602d9d296 R08: 00000000200003c0 R09: 0000000000000000
[   92.286544][ T4055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.294503][ T4055] R13: 0000000000000000 R14: 00007fb602ee2f80 R15: 00007ffd8298a038
[   92.302483][ T4055]  </TASK>
[   92.322257][ T3559] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.390976][ T3559] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.507043][ T4050] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   92.630774][ T3559] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[   92.665895][ T4050] EXT4-fs (loop1): invalid journal inode
[   92.761105][ T4050] EXT4-fs (loop1): can't get journal size
[   92.787112][ T3559] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.865464][ T4050] EXT4-fs (loop1): 1 truncate cleaned up
[   92.872403][ T3559] usb 3-1: config 0 descriptor??
[   92.894390][ T3559] usb 3-1: can't set config #0, error -71
[   92.916625][ T4050] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none.
[   92.948899][ T4055] overlayfs: statfs failed on './file0'
[   92.959819][ T3559] usb 3-1: USB disconnect, device number 2
[   94.374165][ T4077] loop0: detected capacity change from 0 to 256
[   94.391690][ T4076] loop2: detected capacity change from 0 to 16
[   94.398941][ T4076] erofs: Unknown parameter ''
[   94.417815][ T4077] exfat: Unknown parameter '“æask'
[   94.463841][ T4081] binder: 4075:4081 ioctl c0306201 0 returned -14
[   95.234803][ T3559] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   96.006043][ T4089] loop4: detected capacity change from 0 to 128
[   96.083071][ T4089] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿ^æФo©tÕԾݶ#Œ)…ÀÑ:¹Í![ä7
°i\o
…"܉-ýáÄÝaboSWÓ$’=˜êýiü¶’ž]
IµZÓfË@^±ÛN!ï÷îýÄ‘÷¡½^ùMª`äÊO†¶À¿¤2	¡\Ƽí0)œf¶ày-ÉÅY7è~��À©Sûrbto…˜•Å@ý$æ΢c"®�ß‚}]Í [ê%˜nQœ>Æ-;Ï_ãgÉ[~b^|ƒ‰IKRê0 f•éè}¿ZAW¸”;´" or missing value
[   96.089726][ T3559] usb 2-1: Using ep0 maxpacket: 8
[   96.158980][ T4096] loop2: detected capacity change from 0 to 128
[   96.260466][ T4098] loop0: detected capacity change from 0 to 256
[   96.350813][ T3559] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   96.398978][ T4098] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[   96.416401][ T4102] netlink: 8 bytes leftover after parsing attributes in process `syz.4.117'.
[   96.428297][ T3559] usb 2-1: New USB device found, idVendor=05a9, idProduct=2640, bcdDevice=55.12
[   96.467072][ T3559] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.489000][ T3559] usb 2-1: config 0 descriptor??
[   97.641082][ T3559] usb 2-1: string descriptor 0 read error: -71
[   97.783904][ T3559] usb 2-1: Found UVC 0.00 device <unnamed> (05a9:2640)
[   98.501412][ T3559] usb 2-1: No valid video chain found.
[   98.521128][ T4114] loop4: detected capacity change from 0 to 512
[   98.535547][ T4115] loop1: detected capacity change from 0 to 16
[   98.545283][ T3559] usb 2-1: USB disconnect, device number 3
[   98.571172][ T4115] erofs: Unknown parameter ''
[   98.604559][   T26] audit: type=1326 audit(1727821482.294:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4117 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x7ffc0000
[   98.622768][ T4114] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   98.687273][   T26] audit: type=1326 audit(1727821482.344:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4117 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x7ffc0000
[   98.722762][ T4114] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   98.783153][ T4119] binder: 4112:4119 ioctl c0306201 0 returned -14
[   99.256595][ T4114] EXT4-fs (loop4): 1 truncate cleaned up
[   99.264938][   T26] audit: type=1326 audit(1727821482.344:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4117 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fb602d2aff9 code=0x7ffc0000
[   99.290001][ T4114] EXT4-fs (loop4): mounted filesystem without journal. Opts: data=journal,jqfmt=vfsv0,errors=continue,nodelalloc,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none.
[   99.306569][ T4123] loop1: detected capacity change from 0 to 256
[   99.316303][   T26] audit: type=1326 audit(1727821482.354:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4117 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x7ffc0000
[   99.342027][   T26] audit: type=1326 audit(1727821482.354:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4117 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb602d2aff9 code=0x7ffc0000
[   99.481360][ T4123] exfat: Unknown parameter '“æask'
[  100.174755][ T4125] loop0: detected capacity change from 0 to 1024
[  100.221885][ T4125] EXT4-fs (loop0): Ignoring removed nobh option
[  100.294205][ T4125] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  100.564756][ T4137] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  101.288967][ T4125] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,resuid=0x0000000000000000,dioread_nolock,usrjquota=,discard,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  102.085753][ T4150] capability: warning: `syz.1.130' uses 32-bit capabilities (legacy support in use)
[  104.343871][ T4158] ptrace attach of "./syz-executor exec"[3568] was attempted by "./syz-executor exec"[4158]
[  104.757028][ T4166] loop1: detected capacity change from 0 to 256
[  104.835848][ T4166] exfat: Unknown parameter '“æask'
[  105.371999][ T4180] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  106.219102][ T4183] netlink: 68 bytes leftover after parsing attributes in process `syz.1.142'.
[  106.280646][ T4183] rdma_rxe: rxe_register_device failed with error -23
[  106.395432][ T4183] rdma_rxe: failed to add bond_slave_0
[  107.767562][ T4207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.148'.
[  107.840611][ T3642] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  107.930995][ T4212] loop1: detected capacity change from 0 to 256
[  108.031445][ T4212] exfat: Unknown parameter '“æask'
[  108.244896][ T3642] usb 3-1: Using ep0 maxpacket: 32
[  108.370819][ T3642] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  108.464133][ T3642] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  108.830675][ T3642] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  108.913965][ T3642] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  108.998508][ T3642] usb 3-1: config 0 interface 0 has no altsetting 0
[  109.950815][ T3642] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  109.959898][ T3642] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  109.997251][ T3642] usb 3-1: Product: syz
[  110.008760][ T3642] usb 3-1: Manufacturer: syz
[  110.037765][ T3642] usb 3-1: config 0 descriptor??
[  110.070802][ T3642] usb 3-1: can't set config #0, error -71
[  110.080454][ T3642] usb 3-1: USB disconnect, device number 3
[  111.970060][ T4325] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  113.118039][ T4336] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  113.147451][ T4336] overlayfs: missing 'lowerdir'
[  113.880678][ T3610] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  114.170707][ T3610] usb 2-1: Using ep0 maxpacket: 16
[  114.687425][ T4370] netlink: 'syz.2.208': attribute type 27 has an invalid length.
[  114.717149][ T4370] rdma_rxe: ignoring netdev event = 10 for bond_slave_0
[  114.744008][ T4370] infiniband syz0: set down
[  114.751058][ T3610] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  114.761140][ T3610] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.776184][ T3610] usb 2-1: Product: syz
[  114.782455][ T3610] usb 2-1: Manufacturer: syz
[  114.787284][ T3610] usb 2-1: SerialNumber: syz
[  114.825474][ T4376] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  114.943514][ T3610] r8152-cfgselector 2-1: config 0 descriptor??
[  115.531302][ T1967] infiniband syz0: ib_query_port failed (-19)
[  115.643025][   T26] audit: type=1326 audit(1727821499.334:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4381 comm="syz.3.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf5b3d2ff9 code=0x7ffc0000
[  115.722854][ T4370] rdma_rxe: ignoring netdev event = 27 for bond_slave_0
[  115.735382][   T26] audit: type=1326 audit(1727821499.384:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4381 comm="syz.3.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7faf5b3d2ff9 code=0x7ffc0000
[  115.758729][ T4370] rdma_rxe: ignoring netdev event = 26 for bond_slave_0
[  115.766033][ T4370] rdma_rxe: ignoring netdev event = 21 for bond_slave_0
[  115.775435][ T4370] bond0: (slave bond_slave_0): Releasing backup interface
[  115.784377][ T4370] rdma_rxe: ignoring netdev event = 9 for bond_slave_0
[  115.793252][ T4370] rdma_rxe: ignoring netdev event = 8 for bond_slave_0
[  115.805551][ T3739] smc: removing ib device syz0
[  115.846698][   T26] audit: type=1326 audit(1727821499.534:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4381 comm="syz.3.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf5b3d2ff9 code=0x7ffc0000
[  115.980670][ T1291] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  116.118264][ T3610] r8152-cfgselector 2-1: Unknown version 0x0000
[  116.126304][ T3610] r8152-cfgselector 2-1: bad CDC descriptors
[  116.160736][ T3610] r8152-cfgselector 2-1: Unknown version 0x0000
[  116.173559][ T3610] r8152-cfgselector 2-1: USB disconnect, device number 4
[  116.880960][ T1291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.900900][ T1291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.927778][ T1291] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  116.944771][ T1291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.446225][ T1291] usb 5-1: config 0 descriptor??
[  117.973638][ T4418] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  118.171510][ T1291] usbhid 5-1:0.0: can't add hid device: -71
[  118.185719][ T1291] usbhid: probe of 5-1:0.0 failed with error -71
[  118.209283][ T4417] 9pnet: Insufficient options for proto=fd
[  118.389959][ T4417] overlayfs: overlapping lowerdir path
[  118.466448][ T1291] usb 5-1: USB disconnect, device number 2
[  118.578110][ T4421] 9pnet: Unknown protocol version 9
[  119.207839][ T4428] loop0: detected capacity change from 0 to 512
[  119.255043][ T4432] loop1: detected capacity change from 0 to 512
[  119.300256][ T4436] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  119.331368][ T4428] EXT4-fs (loop0): orphan cleanup on readonly fs
[  119.350847][ T4432] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  119.379378][ T4428] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.229: bg 0: block 248: padding at end of block bitmap is not set
[  119.402539][ T4432] EXT4-fs (loop1): invalid journal inode
[  119.428603][ T4432] EXT4-fs (loop1): can't get journal size
[  119.486760][ T4428] Quota error (device loop0): write_blk: dquota write failed
[  119.498234][ T4432] EXT4-fs (loop1): 1 truncate cleaned up
[  119.506308][ T4432] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none.
[  119.513377][ T4428] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  119.592352][ T4428] EXT4-fs error (device loop0): ext4_acquire_dquot:6196: comm syz.0.229: Failed to acquire dquot type 1
[  119.706107][ T4428] EXT4-fs (loop0): 1 truncate cleaned up
[  119.738830][ T4428] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,abort,noload,noload,,errors=continue. Quota mode: writeback.
[  119.956285][ T4428] EXT4-fs error (device loop0): ext4_remount:5854: comm syz.0.229: Abort forced by user
[  120.416009][ T4428] syz.0.229 (4428) used greatest stack depth: 19200 bytes left
[  120.792720][ T4465] 9pnet: Insufficient options for proto=fd
[  120.812226][ T4465] overlayfs: overlapping lowerdir path
[  121.123787][   T26] audit: type=1326 audit(1727821504.814:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  121.434001][ T4484] process 'syz.4.248' launched '/dev/fd/3' with NULL argv: empty string added
[  121.658838][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.667458][   T26] audit: type=1326 audit(1727821505.344:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  121.776143][ T4507] 9pnet: Insufficient options for proto=fd
[  121.807582][ T4507] overlayfs: overlapping lowerdir path
[  121.842114][   T26] audit: type=1326 audit(1727821505.344:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  121.857504][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.872139][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.881142][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.889003][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.896509][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.903967][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.911411][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.918802][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.926258][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.991832][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  121.999592][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.007260][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.014970][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.022672][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.030270][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.037905][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.046232][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.053917][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.627164][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.665923][   T26] audit: type=1326 audit(1727821505.344:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  122.695003][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.710383][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.735352][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.751300][   T26] audit: type=1326 audit(1727821505.344:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  122.812010][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.903961][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.932123][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.955429][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  122.981107][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  123.006013][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  123.031162][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  123.055502][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  123.063660][ T3647] hid-generic 0000:04AD:0000.0001: unknown main item tag 0x0
[  123.092366][ T3647] hid-generic 0000:04AD:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  123.110223][   T26] audit: type=1326 audit(1727821505.344:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  123.241453][   T26] audit: type=1326 audit(1727821505.344:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  123.340479][   T26] audit: type=1326 audit(1727821505.344:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  123.426046][   T26] audit: type=1326 audit(1727821505.344:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  123.437965][ T4517] loop1: detected capacity change from 0 to 4096
[  123.512202][   T26] audit: type=1326 audit(1727821505.344:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4467 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fae5bff9 code=0x7fc00000
[  123.823051][ T3642] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  123.860630][ T3608] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  124.007469][ T4536] 9pnet: Insufficient options for proto=fd
[  124.028552][ T4536] overlayfs: overlapping lowerdir path
[  124.079447][ T4538] loop1: detected capacity change from 0 to 512
[  124.208016][ T4538] EXT4-fs (loop1): Ignoring removed nobh option
[  124.251432][ T4538] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,stripe=0x0000000000010000,dioread_nolock,,errors=continue. Quota mode: none.
[  124.267079][ T3608] usb 3-1: Using ep0 maxpacket: 32
[  124.401250][ T3608] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  124.442387][ T3608] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.607244][ T3608] usb 3-1: config 0 has no interface number 0
[  124.794303][ T3608] usb 3-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  124.921403][ T3642] usb 5-1: New USB device found, idVendor=13d3, idProduct=3333, bcdDevice=84.ed
[  124.930472][ T3642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.965760][ T3608] usb 3-1: config 0 interface 8 has no altsetting 0
[  125.020803][ T3647] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  125.027515][ T3642] usb 5-1: Product: syz
[  125.033652][ T3642] usb 5-1: Manufacturer: syz
[  125.038256][ T3642] usb 5-1: SerialNumber: syz
[  125.046670][ T3642] usb 5-1: config 0 descriptor??
[  125.076738][ T3647] Bluetooth: hci4: Injecting HCI hardware error event
[  125.093047][ T3642] r8712u: register rtl8712_netdev_ops to netdev_ops
[  125.099665][ T3642] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  125.102203][ T3570] Bluetooth: hci4: hardware error 0x00
[  125.142411][ T4548] loop0: detected capacity change from 0 to 1024
[  125.337687][ T3608] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  125.347303][ T3608] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.355407][ T3608] usb 3-1: Product: syz
[  125.359569][ T3608] usb 3-1: Manufacturer: syz
[  125.364218][ T3608] usb 3-1: SerialNumber: syz
[  125.374123][ T4548] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  125.384718][ T3608] usb 3-1: config 0 descriptor??
[  126.085609][ T4556] loop1: detected capacity change from 0 to 128
[  126.177394][ T4548] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,noblock_validity,norecovery,mb_optimize_scan=0x0000000000000001,discard,nouid32,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  126.200987][ T3642] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed
[  126.207615][ T3642] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  126.215209][ T3642] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  126.255605][ T3559] usb 5-1: USB disconnect, device number 3
[  126.319582][ T4560] loop3: detected capacity change from 0 to 512
[  126.328169][ T3608] usb 3-1: USB disconnect, device number 4
[  126.410795][ T4560] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  126.448750][ T4560] EXT4-fs (loop3): invalid journal inode
[  126.460192][ T4560] EXT4-fs (loop3): can't get journal size
[  126.548669][ T4560] EXT4-fs (loop3): 1 truncate cleaned up
[  126.571873][ T4560] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none.
[  127.241583][ T4574] 9pnet: Insufficient options for proto=fd
[  127.278445][ T4574] overlayfs: overlapping lowerdir path
[  128.646115][ T4589] loop0: detected capacity change from 0 to 512
[  131.074460][ T4612] binder: 4610:4612 ioctl 4018620d 0 returned -22
[  131.091395][ T4621] 9pnet: Insufficient options for proto=fd
[  131.111129][ T4621] overlayfs: overlapping lowerdir path
[  131.407674][ T4634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.507384][ T4637] loop4: detected capacity change from 0 to 2048
[  131.539596][ T4638] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  131.551785][ T4630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.567733][ T4637] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  131.601952][ T4643] loop2: detected capacity change from 0 to 256
[  131.631671][ T4634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.652280][ T4637] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,usrjquota=,discard,norecovery,abort,mblk_io_submit,nouid32,dioread_lock,grpjquota=,bsddf,,errors=continue. Quota mode: none.
[  132.945680][ T1387] ieee802154 phy0 wpan0: encryption failed: -22
[  132.952057][ T1387] ieee802154 phy1 wpan1: encryption failed: -22
[  132.982015][ T4639] loop1: detected capacity change from 0 to 32768
[  133.238240][ T4639] 
[  133.238240][ T4639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.238240][ T4639] 
[  133.305803][ T4660] 9pnet: Insufficient options for proto=fd
[  133.471592][ T4663] binder: 4658:4663 ioctl 4018620d 0 returned -22
[  133.489725][ T4660] overlayfs: overlapping lowerdir path
[  133.702716][ T4639] 
[  133.702716][ T4639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.702716][ T4639] 
[  133.811238][ T4639] 
[  133.811238][ T4639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.811238][ T4639] 
[  133.855835][ T4639] 
[  133.855835][ T4639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.855835][ T4639] 
[  133.928129][ T4639] 
[  133.928129][ T4639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  133.928129][ T4639] 
[  133.971791][ T4668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.311'.
[  134.027281][  T276] 
[  134.027281][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  134.027281][  T276] 
[  134.379472][ T3568] 
[  134.379472][ T3568]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  134.379472][ T3568] 
[  134.709937][ T3568] 
[  134.709937][ T3568]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  134.709937][ T3568] 
[  134.779922][ T4674] loop2: detected capacity change from 0 to 4096
[  134.821196][ T4674] ntfs3: Unknown parameter ''
[  134.849188][ T4678] sctp: [Deprecated]: syz.0.315 (pid 4678) Use of int in max_burst socket option deprecated.
[  134.849188][ T4678] Use struct sctp_assoc_value instead
[  134.962211][ T4680] loop3: detected capacity change from 0 to 512
[  135.215040][ T4690] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  135.250788][ T4694] loop7: detected capacity change from 0 to 16384
[  135.317972][ T4680] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  135.344216][ T4680] EXT4-fs (loop3): 1 truncate cleaned up
[  135.378644][ T4680] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000009,noblock_validity,usrquota,journal_dev=0x0000000000000002,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback.
[  135.422392][ T4700] 9pnet: Insufficient options for proto=fd
[  135.430746][ T3612] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  135.439571][ T4698] device syzkaller1 entered promiscuous mode
[  135.459962][ T4700] overlayfs: overlapping lowerdir path
[  135.650149][ T4704] binder: 4702:4704 ioctl 4018620d 0 returned -22
[  136.205345][ T4706] loop4: detected capacity change from 0 to 2048
[  136.230806][ T3612] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  136.260099][ T3612] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.286313][ T3612] usb 1-1: Product: syz
[  136.310844][ T3612] usb 1-1: Manufacturer: syz
[  136.315807][ T3612] usb 1-1: SerialNumber: syz
[  136.364560][ T4709] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  136.381681][ T3612] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  136.578856][   T26] kauditd_printk_skb: 46 callbacks suppressed
[  136.578870][   T26] audit: type=1800 audit(1727821520.264:66): pid=4706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.324" name="bus" dev="loop4" ino=2097152 res=0 errno=0
[  136.633882][ T4713] loop1: detected capacity change from 0 to 512
[  136.678477][ T4713] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.326: casefold flag without casefold feature
[  136.700707][ T4713] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.326: couldn't read orphan inode 15 (err -117)
[  136.725748][ T4713] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  136.761454][   T26] audit: type=1804 audit(1727821520.444:67): pid=4713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.326" name="/newroot/75/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  136.787945][   T26] audit: type=1804 audit(1727821520.474:68): pid=4713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.326" name="/newroot/75/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  136.808665][    C1] vkms_vblank_simulate: vblank timer overrun
[  136.988913][ T4728] loop3: detected capacity change from 0 to 164
[  137.001166][ T3612] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  137.052799][ T4728] Unable to read rock-ridge attributes
[  137.136333][ T4728] Unable to read rock-ridge attributes
[  137.182840][ T4728] Unable to read rock-ridge attributes
[  137.191697][ T4734] bridge0: port 3(gretap0) entered blocking state
[  137.198821][ T4734] bridge0: port 3(gretap0) entered disabled state
[  137.213158][ T4734] device gretap0 entered promiscuous mode
[  137.219938][ T4734] bridge0: port 3(gretap0) entered blocking state
[  137.226717][ T4734] bridge0: port 3(gretap0) entered forwarding state
[  137.252339][ T4732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.331'.
[  137.775941][ T4742] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  138.040935][ T3612] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  138.113438][ T4744] binder: 4740:4744 ioctl 4018620d 0 returned -22
[  138.196308][ T3612] ath9k_htc: Failed to initialize the device
[  138.226515][ T4747] device syzkaller1 entered promiscuous mode
[  138.328014][ T1967] usb 1-1: USB disconnect, device number 2
[  138.350670][ T1967] usb 1-1: ath9k_htc: USB layer deinitialized
[  138.367317][ T4749] loop2: detected capacity change from 0 to 1024
[  138.497994][ T4749] hfsplus: invalid attributes max_key_len 0
[  138.530951][ T4749] hfsplus: failed to load attributes file
[  138.698767][ T4761] loop4: detected capacity change from 0 to 1024
[  138.888553][ T4761] hfsplus: unable to find HFS+ superblock
[  139.275992][ T3559] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  139.474210][ T4771] loop2: detected capacity change from 0 to 256
[  139.802281][ T3559] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  140.008724][ T3559] usb 5-1: New USB device found, idVendor=0eef, idProduct=c002, bcdDevice= 0.00
[  140.248025][ T3559] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.370390][ T4779] loop0: detected capacity change from 0 to 736
[  140.380082][ T4781] loop1: detected capacity change from 0 to 512
[  140.399853][ T3559] usb 5-1: config 0 descriptor??
[  140.525495][ T4784] binder: 4782:4784 ioctl 4018620d 0 returned -22
[  140.529043][ T3559] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  140.658567][ T4781] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  140.713823][ T4781] UDF-fs: Scanning with blocksize 512 failed
[  140.723270][   T13] usb 5-1: USB disconnect, device number 4
[  140.771047][ T4781] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  140.798906][ T4781] UDF-fs: Scanning with blocksize 1024 failed
[  140.850135][ T4781] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  141.600685][ T4781] UDF-fs: Scanning with blocksize 2048 failed
[  141.731203][ T4781] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  141.792364][ T4781] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  141.839675][ T4793] loop0: detected capacity change from 0 to 512
[  142.040777][ T4793] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  142.432096][ T4793] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  143.294413][ T4793] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[  143.404700][ T4793] System zones: 1-12
[  143.412131][ T4793] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.351: corrupted in-inode xattr
[  143.433420][ T4793] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.351: couldn't read orphan inode 15 (err -117)
[  143.450493][ T4793] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,debug,,errors=continue. Quota mode: none.
[  143.970079][ T4817] device syzkaller1 entered promiscuous mode
[  144.077174][ T4820] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  144.087077][ T4820] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  144.923203][   T23] libceph: connect (1)[c::]:6789 error -101
[  144.959006][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  144.968248][ T4843] loop4: detected capacity change from 0 to 512
[  144.989406][ T4831] ceph: No mds server is up or the cluster is laggy
[  145.004796][   T23] libceph: connect (1)[c::]:6789 error -101
[  145.015949][ T4843] EXT4-fs (loop4): VFS: Found ext4 filesystem with unknown checksum algorithm.
[  145.066447][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  145.109063][ T4845] loop3: detected capacity change from 0 to 512
[  145.127707][ T4845] EXT4-fs (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
[  145.149791][ T4845] EXT4-fs (loop3): Unrecognized mount option "smackfsroot=hfsplus" or missing value
[  145.336417][ T4845] loop3: detected capacity change from 0 to 128
[  145.382498][ T4845] FAT-fs (loop3): Unrecognized mount option "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa./file0" or missing value
[  147.005637][   T26] audit: type=1326 audit(1727821530.694:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4849 comm="syz.0.366" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb602d2aff9 code=0x0
[  147.316409][ T4855] Option '_dëF‹ø[âè‘ÉNŸ®V{\Ý`moH'' to dns_resolver key: bad/missing value
[  147.521712][ T4863] overlayfs: overlapping lowerdir path
[  147.627177][ T4868] hub 9-0:1.0: USB hub found
[  147.633925][ T4868] hub 9-0:1.0: 8 ports detected
[  149.095209][ T4875] loop1: detected capacity change from 0 to 256
[  150.262838][ T4881] loop3: detected capacity change from 0 to 128
[  150.886016][ T4875] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  150.887410][ T4885] loop4: detected capacity change from 0 to 1024
[  150.923079][ T4881] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿ^æФo©tÕԾݶ#Œ)…ÀÑ:¹Í![ä7
°i\o
…"܉-ýáÄÝaboSWÓ$’=˜êýiü¶’ž]
IµZÓfË@^±ÛN!ï÷îýÄ‘÷¡½^ùMª`äÊO†¶À¿¤2	¡\Ƽí0)œf¶ày-ÉÅY7è~��À©Sûrbto…˜•Å@ý$æ΢c"®�ß‚}]Í [ê%˜nQœ>Æ-;Ï_ãgÉ[~b^|ƒ‰IKRê0 f•éè}¿ZAW¸”;´" or missing value
[  151.301385][ T3739] hfsplus: b-tree write err: -5, ino 4
[  151.638621][ T4895] loop3: detected capacity change from 0 to 256
[  152.781594][ T4905] overlayfs: overlapping lowerdir path
[  152.828860][ T4907] loop1: detected capacity change from 0 to 256
[  152.846221][ T4911] loop2: detected capacity change from 0 to 256
[  153.204967][ T4911] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  153.224795][ T4907] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  153.510408][ T4924] capability: warning: `syz.4.386' uses deprecated v2 capabilities in a way that may be insecure
[  154.083622][ T4930] loop3: detected capacity change from 0 to 512
[  154.689531][ T4940] loop2: detected capacity change from 0 to 128
[  156.068901][ T4940] FAT-fs (loop2): Unrecognized mount option "ÿÿÿÿ^æФo©tÕԾݶ#Œ)…ÀÑ:¹Í![ä7
°i\o
…"܉-ýáÄÝaboSWÓ$’=˜êýiü¶’ž]
IµZÓfË@^±ÛN!ï÷îýÄ‘÷¡½^ùMª`äÊO†¶À¿¤2	¡\Ƽí0)œf¶ày-ÉÅY7è~��À©Sûrbto…˜•Å@ý$æ΢c"®�ß‚}]Í [ê%˜nQœ>Æ-;Ï_ãgÉ[~b^|ƒ‰IKRê0 f•éè}¿ZAW¸”;´" or missing value
[  156.136565][ T4930] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none.
[  157.240591][ T4958] binder: 4955:4958 ioctl 4018620d 0 returned -22
[  157.694485][ T4954] loop_set_status: loop3 () has still dirty pages (nrpages=1)
[  157.711552][ T4964] overlayfs: overlapping lowerdir path
[  159.203594][ T4975] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  159.805845][ T4987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.403'.
[  159.814941][ T4987] netlink: 12 bytes leftover after parsing attributes in process `syz.4.403'.
[  160.759401][ T4993] binder: 4989:4993 ioctl 4018620d 0 returned -22
[  160.871908][ T4994] loop2: detected capacity change from 0 to 128
[  161.261169][ T4994] FAT-fs (loop2): Unrecognized mount option "ÿÿÿÿ^æФo©tÕԾݶ#Œ)…ÀÑ:¹Í![ä7
°i\o
…"܉-ýáÄÝaboSWÓ$’=˜êýiü¶’ž]
IµZÓfË@^±ÛN!ï÷îýÄ‘÷¡½^ùMª`äÊO†¶À¿¤2	¡\Ƽí0)œf¶ày-ÉÅY7è~��À©Sûrbto…˜•Å@ý$æ΢c"®�ß‚}]Í [ê%˜nQœ>Æ-;Ï_ãgÉ[~b^|ƒ‰IKRê0 f•éè}¿ZAW¸”;´" or missing value
[  161.773350][ T5001] loop1: detected capacity change from 0 to 1024
[  161.843468][ T5001] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  162.101747][ T5007] binder: 5004:5007 ioctl 4018620d 0 returned -22
[  162.553924][ T5001] EXT4-fs (loop1): Test dummy encryption mode enabled
[  163.415689][ T5001] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  163.545092][ T5001] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,data_err=abort,lazytime,max_batch_time=0x0000000000000003,jqfmt=vfsold,resuid=0x0000000000000000,nodiscard,debug_want_extra_isize=0x0000000000000084,test_dummy_encryption,dioread_nolock,. Quota mode: writeback.
[  164.611354][ T5024] loop4: detected capacity change from 0 to 512
[  164.749080][   T26] audit: type=1326 audit(1727821548.434:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5025 comm="syz.0.415" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x0
[  164.779913][ T5024] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  164.844830][ T5031] bridge0: port 4(erspan0) entered blocking state
[  164.851484][ T5031] bridge0: port 4(erspan0) entered disabled state
[  164.866363][ T5031] device erspan0 entered promiscuous mode
[  164.873849][ T5031] bridge0: port 4(erspan0) entered blocking state
[  164.880297][ T5031] bridge0: port 4(erspan0) entered forwarding state
[  164.938141][ T5024] ext4 filesystem being mounted at /79/bus supports timestamps until 2038 (0x7fffffff)
[  165.702062][ T5042] binder: 5032:5042 ioctl 4018620d 0 returned -22
[  166.065851][ T3642] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  166.151273][ T5045] loop2: detected capacity change from 0 to 128
[  166.187656][ T5045] EXT4-fs (loop2): Test dummy encryption mode enabled
[  166.223258][ T5045] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  166.249633][ T5045] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038 (0x7fffffff)
[  166.480750][ T3642] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  166.767845][ T5054] loop1: detected capacity change from 0 to 16
[  166.925307][ T3642] usb 5-1: config 0 has no interface number 0
[  166.938114][ T3642] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.958273][ T3642] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.969593][ T3642] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  166.978991][ T5045] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  166.979945][ T5037] chnl_net:caif_netlink_parms(): no params data found
[  166.990259][ T3642] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.061004][ T3642] usb 5-1: config 0 descriptor??
[  167.180662][ T5054] erofs: (device loop1): erofs_read_superblock: blkszbits 9 isn't supported on this platform
[  167.601194][ T5024] udc-core: couldn't find an available UDC or it's busy
[  167.698928][ T5024] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  167.896612][ T5037] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.934424][ T5037] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.973545][ T5037] device bridge_slave_0 entered promiscuous mode
[  168.020272][ T5037] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.052430][ T3642] input: HID 04d9:a055 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:04D9:A055.0002/input/input6
[  168.067462][ T5037] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.081451][ T5037] device bridge_slave_1 entered promiscuous mode
[  168.145059][ T3612] Bluetooth: hci5: command 0x0409 tx timeout
[  168.335837][ T3642] holtek_kbd 0003:04D9:A055.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.4-1/input1
[  168.882536][ T5024] udc-core: couldn't find an available UDC or it's busy
[  168.908178][ T5037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.918336][ T5024] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  169.070421][ T5081] netlink: 'syz.2.425': attribute type 6 has an invalid length.
[  169.089408][ T3642] usb 5-1: USB disconnect, device number 5
[  169.895740][ T5037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.492369][   T13] Bluetooth: hci5: command 0x041b tx timeout
[  170.617103][ T5081] netlink: 'syz.2.425': attribute type 4 has an invalid length.
[  170.627423][ T5086] binder: 5084:5086 ioctl 4018620d 0 returned -22
[  171.371302][ T1443] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.451062][ T5037] team0: Port device team_slave_0 added
[  171.475402][ T5037] team0: Port device team_slave_1 added
[  172.575833][   T26] audit: type=1326 audit(1727821556.244:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5114 comm="syz.0.435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x0
[  172.879740][   T13] hid-generic 0000:0000:0000.0003: item fetching failed at offset 0/2
[  172.886518][ T5120] loop4: detected capacity change from 0 to 128
[  172.915692][   T13] hid-generic: probe of 0000:0000:0000.0003 failed with error -22
[  172.928945][ T5123] loop2: detected capacity change from 0 to 512
[  172.991437][ T1291] Bluetooth: hci5: command 0x040f tx timeout
[  173.055418][ T5123] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  173.071172][ T5123] EXT4-fs (loop2): invalid journal inode
[  173.076878][ T5123] EXT4-fs (loop2): can't get journal size
[  173.138870][ T1443] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.170913][ T5123] EXT4-fs (loop2): 1 truncate cleaned up
[  173.176596][ T5123] EXT4-fs (loop2): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none.
[  173.844392][ T5037] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.882569][ T5037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.988050][ T5133] binder: 5131:5133 ioctl 4018620d 0 returned -22
[  174.172508][ T5037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  174.231956][ T5037] batman_adv: batadv0: Adding interface: batadv_slave_1
[  174.256424][ T5037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  174.290656][ T5037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  174.610808][ T1443] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.714557][ T5037] device hsr_slave_0 entered promiscuous mode
[  174.740073][ T5037] device hsr_slave_1 entered promiscuous mode
[  174.765773][ T5037] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.778359][ T5037] Cannot create hsr debugfs directory
[  174.893265][ T1443] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.962728][ T5141] loop2: detected capacity change from 0 to 164
[  175.001401][   T13] Bluetooth: hci5: command 0x0419 tx timeout
[  175.560814][    T7] Bluetooth: hci3: command 0x0406 tx timeout
[  175.567297][    T7] Bluetooth: hci0: command 0x0406 tx timeout
[  175.594458][ T3559] Bluetooth: hci2: command 0x0406 tx timeout
[  175.604391][ T5141] Unable to read rock-ridge attributes
[  177.728169][ T5174] 9pnet: Could not find request transport: fd0x0000000000000003
[  177.752884][ T5174] overlayfs: overlapping lowerdir path
[  179.327309][ T5216] loop4: detected capacity change from 0 to 2048
[  179.433080][ T5216] UDF-fs: bad mount option "lolìPhÂ-<¶Ü�¦íTzgado.*”" or missing value
[  180.055397][ T5224] loop4: detected capacity change from 0 to 128
[  180.481143][ T5037] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  180.536178][ T5037] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  180.574250][ T5037] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  180.580967][ T5228] loop2: detected capacity change from 0 to 1024
[  180.608499][ T5231] 9pnet: Could not find request transport: fd0x0000000000000003
[  180.631954][ T5231] overlayfs: overlapping lowerdir path
[  180.657110][ T5037] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  180.732221][ T3608] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  180.750201][ T5228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  181.259654][ T5037] 8021q: adding VLAN 0 to HW filter on device bond0
[  181.269135][ T3608] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  181.278651][ T3608] usb 5-1: config 1 has no interface number 0
[  181.285060][ T3608] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.296840][ T3608] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  181.306286][ T3608] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  181.396100][ T3608] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 59391, setting to 1024
[  181.421718][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  181.449539][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  181.480122][ T5037] 8021q: adding VLAN 0 to HW filter on device team0
[  181.529080][ T1443] device hsr_slave_0 left promiscuous mode
[  181.577438][ T1443] device hsr_slave_1 left promiscuous mode
[  181.637773][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.660991][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.733416][ T5259] loop2: detected capacity change from 0 to 128
[  182.753810][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.810654][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.842783][ T1443] bridge0: port 3(team0) entered disabled state
[  182.854097][ T5259] EXT4-fs (loop2): Ignoring removed orlov option
[  182.923720][ T5259] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,i_version,data_err=abort,noload,orlov,nobarrier,,errors=continue. Quota mode: none.
[  182.951811][ T1443] device bridge_slave_1 left promiscuous mode
[  182.954480][ T3608] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  182.971147][ T3608] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.979262][ T3608] usb 5-1: Product: syz
[  182.984169][ T3608] usb 5-1: Manufacturer: syz
[  182.988783][ T3608] usb 5-1: SerialNumber: syz
[  182.995013][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.006765][ T5259] ext4 filesystem being mounted at /95/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  183.060646][ T1443] device bridge_slave_0 left promiscuous mode
[  183.066879][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.080746][ T3608] usb 5-1: can't set config #1, error -71
[  183.091973][ T3608] usb 5-1: USB disconnect, device number 6
[  183.409724][ T1443] device veth1_macvtap left promiscuous mode
[  183.419240][ T1443] device veth0_macvtap left promiscuous mode
[  183.466863][ T1443] device veth1_vlan left promiscuous mode
[  183.479678][ T1443] device veth0_vlan left promiscuous mode
[  184.842728][ T1443] device team_slave_1 left promiscuous mode
[  184.854568][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  184.868720][ T1443] device team_slave_0 left promiscuous mode
[  184.876932][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  184.893394][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.909894][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.068381][ T1443] bond0 (unregistering): Released all slaves
[  185.192395][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  185.202243][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  185.211234][ T3767] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.218290][ T3767] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.232586][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  185.242013][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  185.250472][ T3767] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.257591][ T3767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.265915][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.276236][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  185.436794][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  185.461017][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.550165][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.665004][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  185.779452][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  185.796879][ T5037] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  186.128556][ T5037] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  186.172926][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  186.187864][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  186.231343][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  186.283833][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  186.298690][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  186.312262][ T5322] loop4: detected capacity change from 0 to 1024
[  186.410971][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  187.242666][ T5297] Bluetooth: hci1: command 0x0409 tx timeout
[  187.277682][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  187.309345][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  187.340508][ T3741] hfsplus: b-tree write err: -5, ino 4
[  188.265961][ T5037] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.357154][ T5352] loop2: detected capacity change from 0 to 1024
[  188.505677][ T5352] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  188.544734][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  188.560948][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  188.569599][ T5358] loop4: detected capacity change from 0 to 128
[  188.593903][ T5352] hfsplus: found bad thread record in catalog
[  188.651992][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  188.703431][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  188.723466][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  188.741618][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  188.762774][ T5037] device veth0_vlan entered promiscuous mode
[  188.799987][ T5037] device veth1_vlan entered promiscuous mode
[  188.915152][ T5358] loop7: detected capacity change from 0 to 16384
[  188.942973][ T5292] chnl_net:caif_netlink_parms(): no params data found
[  188.988988][ T5037] device veth0_macvtap entered promiscuous mode
[  189.002305][ T5037] device veth1_macvtap entered promiscuous mode
[  189.062430][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  189.107380][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  189.139519][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  189.170179][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  189.179966][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  189.192461][  T263] Buffer I/O error on dev loop7, logical block 64, lost async page write
[  189.203843][ T5366] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  189.221557][ T5366] Buffer I/O error on dev loop7, logical block 0, async page read
[  189.230139][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  189.316981][ T5366] ldm_validate_partition_table(): Disk read failed.
[  189.324933][ T3610] Bluetooth: hci1: command 0x041b tx timeout
[  189.362099][ T5366] Dev loop7: unable to read RDB block 0
[  189.367752][ T5366]  loop7: unable to read partition table
[  189.386602][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.410816][ T3647] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  189.420986][ T5366] loop7: partition table beyond EOD, truncated
[  189.430663][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.448384][ T5366] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  189.461273][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.479194][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.489726][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.501578][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.511713][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.522444][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.534812][ T5037] batman_adv: batadv0: Interface activated: batadv_slave_0
[  189.575821][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  189.619044][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  189.639886][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  189.659965][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.723341][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  189.761618][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.796128][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  189.824888][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.834880][ T5037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  189.845950][ T5037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.861089][ T5037] batman_adv: batadv0: Interface activated: batadv_slave_1
[  189.870433][ T5292] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.947374][ T3647] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  190.006792][ T5292] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.084101][ T3647] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  190.263264][ T5292] device bridge_slave_0 entered promiscuous mode
[  190.328981][ T3647] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  190.418206][ T5292] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.597419][ T5292] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.610115][ T3647] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  190.696688][ T5292] device bridge_slave_1 entered promiscuous mode
[  190.708210][ T3647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.726757][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  190.742656][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  190.930287][ T3647] usb 3-1: config 0 descriptor??
[  190.992990][ T5037] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.002486][ T5369] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  191.165134][ T5037] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.196179][ T5037] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.211202][ T5037] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.254454][ T5292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.290445][ T5292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.401092][ T1967] Bluetooth: hci1: command 0x040f tx timeout
[  191.583296][ T3647] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd
[  191.617457][ T3647] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  191.926467][ T3647] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  192.104619][ T5292] team0: Port device team_slave_0 added
[  192.113579][ T5292] team0: Port device team_slave_1 added
[  192.235903][ T5401] fuse: Unknown parameter 'user_i00000000000000000000'
[  192.772423][ T5292] batman_adv: batadv0: Adding interface: batadv_slave_0
[  192.800732][ T5292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.924103][   T23] usb 3-1: USB disconnect, device number 5
[  192.944067][ T5292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  192.966329][ T3680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.991115][ T5292] batman_adv: batadv0: Adding interface: batadv_slave_1
[  193.004372][ T3680] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.012627][ T5292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.047490][ T5292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  193.080819][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  193.098010][ T5404] loop4: detected capacity change from 0 to 512
[  193.118125][ T3767] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.133094][ T3767] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.183952][ T5404] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  193.197773][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  193.219449][ T5292] device hsr_slave_0 entered promiscuous mode
[  193.229323][ T5292] device hsr_slave_1 entered promiscuous mode
[  193.231714][ T5404] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.497: iget: bad i_size value: -67835469387268086
[  193.248607][ T5292] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  193.266121][ T5292] Cannot create hsr debugfs directory
[  193.282808][ T5404] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.497: couldn't read orphan inode 15 (err -117)
[  193.490666][ T3647] Bluetooth: hci1: command 0x0419 tx timeout
[  193.595999][ T5404] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  193.640971][ T5404] ext2 filesystem being mounted at /97/file0 supports timestamps until 2038 (0x7fffffff)
[  194.255774][ T1387] ieee802154 phy0 wpan0: encryption failed: -22
[  194.267142][ T1387] ieee802154 phy1 wpan1: encryption failed: -22
[  194.885241][ T5292] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.084149][ T5292] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.808654][ T5442] loop2: detected capacity change from 0 to 1024
[  196.870134][ T5442] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  197.542035][ T5442] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,dioread_nolock,nogrpid,min_batch_time=0x0000000000000005,,errors=continue. Quota mode: none.
[  198.118475][ T5460] xt_hashlimit: size too large, truncated to 1048576
[  198.125447][ T5460] xt_hashlimit: overflow, try lower: 0/0
[  199.040599][ T3647] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  199.046420][ T5292] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.057405][ T5462] loop4: detected capacity change from 0 to 1024
[  199.124191][ T5292] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.898232][ T5462] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  200.560987][ T3647] usb 4-1: device descriptor read/all, error -71
[  201.302557][ T5480] ptrace attach of "./syz-executor exec"[3575] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  201.519488][ T5480] trusted_key: encrypted_key: insufficient parameters specified
[  202.705363][ T5292] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  202.909598][ T5292] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  203.176270][ T5292] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  203.212957][ T5292] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  203.331356][ T5292] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.407004][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  203.432565][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  203.447458][ T5292] 8021q: adding VLAN 0 to HW filter on device team0
[  203.480737][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  203.489354][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  203.509580][ T5499] 9pnet: Insufficient options for proto=fd
[  203.518186][ T5499] overlayfs: overlapping lowerdir path
[  203.526945][ T3680] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.534085][ T3680] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.543221][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  203.671274][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  203.681983][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  203.690418][ T3680] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.697548][ T3680] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.780821][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  203.794670][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  203.959101][ T5507] loop4: detected capacity change from 0 to 2048
[  204.450885][ T5507]  loop4: p1 < > p4
[  204.459028][ T5507] loop4: p4 size 8388608 extends beyond EOD, truncated
[  204.724774][ T5519] loop4: detected capacity change from 0 to 256
[  204.731428][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  204.738934][ T5521] loop2: detected capacity change from 0 to 512
[  204.753044][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.427174][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  205.440835][ T3938] udevd[3938]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  205.455055][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  205.464758][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.473933][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  205.487515][ T5519] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  205.551736][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  205.551911][ T5525] 9pnet: Insufficient options for proto=fd
[  205.569883][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  205.578542][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  205.587492][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  205.599570][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  205.603250][ T5521] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  205.617347][ T5521] UDF-fs: Scanning with blocksize 512 failed
[  205.626988][ T5525] overlayfs: overlapping lowerdir path
[  205.636002][ T5521] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  205.645832][ T5521] UDF-fs: Scanning with blocksize 1024 failed
[  205.653736][ T5521] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  205.693280][ T5521] UDF-fs: Scanning with blocksize 2048 failed
[  205.731605][ T5521] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  205.773293][ T5521] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  206.831245][ T1443] device hsr_slave_0 left promiscuous mode
[  206.913819][ T5540] loop4: detected capacity change from 0 to 512
[  207.213248][ T1443] device hsr_slave_1 left promiscuous mode
[  207.338491][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.445545][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.463267][ T5540] loop4: detected capacity change from 0 to 1024
[  207.670471][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.685616][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.784449][ T1443] device bridge_slave_1 left promiscuous mode
[  207.795402][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.822520][ T1443] device bridge_slave_0 left promiscuous mode
[  207.839570][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.861378][ T5540] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  207.872914][ T1443] device veth1_macvtap left promiscuous mode
[  207.889003][ T1443] device veth0_macvtap left promiscuous mode
[  208.013146][ T1443] device veth1_vlan left promiscuous mode
[  208.018976][ T1443] device veth0_vlan left promiscuous mode
[  209.279492][ T5567] 9pnet: Insufficient options for proto=fd
[  209.364009][ T5567] overlayfs: overlapping lowerdir path
[  209.748315][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  209.765155][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  209.778584][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  209.796819][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  209.869509][ T1443] bond0 (unregistering): Released all slaves
[  209.947495][ T5566] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  209.969190][ T5566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  209.978320][ T5566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  210.318111][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  210.331701][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  210.333882][ T5583] loop2: detected capacity change from 0 to 512
[  210.345046][ T5292] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.374901][ T5582] loop3: detected capacity change from 0 to 2048
[  210.481379][ T5292] device veth0_vlan entered promiscuous mode
[  210.508986][ T5583] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  210.521615][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  210.533382][ T5582] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  210.550822][ T5583] UDF-fs: Scanning with blocksize 512 failed
[  210.557706][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  210.574772][ T5582] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  210.615536][ T5583] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  210.673900][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  210.682768][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  210.691776][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  210.699828][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  210.715200][ T5583] UDF-fs: Scanning with blocksize 1024 failed
[  210.724780][ T5583] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  210.746117][ T5583] UDF-fs: Scanning with blocksize 2048 failed
[  210.753465][ T5583] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  210.782163][ T5583] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  210.793693][ T5292] device veth1_vlan entered promiscuous mode
[  210.904412][ T5292] device veth0_macvtap entered promiscuous mode
[  210.914225][ T5292] device veth1_macvtap entered promiscuous mode
[  210.930283][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.660887][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.680716][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.705862][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.983248][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.020612][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.037946][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.048959][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.075846][ T5292] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.273282][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  212.287172][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  212.295414][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  212.304259][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  212.313110][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  212.342147][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  212.351619][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  212.362454][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  212.378694][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.417866][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.428572][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.439353][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.457269][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.479844][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.490171][ T5605] loop3: detected capacity change from 0 to 512
[  212.504050][ T5292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.526959][ T5292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.552371][ T5292] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.579432][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  212.602598][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  212.661966][ T5292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.679735][ T5292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.718565][ T5292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.742018][ T5292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.951492][ T5626] loop2: detected capacity change from 0 to 512
[  213.999116][ T5626] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  214.021721][ T5626] UDF-fs: Scanning with blocksize 512 failed
[  214.044489][ T3730] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.067671][ T3730] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  214.081969][ T5626] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  214.127241][ T5626] UDF-fs: Scanning with blocksize 1024 failed
[  214.162119][ T5626] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  214.176975][ T5626] UDF-fs: Scanning with blocksize 2048 failed
[  215.084874][ T5626] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  215.110713][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  215.193505][ T5626] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  215.229191][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.248309][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.275226][ T5639] loop3: detected capacity change from 0 to 512
[  215.323080][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  216.125298][ T5639] loop3: detected capacity change from 0 to 1024
[  216.336835][ T5655] cgroup: name respecified
[  217.698685][ T5639] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  218.149151][ T5663] loop2: detected capacity change from 0 to 2048
[  218.271413][ T5663] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  218.321910][ T5663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  219.130297][ T5676] loop4: detected capacity change from 0 to 512
[  219.244898][ T5676] EXT4-fs (loop4): Ignoring removed bh option
[  219.252804][ T5679] loop3: detected capacity change from 0 to 512
[  219.311781][ T5676] EXT4-fs error (device loop4): __ext4_iget:4872: inode #15: block 1803188595: comm syz.4.576: invalid block
[  219.332457][ T5679] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  219.437207][ T5676] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.576: couldn't read orphan inode 15 (err -117)
[  219.455427][ T5679] EXT4-fs (loop3): 1 truncate cleaned up
[  219.490706][ T5679] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  219.531338][ T5676] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,dioread_lock,usrjquota=,,errors=continue. Quota mode: none.
[  220.217187][ T5695] loop2: detected capacity change from 0 to 512
[  220.316776][ T5695] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  220.330255][ T5695] UDF-fs: Scanning with blocksize 512 failed
[  220.338958][ T5695] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  220.347629][ T5695] UDF-fs: Scanning with blocksize 1024 failed
[  220.354613][ T5695] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  220.362426][ T5695] UDF-fs: Scanning with blocksize 2048 failed
[  220.369118][ T5695] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  220.400399][ T5695] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  220.754104][ T5705] loop1: detected capacity change from 0 to 512
[  220.802346][ T5705] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  222.616770][ T5705] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  222.634194][ T5705] EXT4-fs (loop1): 1 truncate cleaned up
[  222.639842][ T5705] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,grpjquota="errors=continue,noload,data_err=ignore,usrjquota="dax,mblk_io_submit,usrjquota=,,errors=continue. Quota mode: writeback.
[  223.440696][   T21] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  224.340872][   T21] usb 5-1: config 0 has no interfaces?
[  224.896023][   T21] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  224.905214][   T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.937864][   T21] usb 5-1: Product: syz
[  224.942782][   T21] usb 5-1: Manufacturer: syz
[  224.947402][   T21] usb 5-1: SerialNumber: syz
[  224.953907][   T21] r8152-cfgselector 5-1: config 0 descriptor??
[  225.097220][ T5748] loop1: detected capacity change from 0 to 2048
[  225.161717][ T5748] UDF-fs: bad mount option "sÿÿÿÿ" or missing value
[  225.345101][   T21] r8152-cfgselector 5-1: Unknown version 0x0000
[  225.353192][   T21] r8152-cfgselector 5-1: USB disconnect, device number 7
[  225.438103][ T5748] loop1: detected capacity change from 0 to 1024
[  226.018193][ T5748] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  226.592679][ T5773] loop4: detected capacity change from 0 to 1024
[  226.800271][ T5773] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  227.001406][ T1967] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  227.600982][ T1967] usb 4-1: config 0 has no interfaces?
[  228.588046][ T1967] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  228.604232][ T1967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.613065][ T1967] usb 4-1: Product: syz
[  228.617250][ T1967] usb 4-1: Manufacturer: syz
[  228.624109][ T1967] usb 4-1: SerialNumber: syz
[  228.630124][ T1967] r8152-cfgselector 4-1: config 0 descriptor??
[  229.668243][ T1967] r8152-cfgselector 4-1: Unknown version 0x0000
[  229.843588][ T5796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.610'.
[  230.588892][ T1967] r8152-cfgselector 4-1: USB disconnect, device number 4
[  230.655776][ T5812] loop3: detected capacity change from 0 to 128
[  230.670426][   T26] audit: type=1326 audit(1727821614.354:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5808 comm="syz.0.615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb602d2aff9 code=0x0
[  230.850712][ T5815] loop1: detected capacity change from 0 to 128
[  230.863182][ T5817] loop2: detected capacity change from 0 to 164
[  230.946817][ T5815] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  230.960970][ T5815] ext4 filesystem being mounted at /12/mnt supports timestamps until 2038 (0x7fffffff)
[  231.053828][ T5817] loop2: detected capacity change from 0 to 8
[  231.138827][ T5817] SQUASHFS error: zlib decompression failed, data probably corrupt
[  231.147106][ T5817] SQUASHFS error: Failed to read block 0x4de: -5
[  231.153832][ T5817] SQUASHFS error: Failed to read block 0x4e2: -5
[  231.160244][ T5817] SQUASHFS error: Failed to read block 0x9ca: -5
[  231.166762][ T5817] SQUASHFS error: Failed to read block 0x2cf2: -5
[  231.173241][ T5817] SQUASHFS error: Failed to read block 0x35f2: -5
[  231.184807][   T26] audit: type=1800 audit(1727821614.874:73): pid=5817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.619" name="file1" dev="loop2" ino=5 res=0 errno=0
[  231.394106][ T5815] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  231.471249][ T5829] fscrypt: loop1: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 13
[  232.264429][ T5837] binder: 5836:5837 ioctl 4018620d 0 returned -22
[  232.373525][ T5839] loop3: detected capacity change from 0 to 128
[  232.437302][ T5839] EXT4-fs (loop3): Ignoring removed nobh option
[  232.481911][ T5839] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[  232.521740][ T5839] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038 (0x7fffffff)
[  232.947527][ T3575] SQUASHFS error: Unable to read directory block [631:72]
[  232.959445][ T3575] SQUASHFS error: Unable to read inode 0x0
[  232.967614][ T3575] SQUASHFS error: Unable to read inode 0x0
[  233.564113][ T5856] loop1: detected capacity change from 0 to 2048
[  233.652450][ T5856] UDF-fs: bad mount option "gid=" or missing value
[  233.958262][ T5864] binder: 5863:5864 ioctl 4018620d 0 returned -22
[  234.037994][ T5856] loop1: detected capacity change from 0 to 512
[  234.767330][ T5856] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback.
[  234.794514][ T5856] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038 (0x7fffffff)
[  234.918099][ T5856] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  234.942953][ T5856] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 5 with max blocks 11 with error 28
[  235.047471][ T5856] EXT4-fs (loop1): This should not happen!! Data will be lost
[  235.047471][ T5856] 
[  235.223707][ T5856] EXT4-fs (loop1): Total free blocks count 0
[  235.248326][ T5856] EXT4-fs (loop1): Free/Dirty block details
[  235.255444][ T5856] EXT4-fs (loop1): free_blocks=39626
[  235.261278][ T5856] EXT4-fs (loop1): dirty_blocks=13
[  235.266819][ T5856] EXT4-fs (loop1): Block reservation details
[  235.273102][ T5856] EXT4-fs (loop1): i_reserved_data_blocks=13
[  235.329665][ T5879] netlink: 'syz.0.637': attribute type 1 has an invalid length.
[  235.497819][ T5880] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 3 with max blocks 13 with error 28
[  235.510666][ T5880] EXT4-fs (loop1): This should not happen!! Data will be lost
[  235.510666][ T5880] 
[  235.808587][ T5889] loop3: detected capacity change from 0 to 128
[  235.838155][ T5865] chnl_net:caif_netlink_parms(): no params data found
[  236.071665][ T5889] EXT4-fs (loop3): Ignoring removed orlov option
[  236.093096][ T5889] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  236.120871][ T3610] Bluetooth: hci0: command 0x0409 tx timeout
[  236.152557][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.199357][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.218602][ T5865] device bridge_slave_0 entered promiscuous mode
[  236.238923][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.260583][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.278457][ T5865] device bridge_slave_1 entered promiscuous mode
[  236.452719][ T5900] overlayfs: missing 'lowerdir'
[  236.529374][ T5897] binder: BINDER_SET_CONTEXT_MGR already set
[  236.550916][ T5897] binder: 5896:5897 ioctl 4018620d 20000040 returned -16
[  236.748929][ T5902] loop3: detected capacity change from 0 to 2048
[  237.345376][ T5902] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  237.426213][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.508686][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.944950][ T5037] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh
[  238.003265][ T5865] team0: Port device team_slave_0 added
[  238.042534][ T5037] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh
[  238.082550][ T5865] team0: Port device team_slave_1 added
[  238.480965][ T1967] Bluetooth: hci0: command 0x041b tx timeout
[  238.786936][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.817574][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.948496][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.994729][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  239.020755][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.129575][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  240.135483][ T5865] device hsr_slave_0 entered promiscuous mode
[  240.162107][ T5865] device hsr_slave_1 entered promiscuous mode
[  240.189119][ T5865] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  240.220748][ T5865] Cannot create hsr debugfs directory
[  240.530773][ T1967] Bluetooth: hci0: command 0x040f tx timeout
[  241.257519][ T5865] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.426119][ T5865] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.500550][ T5865] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.653138][ T5947] binder: 5943:5947 ioctl 4018620d 0 returned -22
[  241.665836][ T1443] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.738674][ T5865] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.834740][ T1443] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.995323][ T1443] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.534329][ T5940] chnl_net:caif_netlink_parms(): no params data found
[  242.566824][ T1443] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.601208][    T7] Bluetooth: hci0: command 0x0419 tx timeout
[  243.214525][    T7] Bluetooth: hci3: command 0x0409 tx timeout
[  243.320054][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.375863][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.483745][ T5940] device bridge_slave_0 entered promiscuous mode
[  243.498504][ T5974] overlayfs: unrecognized mount option "/" or missing value
[  243.535737][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.546688][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.556020][ T5940] device bridge_slave_1 entered promiscuous mode
[  244.277437][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  244.315195][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.679686][ T5865] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  244.681233][    T7] Bluetooth: hci0: command 0x0405 tx timeout
[  244.723667][ T5940] team0: Port device team_slave_0 added
[  245.133040][ T5865] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  245.152945][ T5940] team0: Port device team_slave_1 added
[  245.210795][ T5865] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  245.228493][ T5865] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  245.290785][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.326206][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.480647][ T3612] Bluetooth: hci3: command 0x041b tx timeout
[  245.492641][ T6004] binder: 5999:6004 ioctl 4018620d 0 returned -22
[  245.499832][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.545350][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.557295][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.587002][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.831192][ T5940] device hsr_slave_0 entered promiscuous mode
[  245.850281][ T5940] device hsr_slave_1 entered promiscuous mode
[  245.861267][ T5940] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  245.880547][ T5940] Cannot create hsr debugfs directory
[  245.900778][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[  245.928644][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[  246.021786][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  246.040034][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  246.069042][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  246.091168][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  246.122118][ T3767] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.129234][ T3767] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.275615][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  246.291292][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  246.331279][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  246.351035][ T3767] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.358152][ T3767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.418194][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  246.476604][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  246.588428][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  246.617632][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  246.666267][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  246.694025][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  246.725799][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  246.754828][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  246.798741][ T1443] bridge0: port 4(erspan0) entered disabled state
[  246.842771][ T1443] device erspan0 left promiscuous mode
[  246.848324][ T1443] bridge0: port 4(erspan0) entered disabled state
[  246.911215][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  246.924829][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  246.962097][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  247.009688][ T5865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  247.056024][ T1443] bridge0: port 3(gretap0) entered disabled state
[  247.098994][ T1443] device gretap0 left promiscuous mode
[  247.113481][ T1443] bridge0: port 3(gretap0) entered disabled state
[  247.560786][ T3612] Bluetooth: hci3: command 0x040f tx timeout
[  247.802447][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  247.809948][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  247.862247][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  248.084818][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  248.105517][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  248.426375][ T6050] binder: 6045:6050 ioctl 4018620d 0 returned -22
[  248.623470][ T6053] loop4: detected capacity change from 0 to 256
[  248.653257][ T5940] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  248.691045][ T5940] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  248.712108][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  248.739850][ T6053] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  248.753280][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  248.774531][ T5865] device veth0_vlan entered promiscuous mode
[  248.797928][   T26] audit: type=1800 audit(1727821632.482:74): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.674" name="bus" dev="loop4" ino=1048629 res=0 errno=0
[  248.831747][ T5940] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  248.861968][ T5940] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  248.917331][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  248.932158][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  249.007336][ T5865] device veth1_vlan entered promiscuous mode
[  249.022462][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  249.308517][ T1443] device hsr_slave_0 left promiscuous mode
[  249.318723][ T1443] device hsr_slave_1 left promiscuous mode
[  249.332946][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.341712][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.361646][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.373770][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.388731][ T1443] device bridge_slave_1 left promiscuous mode
[  249.414049][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.458968][ T6074] binder: 6072:6074 ioctl 4018620d 0 returned -22
[  249.467316][ T1443] device bridge_slave_0 left promiscuous mode
[  249.490438][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.549077][ T1443] device hsr_slave_0 left promiscuous mode
[  249.575553][ T1443] device hsr_slave_1 left promiscuous mode
[  249.603118][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.629044][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.641126][    T7] Bluetooth: hci3: command 0x0419 tx timeout
[  249.669190][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.708589][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.751754][ T1443] device bridge_slave_1 left promiscuous mode
[  249.775937][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.815822][ T1443] device bridge_slave_0 left promiscuous mode
[  249.823253][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.859727][ T1443] device veth1_macvtap left promiscuous mode
[  249.877961][ T1443] device veth0_macvtap left promiscuous mode
[  249.897739][ T1443] device veth1_vlan left promiscuous mode
[  249.904203][ T1443] device veth0_vlan left promiscuous mode
[  249.918458][ T1443] device veth1_macvtap left promiscuous mode
[  249.939068][ T1443] device veth0_macvtap left promiscuous mode
[  249.959237][ T1443] device veth1_vlan left promiscuous mode
[  249.967557][ T1443] device veth0_vlan left promiscuous mode
[  250.682784][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  250.698324][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  250.710304][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.728092][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  250.814444][ T1443] bond0 (unregistering): Released all slaves
[  250.927128][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  250.946159][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  250.959347][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  251.043935][ T1443] bond0 (unregistering): Released all slaves
[  251.167753][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  251.190765][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  251.249290][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.372263][ T5865] device veth0_macvtap entered promiscuous mode
[  251.385598][ T5865] device veth1_macvtap entered promiscuous mode
[  251.434833][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  251.454317][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.487518][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  251.532295][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.571535][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  251.620725][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.714586][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.786567][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  251.813903][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  251.885495][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  251.936154][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  252.087966][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.098946][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.108845][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.129092][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.139190][ T5865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.161228][ T5865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.299948][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.330423][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[  252.388253][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  252.407255][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  252.416620][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  252.431274][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  252.452288][ T5865] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  252.532748][ T5865] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  252.651793][ T5865] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.664840][ T5865] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  252.747261][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  252.780950][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  252.809923][ T3767] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.817095][ T3767] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.878583][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  252.893521][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  252.917755][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  252.944832][ T3767] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.952265][ T3767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.965990][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  252.983577][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  253.043031][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  253.091088][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  253.131941][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  253.178565][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  253.197196][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  253.285783][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  253.321868][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  253.349773][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  253.368830][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  253.395324][ T5940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  253.421525][ T3650] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.432976][ T3650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.476841][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  253.585214][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.610179][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.630584][ T3647] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  253.700795][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  253.900048][ T6127] loop2: detected capacity change from 0 to 512
[  253.917037][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  253.925913][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  253.951868][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.977200][ T6125] binder: 6124:6125 ioctl 4018620d 0 returned -22
[  254.009843][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  254.028258][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  254.036921][ T6127] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  254.052319][ T3647] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  254.115303][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  254.127077][ T6127] EXT4-fs (loop2): 1 truncate cleaned up
[  254.134652][ T6127] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  254.148624][ T3647] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  254.172807][   T26] audit: type=1804 audit(1727821637.862:75): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.632" name="/newroot/0/bus/bus" dev="loop2" ino=18 res=1 errno=0
[  254.196958][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  254.197040][   T26] audit: type=1800 audit(1727821637.862:76): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.632" name="bus" dev="loop2" ino=18 res=0 errno=0
[  254.252345][ T5940] device veth0_vlan entered promiscuous mode
[  254.266136][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  254.281007][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  254.304902][ T3647] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  254.311142][ T5940] device veth1_vlan entered promiscuous mode
[  254.388564][ T3647] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  254.427384][ T3647] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.442159][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  254.475680][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  254.509607][ T3647] usb 1-1: config 0 descriptor??
[  254.535813][ T5940] device veth0_macvtap entered promiscuous mode
[  254.567528][ T6112] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  254.603222][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  254.626990][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  254.672057][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  254.813913][ T6112] udc-core: couldn't find an available UDC or it's busy
[  254.824756][ T6112] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  254.845498][ T5940] device veth1_macvtap entered promiscuous mode
[  254.970406][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.011545][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.022052][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.035499][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.046109][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.057019][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.072716][ T3647] plantronics 0003:047F:FFFF.0005: unknown main item tag 0xd
[  255.092302][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.106321][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.112292][ T3647] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  255.131994][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[  255.157871][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  255.180234][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  255.200299][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  255.215477][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.228510][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.247777][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.267589][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.277948][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.285693][ T3647] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  255.303223][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.364345][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.379837][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.393498][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.403367][ T1387] ieee802154 phy0 wpan0: encryption failed: -22
[  255.411665][ T1387] ieee802154 phy1 wpan1: encryption failed: -22
[  255.437275][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  255.450671][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  255.471452][ T5940] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.570073][ T5940] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.640582][ T5940] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.716626][ T5940] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.914799][ T3627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.949680][ T3627] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  256.098163][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  256.195283][ T3730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  256.226787][ T3730] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  256.309032][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  256.643076][ T6169] loop4: detected capacity change from 0 to 512
[  256.731185][ T3610] usb 1-1: reset high-speed USB device number 3 using dummy_hcd
[  256.850388][ T6169] EXT4-fs (loop4): Ignoring removed bh option
[  257.124789][ T6169] EXT4-fs error (device loop4): __ext4_iget:4872: inode #15: block 1803188595: comm syz.4.693: invalid block
[  257.145503][ T3582] 
[  257.147839][ T3582] =====================================
[  257.153382][ T3582] WARNING: bad unlock balance detected!
[  257.158907][ T3582] 5.15.167-syzkaller #0 Not tainted
[  257.164231][ T3582] -------------------------------------
[  257.169754][ T3582] kworker/u5:5/3582 is trying to release lock (&chan->lock) at:
[  257.177372][ T3582] [<ffffffff895b621f>] l2cap_recv_frame+0x136f/0x8ae0
[  257.184131][ T3582] but there are no more locks to release!
[  257.189849][ T3582] 
[  257.189849][ T3582] other info that might help us debug this:
[  257.197887][ T3582] 2 locks held by kworker/u5:5/3582:
[  257.203167][ T3582]  #0: ffff888075676938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  257.213571][ T3582]  #1: ffffc90002ea7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  257.224979][ T3582] 
[  257.224979][ T3582] stack backtrace:
[  257.230857][ T3582] CPU: 0 PID: 3582 Comm: kworker/u5:5 Not tainted 5.15.167-syzkaller #0
[  257.239179][ T3582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  257.249224][ T3582] Workqueue: hci0 hci_rx_work
[  257.253927][ T3582] Call Trace:
[  257.255098][ T6169] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.693: couldn't read orphan inode 15 (err -117)
[  257.257210][ T3582]  <TASK>
[  257.257220][ T3582]  dump_stack_lvl+0x1e3/0x2d0
[  257.276496][ T3582]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  257.282118][ T3582]  ? panic+0x860/0x860
[  257.286176][ T3582]  ? l2cap_recv_frame+0x136f/0x8ae0
[  257.291356][ T3582]  print_unlock_imbalance_bug+0x248/0x2b0
[  257.297060][ T3582]  ? list_move_tail+0x130/0x130
[  257.301928][ T3582]  lock_release+0x596/0x9a0
[  257.306420][ T3582]  ? mark_lock+0x98/0x340
[  257.310845][ T3582]  ? l2cap_recv_frame+0x136f/0x8ae0
[  257.316083][ T3582]  ? __lock_acquire+0x1ff0/0x1ff0
[  257.321095][ T3582]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  257.327061][ T3582]  ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0
[  257.333062][ T3582]  ? l2cap_recv_frame+0x136f/0x8ae0
[  257.338245][ T3582]  __mutex_unlock_slowpath+0xde/0x750
[  257.343602][ T3582]  ? __local_bh_enable_ip+0x164/0x1f0
[  257.348965][ T3582]  ? mutex_unlock+0x10/0x10
[  257.353452][ T3582]  ? do_raw_spin_unlock+0x137/0x8b0
[  257.358638][ T3582]  ? l2cap_sock_recv_cb+0x18a/0x1e0
[  257.363819][ T3582]  l2cap_recv_frame+0x136f/0x8ae0
[  257.368836][ T3582]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[  257.374281][ T3582]  ? __mutex_unlock_slowpath+0x218/0x750
[  257.379900][ T3582]  ? rcu_lock_release+0x5/0x20
[  257.384651][ T3582]  ? mutex_unlock+0x10/0x10
[  257.389143][ T3582]  ? hci_conn_enter_active_mode+0x25c/0x360
[  257.395164][ T3582]  ? l2cap_recv_acldata+0x2ea/0x1560
[  257.400479][ T3582]  hci_rx_work+0x48f/0x990
[  257.404914][ T3582]  process_one_work+0x8a1/0x10c0
[  257.409854][ T3582]  ? worker_detach_from_pool+0x260/0x260
[  257.415481][ T3582]  ? _raw_spin_lock_irqsave+0x120/0x120
[  257.421029][ T3582]  ? kthread_data+0x4e/0xc0
[  257.425528][ T3582]  ? wq_worker_running+0x97/0x170
[  257.430552][ T3582]  worker_thread+0xaca/0x1280
[  257.435230][ T3582]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  257.441148][ T3582]  kthread+0x3f6/0x4f0
[  257.445205][ T3582]  ? rcu_lock_release+0x20/0x20
[  257.450044][ T3582]  ? kthread_blkcg+0xd0/0xd0
[  257.454621][ T3582]  ret_from_fork+0x1f/0x30
[  257.459038][ T3582]  </TASK>
[  257.655319][ T6169] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,dioread_lock,usrjquota=,,errors=continue. Quota mode: none.
[  258.406716][ T1443] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.486589][ T1443] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.578593][ T1443] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.667290][ T1443] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.865793][ T1443] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.957681][ T1443] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.007887][ T1443] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.074821][ T1443] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.331367][ T3647] usb 1-1: USB disconnect, device number 3
[  260.146364][ T1443] device hsr_slave_0 left promiscuous mode
[  260.152696][ T1443] device hsr_slave_1 left promiscuous mode
[  260.159111][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  260.167079][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  260.176109][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.184115][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.192199][ T1443] device bridge_slave_1 left promiscuous mode
[  260.198376][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.209192][ T1443] device bridge_slave_0 left promiscuous mode
[  260.215625][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.229355][ T1443] device hsr_slave_0 left promiscuous mode
[  260.235810][ T1443] device hsr_slave_1 left promiscuous mode
[  260.244518][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  260.252443][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  260.260011][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.267609][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.275157][ T1443] device bridge_slave_1 left promiscuous mode
[  260.281806][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.289719][ T1443] device bridge_slave_0 left promiscuous mode
[  260.296232][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.308095][ T1443] device veth1_macvtap left promiscuous mode
[  260.314241][ T1443] device veth0_macvtap left promiscuous mode
[  260.320253][ T1443] device veth1_vlan left promiscuous mode
[  260.327574][ T1443] device veth0_vlan left promiscuous mode
[  260.333938][ T1443] device veth1_macvtap left promiscuous mode
[  260.340041][ T1443] device veth0_macvtap left promiscuous mode
[  260.346531][ T1443] device veth1_vlan left promiscuous mode
[  260.352417][ T1443] device veth0_vlan left promiscuous mode
[  260.507815][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  260.520101][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  260.536416][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.549514][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.610013][ T1443] bond0 (unregistering): Released all slaves
[  260.721304][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  260.732050][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  260.744336][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.756753][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.804477][ T1443] bond0 (unregistering): Released all slaves
[  261.924799][ T1443] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.967939][ T1443] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.014911][ T1443] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.074466][ T1443] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.169862][ T1443] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.214379][ T1443] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.267490][ T1443] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.314923][ T1443] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.404664][ T1443] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.455802][ T1443] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.504525][ T1443] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.555511][ T1443] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.621994][ T1443] device hsr_slave_0 left promiscuous mode
[  263.628307][ T1443] device hsr_slave_1 left promiscuous mode
[  263.635141][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.644246][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.652151][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.659548][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.667710][ T1443] device bridge_slave_1 left promiscuous mode
[  263.674167][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.682712][ T1443] device bridge_slave_0 left promiscuous mode
[  263.688910][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.701627][ T1443] device hsr_slave_0 left promiscuous mode
[  263.707895][ T1443] device hsr_slave_1 left promiscuous mode
[  263.714556][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.722422][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.730082][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.738306][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.746396][ T1443] device bridge_slave_1 left promiscuous mode
[  263.753746][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.762712][ T1443] device bridge_slave_0 left promiscuous mode
[  263.769139][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.779510][ T1443] device hsr_slave_0 left promiscuous mode
[  263.785850][ T1443] device hsr_slave_1 left promiscuous mode
[  263.792421][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.799801][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.808025][ T1443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.815656][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.824832][ T1443] device bridge_slave_1 left promiscuous mode
[  263.831147][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.839023][ T1443] device bridge_slave_0 left promiscuous mode
[  263.845476][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.857259][ T1443] device veth1_macvtap left promiscuous mode
[  263.863314][ T1443] device veth0_macvtap left promiscuous mode
[  263.869334][ T1443] device veth1_vlan left promiscuous mode
[  263.875205][ T1443] device veth0_vlan left promiscuous mode
[  263.881456][ T1443] device veth1_macvtap left promiscuous mode
[  263.887434][ T1443] device veth0_macvtap left promiscuous mode
[  263.893510][ T1443] device veth1_vlan left promiscuous mode
[  263.899260][ T1443] device veth0_vlan left promiscuous mode
[  263.905854][ T1443] device veth1_macvtap left promiscuous mode
[  263.912257][ T1443] device veth0_macvtap left promiscuous mode
[  263.918265][ T1443] device veth1_vlan left promiscuous mode
[  263.924142][ T1443] device veth0_vlan left promiscuous mode
[  264.120178][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  264.133280][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  264.144454][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.156378][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.203002][ T1443] bond0 (unregistering): Released all slaves
[  264.279569][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  264.292568][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  264.304012][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.316472][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.360014][ T1443] bond0 (unregistering): Released all slaves
[  264.419377][ T1443] team0 (unregistering): Port device team_slave_1 removed
[  264.429792][ T1443] team0 (unregistering): Port device team_slave_0 removed
[  264.439835][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.455078][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.497538][ T1443] bond0 (unregistering): Released all slaves