last executing test programs:

4m36.325716644s ago: executing program 2 (id=715):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4)

4m35.29365153s ago: executing program 2 (id=718):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
set_mempolicy(0x3, &(0x7f0000000000)=0x5879, 0x3)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000016c0)={0x2, &(0x7f0000001680)=[{0x61}, {0x6}]})
connect$rxrpc(r0, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x2, {0xa, 0x0, 0x0, @dev}}, 0x24)
r1 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000140)={'full'}, 0xfffffdef)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3ef, &(0x7f0000000b00)="$eJzs3DtvHEUcAPD/rh9JnGA7EgWPxgIkLCHs2EmASCBh0VAkFSkosWwnWDnHKL5IJLJ4CEQHEogPAAXwESih4DtADRQQyUIucOgO7d3u3XEPvzjnwPf7SaOb2dm7md3JbHbHsxPAwJqKiJcjYigizkXERL49zUO8VwvZfjvbm0t/bW8uJVGpvPZHEkm+rfitJP88nf/AdBqRfpjE4x3K3bhz98ZiqbRyK0/Pltfemt24c/fZ1bXF6yvXV27OP3f+wsWLL1yaf75nx7q1lnz81NeXf/30o+XPfvz9u8msvmfyvObj6JWpmKqfk1aXel1Yn51siifDfawIAAC7SvN7/+Hq/f9EDEXj5m0iPvmhr5UDAAAAeqJSKT4BAACA4yvx7A8AAADHXDEPYGd7c6kIfZyOwAO2tRARk7X2v5+HWs5w/Z3ekZb3e3tpKiJePXllPgtxRO9hAwAAAAyy7xdqC/+1j/+l8UjTfqciYqxY26+HplrS7eM/6b3W74z0uA6DbGsh4sWIuN82/pcWu0wO5amHqkOFI8m11dLKuYgYj4jpGDmRped2KeOdJ2580y2vefzvi19en8vKzz4be6T3hk/88zvLi+XFf3PMNGy9H/HYcKf2T+pjvs3rZB7GG6s7L3XLy9o/a+8itLc/R6nyZcTTHft/Y+XSZPf1WWer14PZ4qrQ7uczX33Qrfzm/p+FrPzibwEcvaz/j+3e/tV1cuvr9W4cvIxv/7zyU7e8vdu/8/V/NLlareBovu3txXL51lzEaHK5fbt/TXXF+SjOV9b+0092aP+08Z0k/79/vGl96IN45d2zV7vl6f/9lbX/8oH6/0Ei45FF3hx7dLpb+fvr/xeqlSl+xP3f3vbbUv2uJwAAAAAAAAC9kVbn9iXpTD2epjMztXm+D8dYWlrfKD9zbf32zeXaHMDJGEmLmV4TTfNB52qvkdfT8y3p8xFxNiI+nzhVTc8srZeW+33wAAAAMCBOd3n+z/x2mJc9AAAAgP+myb13uf0g6gEAAAAcnX08/wMAAAD/X4db119EROR4R/p9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYbH8HAAD//1vtwn8=")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000880)='./file1\x00', 0x1, 0x104)
ioctl$EXT4_IOC_GETFSUUID(r2, 0x8008662c, &(0x7f0000000000))
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="9c0000000301050000000000000000000a000009060012400003000028001540000000020600124000031540000000031c001980080002000401000008000100020000000800010011000000240001800c0002800500010021000000140001"], 0x9c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x50, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRES8, @ANYRESOCT, @ANYRES32, @ANYRES64=0x0, @ANYRESOCT, @ANYBLOB="a60b8f2f94f38c9c515f0a49abc35b272f81737b1b8fb0591ebfcd504abdec6006007f2d3331275784d9e3d3e712d86ca48a7445f18ab74b", @ANYRES64], 0x2, 0x62e, &(0x7f0000000cc0)="$eJzs3c1rXNcZB+DfHcmy5ICjNLbjlkBEDGmpqK0PlFbd1C2lqBBKSBddC1vGwmMnlZSihNKoX3TbRf6AdKFdV4VuCgVDum532WoZKHSTlbqacu/cGY1seTqKJc04eR5z55wz595z3/PO/ZgZIybAl9bKbMYfpsjK7BvbZXtvd7G5t7t4v1NPcj5JIxlvFykeJMXHyc20l3y1fLIernjSfj5cX37rk8/2Pm23xuulWr/Rb7vB7NRLZpKM1eVJjXfrqccrujMsE3atkzgYtnNJWof8/MpBT38Xnvq8BUZB0b5vdrXqM3u6Os0zWb8PaN8V2/fsZ9rOsAMAAACAM/D8fvaznYvDjgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeJfXv/1e/+j/ZfSrFTIrO7/9PdPrr+mgaMLKHjdMOBAAAAAAAAABO3yv72c92LnbarSKNJK9WjUvV43N5N5tZy0auZzur2cpWNjKfZLpnoInt1a2tjfkBtlw4csuFAQOeevo5AwAAAAAAAMAX0G+ycvD//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAqKZKxdVMulTn06jfEkk0kmyvV2kn916s+yh8MOAAAAAM7A8/vZz3YudtqtovrMf6X63D+Zd/MgW1nPVppZy+3qu4D2p/7G3u5ic2938X65PD7u9/9zrDCqEdP+7uHoPV+t1pjKnaxXz1zPrbydZm6nUW1ZutqJ5+i4fl3GVHyvNmBkt+uynPkf6/L0jQ2wznSVkXPdjMzVsZXZeKF/Jg6/OjvH3dN8Gt1vfi6dQs4v1GWRPPfjM8v5IOpMvJI6Ews9R9+V/plIvv7XP//sbvPBvbt3NmdHZ0rHcL7VanXqjx4Tiz2ZeOkLn4lec1UmLnfbK/lRfprZzOTNbGQ9v8hqtrKWmfywqq3Wx3P5ON0/UzcPtd6sHqeeHMlE/bq0rx7Hi+nVatuLWc9P8nZuZy2vV/8WMp9vZylLWe55hS8PcNY3jnfWX/tGXSkn+If+Ez1jZV5fqPP6QXLomjtd9fU+c5ClFDnpa+P41+pKuY/f1uVoeDQT8z2ZeLH/8fKn6rKy2Xxwb+Pu6jsD7u+1uizPo9+P1F2iPF6+Ur5YVevw0VH2vXhk33zVd6nb13is73K37/+dqRP1e7jHR1qo+l46sm+x6rva03fU+y0ARt6Fb16YmPr31D+nPpr63dTdqTcmf3D+O+dfnsi5f5z77vjc2GuNl4u/5KP86uDzPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pltvvf+vdVmc23jkUqr1frgCV2ftzKW42z197+d5N47v0d0gtM52crkcVZujUbMx6n8t9VqnciAO30O2hOrtGojkbohVYZ8YQJO3Y2t++/c2Hzv/W+td26RS0vLc8tLry/euLPeXJtrPw45SOBUHNz0hx0JAAAAAAAAAAAAMKiz+HOCYc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeLatzGb8YYrMz12fK9t7u4vNcunUD9YcT9JIUvwyKT5Obqa9ZLpnuOJJ+/lwffmtTz7b+/RgrPHO+o1+2w1mp14yk2SsLk9qvFtPPV7RnWGZsGudxMGw/S8AAP//C8wPrA==")
rename(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='./file0\x00')
writev(r3, &(0x7f00000000c0)=[{&(0x7f00000002c0)='3', 0x1}], 0x1)

4m32.21214719s ago: executing program 2 (id=726):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xe}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x10)

4m30.259029434s ago: executing program 2 (id=731):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x98f6}]})
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$isdn(0x22, 0x3, 0xb23ef33be114f646)
bind$isdn(r1, &(0x7f0000000080)={0x22, 0x4, 0xf4, 0xcc, 0x40}, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
close_range(r2, r2, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x101200)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={r5, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f0000000340)={[{@resuid}, {@noblock_validity}, {@usrquota}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@usrjquota, 0x5}, {@min_batch_time={'min_batch_time', 0x3d, 0xa9b}}, {@nodiscard}]}, 0x0, 0x466, &(0x7f0000000400)="$eJzs3c9vFFUcAPDvzG4BQdmKiIKgVTQ2/mhpQeXgRaOJB01M9ICJl9oWgizU0JoIIVqNwaMh8W48mvgHGE+ejHoy8ap3Q0KQmIBeXDO7M7C77BbabtnKfj7Jwns7b+a9b2fe7Nv3dtsABtZI9k8ScWdE/BYRlUa2tcBI478rl85M/33pzHQStdobF5N6ucuXzkwXRYv9tuSZ0TQi/TTJK2k1f+r0salqdfZknh9fOP7e+Pyp008fPT51ZPbI7InJgwcP7J947tnJZ3oSZxbf5V0fzu3e+cpb516bPnTunZ++ydq7Y09je3McvTKSBf5nra5922O9rqzP/q1dizMp97s13KxSRGSna6je/ytRimsnrxIvf9LXxgFrKrtnb+y+ebEG3MaS6HcLgP4oXuiz97/F4xYNPdaFCy803gBlcV/JH40t5UjzMkNrWP9IRBxa/OfL7BFt8xC1DvMGAACr9X02/nmq0/gvjR1N5bbma0PDEXF3RGyLiHsiYntE3BtRL3tfRNy/zPrbl4auH3+m51cU2E3Kxn/P52tbreO/YvQXw6U8d1c9/qHk8NHq7L78ZzIaQxuz/ESngxeHeOnXz7vV3zz+yx5Z/cVYMD/I+XLbBN3M1MJUrwalFz6O2FXuFH9ydSUgiYidEbFreYfeWiSOPvH17m6Fbhz/EnqwzlT7KuLxxvlfjLb4C8nS65Pjm6I6u2+8uCqu9/MvZ1/vVv+q4u+B7Pxvbr3+20pU/kqa12vnl1/H2d8/6/qesrzC639D8mZ9TXdD/twHUwsLJyciNiSv1vMtz09e27fIF+Wz+Ef3du7/2/J9svgfiIjsIt4TEQ9GxEP5uXs4Ih6JiL1LxP/ji4++223bejj/Mx3vf1ev/+HW87/8ROnYD991q//m7n8H6qnR/Jn6/e8GujdnU15ipVczAAAA/P+k9c/GJ+nY1XSajo01PsO/PTan1bn5hScPz71/YqbxGfrhGEqLma5K03zoRLKYH7GRn8zniovt+/N54y9Kd9TzY9Nz1Zk+xw6DbkuX/p/5o9Tv1gFrzve1YHC19/90ibIXv13jxgC3lNd/GFz6Pwwu/R8GV6f+/1Fb3loA3J68/sPg0v9hUNUq+j8MLv0fBtJqvtffSGRHWcHuxe8v6bCpvMS39yXWSeLt/C83rJf2SDQlyj3o3X26IQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTYfwEAAP//uBLtyQ==")
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r9}, 0x2c, {'rootmode', 0x3d, 0x4000}})
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x0, 0x0, 0x8}, 0x18)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000240)={0x0, 0x0, r7, r6, 0x0, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x0, 0x1, 0x4cab, 0xe156, 0x2, 0x0, 0x25, 0x0, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0)

4m28.35449863s ago: executing program 2 (id=737):
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000003c0)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000000c0), 0x4)
sendfile(r0, r1, &(0x7f0000000100), 0x100000000010001)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901020301090224001c0000000009040000"], 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0xcc, 0x0, &(0x7f00000004c0))
r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r3, r2, 0x2}, 0x10)
bpf$ITER_CREATE(0x1d, &(0x7f0000000140)={r5, 0x7}, 0x8)
migrate_pages(0x0, 0xfff, &(0x7f0000000200)=0x67cc, &(0x7f0000000240)=0x5)
syz_mount_image$udf(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="5605004300"], 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3M9vHFcdAPDvG3vdtQvUbUNqSiWMfIhp6sg/mjhgVGGSmFaqQGrqHhAScmI7WPWPyHaqpuJHuXHjhMSJC6pUIagqJCTUAyeE+AOQQBSJcEGCA/IJjqAZ7+yu7SU2rNeO489HSnZ29juz7432O++98bwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDii9emR8fScZcCADhKX77+yui49h8ATpVXjf8BAOC0SJHFvUjx9z9upXPF+23Vl5dW77w5e3Wm9Wa9qdiyq4jP/1XHxieev3hp8nL5ev/tD9sn4ivXX50evLK2cnt9YWNjYX5wdnXp5tr8woH30O72uz1bHIDBldfvzC8ubgyOX5jY8fGb/X995NGz/VOXRybOl7GzV2dmrjfFdFf+72/fwwiPVnoii59Hih9+7r00HBFZtJ8L+5w7Oq03uvP8Kyoxe3WmqMjy0tzqZv5hKhOhe2dO9JQ5cgS52JbhiJG8rD0ymvZVIovpSPGp2EqfiYiuMg/OF38Y3H8H3UdQyBbyck5GxItxAnIWHlCPRBa/jBQrj1Xj2eNLZ+AYdEcW34sU517YSueL/kDenubd5pdfG3xpdXGtKTalWot60scHR0nfhAdYNbIYLnr8W+m54y4McKR6I4vFSJH94o3iulIU16Ufm7o888LF5itMT+2znzz2QkRMHHBMXimvNebbZodbJwAAAAAAAAAAAHjYVVMWP40U3/pktXj/Yv0G+Xv/Lhxz+YAOSln8IFK89NpWMTW++bkUXU3P96g76XN/Olv+3uqVtdt315dufWOz5ed91ekbG5vrczdbfxy9UW3cF13Y7zkG0IZKyuJKpPjLe+82bsPvT/lvsDYVuKse+87nG7/N6u7fX3He+Nj282zKOQTXvjrUvNzyJ/s/zI/LvzOlLH4bKb50Y6AoS4q+2JMzsR13LY/78JlaXNaT16ic39y/vcfFpeWF0Tz295HiT38oY6OILScKPtmIHctjs0jx6V/tjO2rxZ5pxI6XZbjzs9axH2/ETuSxP44UA/ODZWxfHnumFnu2EXvh5tryfKtDCQAHlbf/r0SKv00NprJt7N5uf/a2/99sjAXe3r2j/9Lmt9v+9zete7vWrk9HisUPBmrl7CtK2qr9fy5S3HjnmbI+RdtbdiseL/5vtP8jkeLpf+yMrdZin2jEjh34wMIJkOf/1yLFu/98v54btRyovW1kbXP+P107OzTGDJ3J/8eb1vXXvrfncKoOp97G3bden1teXli3YMGChfrCcZ+ZgE7L+/8/ihRD3/+wPt6t9f8/sv2uMf7/17cb/f+p3TvqUP//iaZ1U7XRSCUfm2+u3K48FVHduPvWyNLK3K2FWwurE8+PXhybvPTZS5OVnnJw31hq+1jBwybP/z9Hiq//+if1v3ftHP+3vv7Xt3tHHcr/J5vW9e0Yr7RddTj18vz/aKT43Rvv13P6ftf/yut9w0Pbr/WH6XYo/880reuvfe+jh1N1AAAAAAAAAAAAOLEqKYvfRIrvDnWn8l67g9z/u+cBNB26/+9s07r5I5qv2PZBBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYI8ssliLFB98YSt9J18xEHGu+RV4aP0nAAD//5okKSs=")

4m27.31216998s ago: executing program 2 (id=741):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xe}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x10)

4m26.383356703s ago: executing program 32 (id=741):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xe}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x10)

3m33.590354506s ago: executing program 3 (id=875):
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000600)={<r0=>0xffffffffffffffff})
setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000640), 0x4)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000240)={0x28, 0x5, r2, 0x0, &(0x7f0000000000/0x2000)=nil, 0x2000, 0x360})
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x3, r2, 0x0, &(0x7f0000000300)="96", 0x1, 0xfffffffffffffffc})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r2, 0x0, &(0x7f0000000400)="c7", 0x1, 0xfffffffffffffffe})
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000180)={0x28, 0x6, r4, 0x0, &(0x7f0000000100)='\x00', 0x1, 0x8})
syz_open_dev$video(&(0x7f0000002c40), 0x7fffffff, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f0000000780)={0x18, r4})
io_setup(0x7f, &(0x7f0000000940)=<r7=>0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
io_submit(r7, 0x2, &(0x7f0000001280)=[&(0x7f0000001000)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0xa, r8, 0x0, 0x0, 0x9, 0x0, 0x1, r6}])
ioctl$VIDIOC_G_PARM(r6, 0xc0cc5615, &(0x7f0000000680)={0x9, @raw_data="f78407fdd56f9d63e505bb4d2faf055cd700e26b81e09a1e84373e51ad8fa6a1462ee2262dc668320f6a69d8c70efe27598b6a8708ef8fbf52d846e3f0e993464010afcbc8c4b7f46a48261811f7c4956679c56543e0308e0e35a29d14c410a874787b1f025efc8bc19cabed275147be9081ab3f97ae13a9951e7647a45b4e14983a129b3c58edd8f30698d7351b3c14842ba278d7b0753ad2564c75ef0916bffe0df97b8e24d2bee84a664bd2735861b2c9331d4d3dd66e96a980c68fa5d918fe5262c412f66fa4"})
r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
pselect6(0x517, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x700}, &(0x7f0000000240)={0x0, 0x989680}, &(0x7f00000002c0)={&(0x7f0000000280), 0x8})
memfd_create(&(0x7f0000000000)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;|\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040ac052a0200000000000109022400010000000009040000010300020009210000f60122000009058103"], 0x0)
syz_usb_control_io$hid(r10, 0x0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="200108"], 0x0})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000004000000000100c0"])
syz_usb_control_io(r10, 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r9, 0xc0045003, 0x0)

3m27.10677536s ago: executing program 3 (id=885):
ioperm(0x0, 0x1, 0x6)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="02"], 0x10)

3m26.005915908s ago: executing program 3 (id=887):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, 0x0)

3m24.151253469s ago: executing program 3 (id=895):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/consoles\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2c00)

2m26.823969863s ago: executing program 4 (id=980):
unshare(0x8000400)
r0 = socket(0x2, 0x80805, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a3000000000140007800800124000050000080008400000000012000300686173683a6e65742c706f7274000000050005000a040000050004"], 0x60}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r4, 0x0, 0xd, &(0x7f0000000400)=0x9, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000600)={@broadcast, @random, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0xfd, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "44863a46875d7a99c994a2f0f3e6c9891f90f0da47b609b1", "282614002ac3b260591ff12441d3b9bd7570005c1a865e453a529854881fe0d4"}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r5, 0xe6, 0x8001, 0xc4a, 0x8}, &(0x7f00000001c0)=0x2)
r6 = memfd_create(&(0x7f0000000000)='+\x00', 0x6)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000040)={r5, @in6={{0xa, 0x4e21, 0xa5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10000}}, 0x81, 0x401, 0x6, 0x9, 0xc9d}, &(0x7f0000000100)=0x98)
cachestat(r6, &(0x7f00000005c0), 0x0, 0x0)

2m20.21064879s ago: executing program 4 (id=986):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387d9e9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

2m19.664163834s ago: executing program 4 (id=988):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
syz_open_dev$dri(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bdf2fb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x4040000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
unshare(0x22020400)
r3 = socket$isdn_base(0x22, 0x3, 0x0)
bind$isdn_base(r3, 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f00000000c0)={0x10000, 0x41564e57, 0x2, 0x111, 0x3, @discrete={0x3, 0x1}})
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pipe2$9p(&(0x7f0000000080), 0x80880)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
ioctl$TCSETA(0xffffffffffffffff, 0x4b6a, &(0x7f0000000340)={0x2, 0x0, 0x0, 0xfeff, 0x4, "72710080ab003f00"})
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000a40)=""/4096)
bind$inet(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)
getpgrp(0x0)

2m15.210896144s ago: executing program 4 (id=992):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x722)

2m14.088833154s ago: executing program 4 (id=995):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2, 0xfffffffc}, 0x5, 0xfffffffc, &(0x7f0000000040)={{0x0, 0x2, 0x80, 0xfffffffe}}, 0x0, 0x0, 0x1}})

2m13.5826138s ago: executing program 4 (id=997):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsetxattr(r0, &(0x7f0000000040)=@random={'system.', '[/\x00'}, &(0x7f00000000c0)='\x00', 0x1, 0x1)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x24000408)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x2020)

1m57.634455288s ago: executing program 33 (id=997):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsetxattr(r0, &(0x7f0000000040)=@random={'system.', '[/\x00'}, &(0x7f00000000c0)='\x00', 0x1, 0x1)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x24000408)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x2020)

1m33.554249282s ago: executing program 3 (id=895):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/consoles\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2c00)

49.222152946s ago: executing program 3 (id=895):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/consoles\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2c00)

20.555857835s ago: executing program 6 (id=1181):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002100)={0x1, &(0x7f0000000000)=[{0x25, 0x20}]}, 0x10)

19.363373783s ago: executing program 6 (id=1188):
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe4c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_PIE_ON(r3, 0x7005)
ioctl$RTC_IRQP_SET(r3, 0x4008700c, 0x722)

14.76691231s ago: executing program 5 (id=1193):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}], 0x20})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000100039042dbd700000000000000003e4", @ANYRES32=0x0, @ANYBLOB="00000000c310060020000c00040000637b0400"/31], 0x40}, 0x1, 0x0, 0x0, 0x881}, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x1f)

14.350843987s ago: executing program 0 (id=1194):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a0904000000bf00000000020040003c0004802c0001800b0001006e756d67656e00001c0002800800014000000011080002400000009408000340000000000c000180080001006e6174000900010073797a30000000000900020073797a32"], 0x90}}, 0x0)

14.297961348s ago: executing program 6 (id=1195):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0xffffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x4]})

14.056338239s ago: executing program 1 (id=1196):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000000340)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f00000002c0), 0x0, &(0x7f0000000580)=[@dontfrag={{0x14, 0x29, 0x3e, 0x2}}], 0x18}}], 0x1, 0x0)

10.393271295s ago: executing program 1 (id=1197):
r0 = socket$unix(0x1, 0x1, 0x0)
unshare(0x2c060000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x120}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYRESHEX=r2], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r6, &(0x7f0000002580), 0x0, 0x0)
sendmmsg$inet6(r6, &(0x7f0000006980)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000340)="9b", 0x1}], 0x1}}], 0x1, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000000209050000000000fffc49000100090000000000f500"], 0x20}}, 0x20)
r8 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r8, 0xc0405668, &(0x7f00000004c0)={0x3, 0x2, 0x2})
connect$unix(r5, 0x0, 0x0)
pread64(r0, &(0x7f0000000000)=""/181, 0xb5, 0x101)

10.342471518s ago: executing program 5 (id=1198):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
kcmp(r0, r0, 0x2, r1, r2)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[], 0x20}}, 0x0)

9.273968486s ago: executing program 0 (id=1199):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x80, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xca9, 0x0, 0xfffffffe, 0x0, 0xf407}, 0x0, 0x4, 0x2, 0x1, 0x2, 0x19, 0x5, 0x11, 0x7, 0x1ff, {0x4, 0x0, 0x0, 0x3, 0x30000000}}}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x170}]}, 0x80}}, 0x0)

6.755946359s ago: executing program 5 (id=1200):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x2c})

6.631114652s ago: executing program 6 (id=1201):
r0 = socket$inet(0x2, 0xa, 0x1)
bind$inet(r0, &(0x7f0000000640)={0x2, 0x0, @local}, 0x10)

4.01874757s ago: executing program 1 (id=1202):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000ff0000000000000000d17d000000000000000000000000000000000000000000ffffffff0000000000000000000000000000001200000000000000000000000000080000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e72300000000000000000000000000079616d3000000001000000000000b40079616d30000000000000000000000000766574b7708ad56f5f7465616d0000000180c2000000000000000000aaaaaaaaaa000000000000000000b0000000b0000000e0"]}, 0x175)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [], 0x0, 0x0, 0x0}, 0x1e8)

3.993286144s ago: executing program 5 (id=1203):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x27, 0xe, 0x0, &(0x7f00000002c0)="f8ad48cc02cb29dcc8007f5b86dd", 0x0, 0x5000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.859920727s ago: executing program 0 (id=1204):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x8000000, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}], 0x20})

3.386034476s ago: executing program 6 (id=1205):
creat(&(0x7f0000000000)='./file0\x00', 0x84)

3.294816401s ago: executing program 1 (id=1206):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xb0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r4, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4)
connect$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
connect$rxrpc(r3, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)

3.202077225s ago: executing program 0 (id=1207):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000000340)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f00000002c0), 0x0, &(0x7f0000000580)=[@dontfrag={{0x14, 0x29, 0x3e, 0x2}}], 0x18}}], 0x1, 0x0)

3.14534745s ago: executing program 5 (id=1208):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000002c0)={0x6, @capture={0x0, 0x0, {0x6, 0x3}, 0x78, 0x26e}})

2.723565776s ago: executing program 0 (id=1209):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r2, 0x5, 0x0, 0xffffffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='F'}]}, 0x24}, 0x1, 0x0, 0x0, 0x2004c000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r0, 0x8b1a, &(0x7f0000000040))

2.45051138s ago: executing program 6 (id=1210):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet_group_source_req(r2, 0x0, 0x4, &(0x7f00000004c0)={0x3, {{0x2, 0x4e20, @rand_addr=0x64010101}}, {{0x2, 0x0, @local}}}, 0x108)

523.857502ms ago: executing program 1 (id=1211):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0xffffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x4]})

450.966341ms ago: executing program 5 (id=1212):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc09372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0)

333.792857ms ago: executing program 0 (id=1213):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x688202, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1, @ANYRES64=r0, @ANYRES32=r1], 0x20)

0s ago: executing program 1 (id=1214):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f608000000011800"], 0x44}}, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000580)={0x2, &(0x7f0000000280)=[{0x40, 0xfb}, {0x6}]})
write$ppp(r2, &(0x7f0000000300)="0113", 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x488, 0x358, 0x11, 0x148, 0x358, 0x0, 0x3f0, 0x2a8, 0x2a8, 0x3f0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x358, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x2, 0x0, 0x0, './file0\x00'}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98, 0x0, {0x8800000000000000}}, {0x28}}}}, 0x4e8)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200))
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x406, r5)
write$sndseq(r6, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x2, 0x8}, {}, {}, @raw32={[0x0, 0x0, 0x2]}}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @quote}], 0x38)

kernel console output (not intermixed with test programs):

5] fuse: Unknown parameter 'r�er_id'
[  460.614305][ T8073] netlink: 'syz.2.661': attribute type 21 has an invalid length.
[  460.623146][ T8073] netlink: 44 bytes leftover after parsing attributes in process `syz.2.661'.
[  460.635351][ T8073] netlink: 16 bytes leftover after parsing attributes in process `syz.2.661'.
[  460.897334][ T8075] loop4: detected capacity change from 0 to 1024
[  460.965904][ T8075] EXT4-fs (loop4): filesystem is read-only
[  461.006623][ T8075] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  461.016844][ T8075] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  461.186206][ T8075] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #32: comm syz.4.662: iget: special inode unallocated
[  461.215293][ T8075] EXT4-fs (loop4): no journal found
[  461.220810][ T8075] EXT4-fs (loop4): can't get journal size
[  461.290511][ T8075] EXT4-fs error (device loop4): ext4_protect_reserved_inode:160: inode #32: comm syz.4.662: iget: special inode unallocated
[  461.314588][ T8075] EXT4-fs (loop4): failed to initialize system zone (-117)
[  461.408768][ T8062] loop1: detected capacity change from 0 to 32768
[  461.421243][ T8075] EXT4-fs (loop4): mount failed
[  461.441728][ T8062] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.659 (8062)
[  461.493017][ T8087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'.
[  461.502260][ T8087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.666'.
[  461.631261][ T8062] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  461.642392][ T8062] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  461.658036][ T8062] BTRFS info (device loop1): using free-space-tree
[  461.942020][ T8092] loop0: detected capacity change from 0 to 512
[  462.036592][ T8062] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  462.037872][ T8062] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  462.049222][ T8062] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  462.065364][ T8062] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  462.200637][ T8101] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  462.236945][ T8062] BTRFS error (device loop1): open_ctree failed
[  462.237586][ T8092] overlay: Unknown parameter '/�)��4�N�{��̏����0�\g�֛��"YK��67js!��FB'
[  462.244263][ T8073] syz.2.661 (8073): drop_caches: 3
[  462.653023][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  463.671321][ T8116] loop2: detected capacity change from 0 to 256
[  463.739155][ T8120] sg_write: data in/out 655360/1 bytes for SCSI command 0xf2-- guessing data in;
[  463.739155][ T8120]    program syz.1.673 not setting count and/or reply_len properly
[  464.941115][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  464.947971][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  465.256970][ T8127] syz.4.674 (8127): drop_caches: 2
[  465.994726][ T8139] loop1: detected capacity change from 0 to 512
[  466.147539][ T8139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  466.423636][ T8152] netlink: 'syz.4.682': attribute type 4 has an invalid length.
[  466.454567][ T8148] geneve2: entered promiscuous mode
[  466.511795][ T8136] netlink: 'syz.1.679': attribute type 21 has an invalid length.
[  466.520128][ T8136] netlink: 44 bytes leftover after parsing attributes in process `syz.1.679'.
[  466.529491][ T8136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.679'.
[  467.059440][ T8136] syz.1.679 (8136): drop_caches: 3
[  467.194628][ T8160] loop4: detected capacity change from 0 to 2048
[  467.222489][ T8160] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  467.252569][ T8162] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  467.299959][ T8160] netlink: 336 bytes leftover after parsing attributes in process `syz.4.689'.
[  467.300032][ T8161] FAULT_INJECTION: forcing a failure.
[  467.300032][ T8161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.323675][ T8161] CPU: 0 UID: 0 PID: 8161 Comm: syz.0.687 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  467.333187][ T8160] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[  467.334487][ T8161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  467.334581][ T8161] Call Trace:
[  467.334635][ T8161]  <TASK>
[  467.358836][ T8161]  dump_stack_lvl+0x216/0x2d0
[  467.363953][ T8161]  dump_stack+0x1e/0x24
[  467.368441][ T8161]  should_fail_ex+0x748/0x7f0
[  467.373445][ T8161]  should_fail+0x2a/0x40
[  467.377989][ T8161]  should_fail_usercopy+0x2e/0x40
[  467.383349][ T8161]  _copy_to_user+0x34/0x120
[  467.388169][ T8161]  simple_read_from_buffer+0x199/0x340
[  467.393976][ T8161]  proc_fail_nth_read+0x1e5/0x2c0
[  467.399316][ T8161]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  467.405171][ T8161]  vfs_read+0x29d/0xf50
[  467.409637][ T8161]  ? kmsan_get_metadata+0x13e/0x1c0
[  467.415145][ T8161]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  467.421836][ T8161]  ksys_read+0x240/0x4b0
[  467.426408][ T8161]  ? kmsan_get_metadata+0x13e/0x1c0
[  467.431930][ T8161]  __x64_sys_read+0x93/0xe0
[  467.436766][ T8161]  x64_sys_call+0x314c/0x3c30
[  467.441785][ T8161]  do_syscall_64+0xcd/0x1e0
[  467.446614][ T8161]  ? clear_bhb_loop+0x25/0x80
[  467.451619][ T8161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.457853][ T8161] RIP: 0033:0x7f6abcf7e8ec
[  467.462544][ T8161] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  467.482482][ T8161] RSP: 002b:00007f6abddf8050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  467.491241][ T8161] RAX: ffffffffffffffda RBX: 00007f6abd145fa0 RCX: 00007f6abcf7e8ec
[  467.499508][ T8161] RDX: 000000000000000f RSI: 00007f6abddf80b0 RDI: 0000000000000005
[  467.507738][ T8161] RBP: 00007f6abddf80a0 R08: 0000000000000000 R09: 0000000000000000
[  467.515979][ T8161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.524212][ T8161] R13: 0000000000000000 R14: 00007f6abd145fa0 R15: 00007ffff359ec18
[  467.532480][ T8161]  </TASK>
[  467.611435][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  467.615535][ T5838] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  467.825282][ T5838] usb 3-1: Using ep0 maxpacket: 8
[  467.859722][ T5838] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  467.869450][ T5838] usb 3-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91
[  467.879069][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.085472][ T5838] usb 3-1: config 0 descriptor??
[  468.298164][ T8169] loop1: detected capacity change from 0 to 256
[  468.360753][ T8158] loop2: detected capacity change from 0 to 64
[  468.472383][ T8169] loop1: detected capacity change from 0 to 512
[  468.475310][ T8158] syz.2.688: attempt to access beyond end of device
[  468.475310][ T8158] loop2: rw=0, sector=131070, nr_sectors = 2 limit=64
[  468.492655][ T8158] Buffer I/O error on dev loop2, logical block 65535, async page read
[  468.528750][ T8158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.538823][ T8158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.657658][ T8169] overlay: Unknown parameter '/�)��4�N�{��̏����0�\g�֛��"YK��67js!��FB'
[  469.358747][ T5830] usb 3-1: USB disconnect, device number 20
[  469.745403][ T8186] Invalid logical block size (32)
[  470.572394][ T8205] loop4: detected capacity change from 0 to 512
[  470.588240][ T8208] FAULT_INJECTION: forcing a failure.
[  470.588240][ T8208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.601950][ T8208] CPU: 0 UID: 0 PID: 8208 Comm: syz.0.703 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  470.612867][ T8208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  470.623173][ T8208] Call Trace:
[  470.626668][ T8208]  <TASK>
[  470.629801][ T8208]  dump_stack_lvl+0x216/0x2d0
[  470.634813][ T8208]  dump_stack+0x1e/0x24
[  470.639294][ T8208]  should_fail_ex+0x748/0x7f0
[  470.644312][ T8208]  should_fail+0x2a/0x40
[  470.648869][ T8208]  should_fail_usercopy+0x2e/0x40
[  470.654251][ T8208]  _copy_to_user+0x34/0x120
[  470.659175][ T8208]  simple_read_from_buffer+0x199/0x340
[  470.664990][ T8208]  proc_fail_nth_read+0x1e5/0x2c0
[  470.670354][ T8208]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  470.676314][ T8208]  vfs_read+0x29d/0xf50
[  470.680806][ T8208]  ? kmsan_get_metadata+0x13e/0x1c0
[  470.686315][ T8208]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  470.693021][ T8208]  ksys_read+0x240/0x4b0
[  470.697613][ T8208]  ? kmsan_get_metadata+0x13e/0x1c0
[  470.703126][ T8208]  __x64_sys_read+0x93/0xe0
[  470.707987][ T8208]  x64_sys_call+0x314c/0x3c30
[  470.713017][ T8208]  do_syscall_64+0xcd/0x1e0
[  470.717858][ T8208]  ? clear_bhb_loop+0x25/0x80
[  470.722855][ T8208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.729086][ T8208] RIP: 0033:0x7f6abcf7e8ec
[  470.733766][ T8208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  470.753680][ T8208] RSP: 002b:00007f6abddf8050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  470.762435][ T8208] RAX: ffffffffffffffda RBX: 00007f6abd145fa0 RCX: 00007f6abcf7e8ec
[  470.770688][ T8208] RDX: 000000000000000f RSI: 00007f6abddf80b0 RDI: 0000000000000004
[  470.778926][ T8208] RBP: 00007f6abddf80a0 R08: 0000000000000000 R09: 0000000000000000
[  470.787168][ T8208] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  470.795388][ T8208] R13: 0000000000000000 R14: 00007f6abd145fa0 R15: 00007ffff359ec18
[  470.803645][ T8208]  </TASK>
[  470.843246][ T8203] loop1: detected capacity change from 0 to 64
[  471.006650][ T8205] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  471.095426][ T5830] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  471.232103][ T8202] netlink: 'syz.4.701': attribute type 21 has an invalid length.
[  471.240521][ T8202] netlink: 44 bytes leftover after parsing attributes in process `syz.4.701'.
[  471.249978][ T8202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.701'.
[  471.295763][ T5830] usb 3-1: Using ep0 maxpacket: 16
[  471.315631][ T5830] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  471.324138][ T5830] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.334697][ T5830] usb 3-1: config 0 has no interface number 0
[  471.402600][ T8215] loop0: detected capacity change from 0 to 8
[  471.424308][ T5830] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  471.433972][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.442543][ T5830] usb 3-1: Product: syz
[  471.447270][ T5830] usb 3-1: Manufacturer: syz
[  471.452130][ T5830] usb 3-1: SerialNumber: syz
[  471.487129][ T8215] squashfs image failed sanity check
[  471.523401][ T8215] loop0: detected capacity change from 0 to 128
[  471.576756][ T5830] usb 3-1: config 0 descriptor??
[  471.598336][ T8215] FAT-fs (loop0): bogus logical sector size 0
[  471.604714][ T8215] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  471.616313][ T8215] FAT-fs (loop0): Can't find a valid FAT filesystem
[  471.652837][ T8215] loop0: detected capacity change from 0 to 64
[  471.864763][ T8215] overlay: filesystem on ./file0 not supported
[  471.999553][ T8202] syz.4.701 (8202): drop_caches: 3
[  472.196324][ T5791] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  472.735433][ T5838] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  472.956025][ T5838] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  472.967598][ T5838] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  472.977978][ T5838] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  472.987468][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.083392][ T8224] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  473.130938][ T5838] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  473.134144][ T5830] usb 3-1: USB disconnect, device number 21
[  473.506803][ T8240] loop4: detected capacity change from 0 to 1764
[  473.657278][    T8] usb 4-1: USB disconnect, device number 16
[  474.065169][ T5830] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  474.583876][ T5830] usb 2-1: not running at top speed; connect to a high speed hub
[  474.652153][ T5830] usb 2-1: config 16 has an invalid interface number: 82 but max is 0
[  474.665861][ T5830] usb 2-1: config 16 has no interface number 0
[  474.672336][ T5830] usb 2-1: config 16 interface 82 altsetting 3 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  474.685300][ T5830] usb 2-1: config 16 interface 82 has no altsetting 0
[  474.689305][ T5954] udevd[5954]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  474.792464][ T5830] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0003, bcdDevice=56.a2
[  474.802114][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.810703][ T5830] usb 2-1: Product: syz
[  474.815394][ T5830] usb 2-1: Manufacturer: syz
[  474.820242][ T5830] usb 2-1: SerialNumber: syz
[  474.850945][ T5838] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  474.980364][ T8248] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  475.213504][ T5838] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  475.226257][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  475.237902][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  475.249548][ T5838] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  475.263163][ T5838] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  475.275377][ T5838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.531993][ T5830] kvaser_usb 2-1:16.82: error -ENODEV: Cannot get usb endpoint(s)
[  475.570570][ T5838] usb 1-1: config 0 descriptor??
[  475.592563][ T8254] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  475.613003][ T5830] usb 2-1: USB disconnect, device number 17
[  475.724635][ T8260] loop2: detected capacity change from 0 to 512
[  475.829002][ T8260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  475.939984][ T8260] netlink: 'syz.2.718': attribute type 21 has an invalid length.
[  475.948346][ T8260] netlink: 44 bytes leftover after parsing attributes in process `syz.2.718'.
[  475.957729][ T8260] netlink: 16 bytes leftover after parsing attributes in process `syz.2.718'.
[  476.040115][ T5838] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  476.049103][ T5838] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  476.057402][ T5838] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  476.065384][ T5838] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  476.073145][ T5838] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  476.131183][ T5838] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  476.189078][ T5838] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  476.766169][ T5830] usb 1-1: USB disconnect, device number 13
[  477.124570][ T8260] syz.2.718 (8260): drop_caches: 3
[  477.195442][ T8285] ERROR: device name not specified.
[  477.250800][ T8280] loop1: detected capacity change from 0 to 256
[  477.580644][ T8280] loop1: detected capacity change from 0 to 512
[  477.778811][ T8280] overlay: Unknown parameter '/�)��4�N�{��̏����0�\g�֛��"YK��67js!��FB'
[  478.046602][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.065160][ T8287] loop4: detected capacity change from 0 to 32768
[  478.081849][ T8287] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.725 (8287)
[  478.142090][ T8287] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  478.152734][ T8287] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  478.163405][ T8287] BTRFS info (device loop4): using free-space-tree
[  479.110846][ T8280] loop1: detected capacity change from 0 to 32768
[  479.120215][ T8280] (syz.1.724,8280,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  479.130438][ T8280] (syz.1.724,8280,0):ocfs2_fill_super:1178 ERROR: status = -22
[  479.932471][   T29] audit: type=1326 audit(1733631642.247:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8316 comm="syz.2.731" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe6b77fed9 code=0x0
[  479.960148][ T5078] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  479.970918][ T5078] CPU: 0 UID: 0 PID: 5078 Comm: kworker/u9:1 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  479.982086][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  479.992460][ T5078] Workqueue: hci2 hci_rx_work
[  479.997458][ T5078] Call Trace:
[  480.000920][ T5078]  <TASK>
[  480.004031][ T5078]  dump_stack_lvl+0x216/0x2d0
[  480.009027][ T5078]  dump_stack+0x1e/0x24
[  480.013462][ T5078]  sysfs_create_dir_ns+0x45f/0x4c0
[  480.018903][ T5078]  kobject_add_internal+0xfe7/0x1900
[  480.024492][ T5078]  kobject_add+0x28c/0x3c0
[  480.029212][ T5078]  device_add+0xa90/0x1ba0
[  480.033920][ T5078]  hci_conn_add_sysfs+0x161/0x2c0
[  480.039240][ T5078]  le_conn_complete_evt+0x1adf/0x1fa0
[  480.044924][ T5078]  hci_le_conn_complete_evt+0x15a/0x210
[  480.050762][ T5078]  hci_le_meta_evt+0x600/0x850
[  480.055787][ T5078]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  480.062149][ T5078]  hci_event_packet+0x11df/0x1c20
[  480.067488][ T5078]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  480.073068][ T5078]  hci_rx_work+0x699/0x1260
[  480.077841][ T5078]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  480.083935][ T5078]  ? __pfx_hci_rx_work+0x10/0x10
[  480.089149][ T5078]  ? __pfx_hci_rx_work+0x10/0x10
[  480.094355][ T5078]  process_scheduled_works+0xae0/0x1c40
[  480.100262][ T5078]  worker_thread+0xea7/0x14f0
[  480.105261][ T5078]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  480.111378][ T5078]  kthread+0x3e2/0x540
[  480.115711][ T5078]  ? __pfx_worker_thread+0x10/0x10
[  480.121141][ T5078]  ? __pfx_kthread+0x10/0x10
[  480.126004][ T5078]  ret_from_fork+0x6d/0x90
[  480.130714][ T5078]  ? __pfx_kthread+0x10/0x10
[  480.135579][ T5078]  ret_from_fork_asm+0x1a/0x30
[  480.140673][ T5078]  </TASK>
[  480.147012][ T5078] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  480.162329][ T5078] Bluetooth: hci2: failed to register connection device
[  480.389346][ T8319] loop2: detected capacity change from 0 to 512
[  480.709384][ T8322] syz.3.730 (8322): drop_caches: 2
[  480.814479][ T8319] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  480.819183][ T8287] BTRFS error (device loop4): open_ctree failed
[  480.843115][ T8319] EXT4-fs (loop2): 1 truncate cleaned up
[  480.851644][ T8319] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  481.036127][ T8327] fuse: Bad value for 'fd'
[  481.545217][ T8324] syz.3.730 (8324): drop_caches: 2
[  482.081734][ T8333] loop1: detected capacity change from 0 to 512
[  482.111577][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.194246][ T8333] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  482.353006][ T8332] netlink: 'syz.1.736': attribute type 21 has an invalid length.
[  482.361211][ T8332] netlink: 44 bytes leftover after parsing attributes in process `syz.1.736'.
[  482.371047][ T8332] netlink: 16 bytes leftover after parsing attributes in process `syz.1.736'.
[  482.486724][ T8344] loop3: detected capacity change from 0 to 128
[  482.496615][ T8344] affs: Unknown parameter 'rootcontext'
[  482.814597][   T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.981608][ T8348] syz.0.738 (8348): drop_caches: 2
[  483.409805][   T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.584170][   T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.828000][   T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.095389][ T8332] syz.1.736 (8332): drop_caches: 3
[  484.366364][   T59] bridge_slave_1: left allmulticast mode
[  484.372282][   T59] bridge_slave_1: left promiscuous mode
[  484.379203][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.491977][ T8361] fuse: Bad value for 'rootmode'
[  484.516342][   T59] bridge_slave_0: left allmulticast mode
[  484.522334][   T59] bridge_slave_0: left promiscuous mode
[  484.529146][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.563149][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  484.632063][ T5078] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  484.687245][ T5078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  484.700437][ T5078] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  485.053466][ T5078] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  485.159024][ T5078] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  485.168524][ T5078] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  485.864505][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  485.991582][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  486.028490][   T59] bond0 (unregistering): Released all slaves
[  486.594774][ T8389] fuse: Bad value for 'rootmode'
[  486.790487][ T8390] loop0: detected capacity change from 0 to 128
[  487.029878][ T8393] syz.4.755 (8393): drop_caches: 2
[  487.101585][ T8360] lo speed is unknown, defaulting to 1000
[  487.299646][ T5078] Bluetooth: hci2: command tx timeout
[  487.401308][ T8394] loop0: detected capacity change from 0 to 64
[  487.506329][ T8394] hfs: Unknown parameter ''
[  487.536049][ T8398] loop1: detected capacity change from 0 to 512
[  487.627546][ T8398] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  487.799521][ T8396] netlink: 'syz.1.757': attribute type 21 has an invalid length.
[  487.807716][ T8396] netlink: 44 bytes leftover after parsing attributes in process `syz.1.757'.
[  487.817066][ T8396] netlink: 16 bytes leftover after parsing attributes in process `syz.1.757'.
[  488.000956][   T59] hsr_slave_0: left promiscuous mode
[  488.075842][   T59] hsr_slave_1: left promiscuous mode
[  488.125754][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  488.133531][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  488.236424][   T59] veth1_macvtap: left promiscuous mode
[  488.242428][   T59] veth0_macvtap: left promiscuous mode
[  488.248552][   T59] veth1_vlan: left promiscuous mode
[  488.254304][   T59] veth0_vlan: left promiscuous mode
[  488.473122][ T8410] loop4: detected capacity change from 0 to 128
[  488.640049][ T8410] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  488.785637][ T8410] ext4 filesystem being mounted at /143/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  489.367247][ T8396] syz.1.757 (8396): drop_caches: 3
[  489.432701][   T59] team0 (unregistering): Port device team_slave_1 removed
[  489.453329][   T51] Bluetooth: hci2: command tx timeout
[  489.540666][   T59] team0 (unregistering): Port device team_slave_0 removed
[  490.077225][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.679365][ T8426] fuse: Unknown parameter 'use00000000000000000000'
[  490.974811][   T59] IPVS: stop unused estimator thread 0...
[  491.187181][ T8360] chnl_net:caif_netlink_parms(): no params data found
[  491.575058][   T51] Bluetooth: hci2: command tx timeout
[  491.637587][ T8442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.768'.
[  492.005320][ T5838] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  492.183835][ T8360] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.191847][ T8360] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.193016][ T5838] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  492.202938][ T8360] bridge_slave_0: entered allmulticast mode
[  492.208653][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.217508][ T8360] bridge_slave_0: entered promiscuous mode
[  492.222759][ T5838] usb 4-1: Product: syz
[  492.233227][ T5838] usb 4-1: Manufacturer: syz
[  492.238343][ T5838] usb 4-1: SerialNumber: syz
[  492.440262][ T5838] r8152-cfgselector 4-1: Unknown version 0x0000
[  492.447232][ T5838] r8152-cfgselector 4-1: config 0 descriptor??
[  492.479160][ T8360] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.487027][ T8360] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.494854][ T8360] bridge_slave_1: entered allmulticast mode
[  492.504314][ T8360] bridge_slave_1: entered promiscuous mode
[  492.788504][ T5791] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  492.951338][ T8360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  493.113312][   T44] r8152-cfgselector 4-1: USB disconnect, device number 17
[  493.139866][ T8360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  493.320605][ T8456] syz.0.770 (8456): drop_caches: 2
[  493.524342][ T8360] team0: Port device team_slave_0 added
[  493.596340][ T8360] team0: Port device team_slave_1 added
[  493.623750][   T51] Bluetooth: hci2: command tx timeout
[  494.019530][ T8360] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.027127][ T8360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.053634][ T8360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.083498][ T8360] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.091084][ T8360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.119808][ T8360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.315465][ T8464] loop0: detected capacity change from 0 to 512
[  494.404669][ T8360] hsr_slave_0: entered promiscuous mode
[  494.479543][ T8464] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  494.551677][ T8360] hsr_slave_1: entered promiscuous mode
[  494.697322][ T8464] netlink: 'syz.0.774': attribute type 21 has an invalid length.
[  494.705950][ T8464] netlink: 44 bytes leftover after parsing attributes in process `syz.0.774'.
[  494.715477][ T8464] netlink: 16 bytes leftover after parsing attributes in process `syz.0.774'.
[  494.846001][ T8360] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  494.853833][ T8360] Cannot create hsr debugfs directory
[  495.138233][ T8468] loop3: detected capacity change from 0 to 32768
[  495.149539][ T8468] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.775 (8468)
[  495.171349][ T8468] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  495.182096][ T8468] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm
[  495.193895][ T8468] BTRFS info (device loop3): using free-space-tree
[  495.772484][ T8468] BTRFS info (device loop3): rebuilding free space tree
[  495.838044][ T8468] BTRFS info (device loop3): checking UUID tree
[  496.054845][ T5780] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  496.499188][ T8360] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  496.536176][ T8360] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  496.591470][ T8464] syz.0.774 (8464): drop_caches: 3
[  496.601009][ T8360] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  496.664112][ T8360] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  497.008998][ T8509] fuse: Unknown parameter 'use00000000000000000000'
[  497.137027][ T8511] loop4: detected capacity change from 0 to 1024
[  497.498938][ T8360] 8021q: adding VLAN 0 to HW filter on device bond0
[  497.569134][ T8511] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  497.611903][ T5793] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.614852][ T8360] 8021q: adding VLAN 0 to HW filter on device team0
[  497.859835][ T1844] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.867753][ T1844] bridge0: port 1(bridge_slave_0) entered forwarding state
[  498.035107][ T1844] bridge0: port 2(bridge_slave_1) entered blocking state
[  498.042801][ T1844] bridge0: port 2(bridge_slave_1) entered forwarding state
[  498.057894][ T8521] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  498.125122][ T8521] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #14: comm syz.4.780: corrupted in-inode xattr: bad magic number in in-inode xattr
[  498.155828][ T8521] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #14: comm syz.4.780: attempt to clear invalid blocks 1634560256 len 1
[  498.404257][ T8527] syz.1.783 (8527): drop_caches: 2
[  498.701858][ T8533] fuse: Bad value for 'fd'
[  498.975565][   T29] audit: type=1326 audit(1733631661.297:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8528 comm="syz.0.781" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6abcf7fed9 code=0x0
[  499.403705][ T5791] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  499.542349][ T8537] loop3: detected capacity change from 0 to 1024
[  499.661945][ T8537] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  499.957596][ T8537] loop3: detected capacity change from 0 to 256
[  500.082340][ T8537] netlink: 64 bytes leftover after parsing attributes in process `syz.3.784'.
[  501.088494][ T8360] 8021q: adding VLAN 0 to HW filter on device batadv0
[  501.158200][ T8554] loop4: detected capacity change from 0 to 512
[  501.900283][ T8554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  501.993115][ T8555] loop1: detected capacity change from 0 to 32768
[  502.004404][ T8555] btrfs: Deprecated parameter 'usebackuproot'
[  502.010985][ T8555] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  502.022926][ T8555] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.789 (8555)
[  502.044762][ T8555] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  502.055676][ T8555] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm
[  502.065621][ T8555] BTRFS info (device loop1): using free-space-tree
[  502.069141][ T8550] netlink: 'syz.4.790': attribute type 21 has an invalid length.
[  502.080583][ T8550] netlink: 44 bytes leftover after parsing attributes in process `syz.4.790'.
[  502.089840][ T8550] netlink: 16 bytes leftover after parsing attributes in process `syz.4.790'.
[  502.307556][ T8580] fuse: Unknown parameter 'use00000000000000000000'
[  502.321152][   T59] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  502.336005][ T8555] BTRFS error (device loop1): failed to load root extent
[  502.343409][ T8555] BTRFS warning (device loop1): try to load backup roots slot 1
[  502.378393][ T3865] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  502.392172][ T8555] BTRFS warning (device loop1): couldn't read tree root
[  502.399597][ T8555] BTRFS warning (device loop1): try to load backup roots slot 2
[  502.413784][ T3624] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  502.425404][ T8555] BTRFS warning (device loop1): couldn't read tree root
[  502.432634][ T8555] BTRFS warning (device loop1): try to load backup roots slot 3
[  502.585865][ T8555] BTRFS info (device loop1): rebuilding free space tree
[  502.643526][ T8555] BTRFS info (device loop1): checking UUID tree
[  502.836580][   T44] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  503.010105][ T5781] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  503.095650][   T44] usb 1-1: Using ep0 maxpacket: 16
[  503.126885][   T44] usb 1-1: config 0 has an invalid descriptor of length 164, skipping remainder of the config
[  503.137833][   T44] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  503.151304][   T44] usb 1-1: New USB device found, idVendor=05ac, idProduct=027b, bcdDevice= 0.00
[  503.160733][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.317933][   T44] usb 1-1: config 0 descriptor??
[  503.707201][ T8587] program syz.0.792 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  503.851560][   T44] usb 1-1: string descriptor 0 read error: -71
[  503.949075][   T44] usb 1-1: USB disconnect, device number 14
[  504.020870][ T5830] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  504.101820][ T8550] syz.4.790 (8550): drop_caches: 3
[  504.241994][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.258039][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.269949][ T5830] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  504.283260][ T5830] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  504.292736][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.430443][ T5830] usb 2-1: config 0 descriptor??
[  504.723284][ T8360] veth0_vlan: entered promiscuous mode
[  504.758733][ T8360] veth1_vlan: entered promiscuous mode
[  504.849271][ T8360] veth0_macvtap: entered promiscuous mode
[  504.874455][ T8360] veth1_macvtap: entered promiscuous mode
[  504.902859][ T5791] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.979285][ T8605] loop3: detected capacity change from 0 to 164
[  505.141774][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.149404][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.157007][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.164255][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.177733][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.186536][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.193807][ T5830] wacom 0003:056A:0094.0007: unknown main item tag 0x0
[  505.222833][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.233861][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.244159][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.255159][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.265405][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.278102][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.288925][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.300758][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.315672][ T8360] batman_adv: batadv0: Interface activated: batadv_slave_0
[  505.559647][ T5830] wacom 0003:056A:0094.0007: Using device in hidraw-only mode
[  505.576764][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.592158][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.603463][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.614319][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.624504][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.635286][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.645508][ T8360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.656242][ T8360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.673454][ T8360] batman_adv: batadv0: Interface activated: batadv_slave_1
[  505.718482][ T5830] wacom 0003:056A:0094.0007: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.1-1/input0
[  505.792771][ T5830] usb 2-1: USB disconnect, device number 18
[  506.172524][ T8360] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  506.182193][ T8360] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  506.191464][ T8360] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  506.202748][ T8360] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  506.398771][ T8616] loop0: detected capacity change from 0 to 65
[  506.411290][ T8616] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  507.090642][ T8613] syz.4.795 (8613): drop_caches: 2
[  507.340156][ T8619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  507.347812][ T8619] IPv6: NLM_F_CREATE should be set when creating new route
[  507.355557][ T8619] IPv6: NLM_F_CREATE should be set when creating new route
[  508.097943][ T8629] fuse: Unknown parameter 'user_i00000000000000000000'
[  508.330565][ T8632] FAULT_INJECTION: forcing a failure.
[  508.330565][ T8632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.345312][ T8632] CPU: 1 UID: 0 PID: 8632 Comm: syz.1.803 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  508.356242][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  508.366561][ T8632] Call Trace:
[  508.370047][ T8632]  <TASK>
[  508.373191][ T8632]  dump_stack_lvl+0x216/0x2d0
[  508.378223][ T8632]  dump_stack+0x1e/0x24
[  508.382699][ T8632]  should_fail_ex+0x748/0x7f0
[  508.387713][ T8632]  should_fail+0x2a/0x40
[  508.392269][ T8632]  should_fail_usercopy+0x2e/0x40
[  508.397637][ T8632]  _copy_from_iter+0x1d8/0x2b00
[  508.402804][ T8632]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  508.408922][ T8632]  ? kmsan_get_metadata+0x13e/0x1c0
[  508.414433][ T8632]  ? skb_put+0x189/0x230
[  508.418983][ T8632]  netlink_sendmsg+0xc1d/0x11e0
[  508.424180][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  508.429790][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  508.435407][ T8632]  __sock_sendmsg+0x30f/0x380
[  508.435518][ T8630] macvtap1: entered promiscuous mode
[  508.445835][ T8632]  ____sys_sendmsg+0x877/0xb60
[  508.450932][ T8632]  ___sys_sendmsg+0x28d/0x3c0
[  508.455908][ T8632]  ? kmsan_get_metadata+0x13e/0x1c0
[  508.461427][ T8632]  ? __rcu_read_unlock+0x7b/0xe0
[  508.466701][ T8632]  ? __fget_files+0x42b/0x500
[  508.471679][ T8632]  ? kmsan_get_metadata+0x13e/0x1c0
[  508.477176][ T8632]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  508.483319][ T8632]  __x64_sys_sendmsg+0x212/0x3c0
[  508.488586][ T8632]  ? kmsan_get_metadata+0x13e/0x1c0
[  508.494112][ T8632]  x64_sys_call+0x2ed6/0x3c30
[  508.499151][ T8632]  do_syscall_64+0xcd/0x1e0
[  508.504005][ T8632]  ? clear_bhb_loop+0x25/0x80
[  508.509009][ T8632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  508.515248][ T8632] RIP: 0033:0x7fdebad7fed9
[  508.519929][ T8632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  508.539860][ T8632] RSP: 002b:00007fdeb8bf6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  508.548588][ T8632] RAX: ffffffffffffffda RBX: 00007fdebaf45fa0 RCX: 00007fdebad7fed9
[  508.556811][ T8632] RDX: 0000000004000814 RSI: 0000000020000180 RDI: 0000000000000003
[  508.565016][ T8632] RBP: 00007fdeb8bf60a0 R08: 0000000000000000 R09: 0000000000000000
[  508.573223][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  508.581439][ T8632] R13: 0000000000000000 R14: 00007fdebaf45fa0 R15: 00007ffdd538a508
[  508.589666][ T8632]  </TASK>
[  509.332946][ T8639] loop0: detected capacity change from 0 to 128
[  509.425436][ T8639] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  509.494290][ T8637] loop4: detected capacity change from 0 to 512
[  509.506353][ T8639] ext4 filesystem being mounted at /171/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  509.656455][ T8637] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  509.687079][    T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  509.785866][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  509.794816][ T8637] netlink: 'syz.4.804': attribute type 21 has an invalid length.
[  509.795085][ T8637] netlink: 44 bytes leftover after parsing attributes in process `syz.4.804'.
[  509.795177][ T8637] netlink: 16 bytes leftover after parsing attributes in process `syz.4.804'.
[  509.956120][    T8] usb 2-1: Using ep0 maxpacket: 16
[  510.014286][    T8] usb 2-1: config 0 has an invalid descriptor of length 164, skipping remainder of the config
[  510.026842][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  510.041646][    T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=027b, bcdDevice= 0.00
[  510.051429][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.268594][    T8] usb 2-1: config 0 descriptor??
[  510.585395][ T8641] program syz.1.806 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  510.679963][ T8637] syz.4.804 (8637): drop_caches: 3
[  510.833833][    T8] usb 2-1: string descriptor 0 read error: -71
[  510.853875][ T8657] loop3: detected capacity change from 0 to 512
[  510.861292][    T8] usb 2-1: USB disconnect, device number 19
[  510.878052][ T5791] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.070235][ T8657] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.808: corrupted in-inode xattr: invalid ea_ino
[  511.188037][ T8657] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.808: couldn't read orphan inode 15 (err -117)
[  511.264565][ T8657] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  511.359130][ T8661] 9pnet_fd: Insufficient options for proto=fd
[  511.690660][ T8666] loop0: detected capacity change from 0 to 65
[  511.771313][ T8666] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  512.637502][ T8669] loop1: detected capacity change from 0 to 32768
[  512.665096][ T5780] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  512.679370][ T8669] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.811 (8669)
[  512.821573][ T8669] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  512.833088][ T8669] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  512.844612][ T8669] BTRFS info (device loop1): using free-space-tree
[  513.742018][ T8669] BTRFS info (device loop1): rebuilding free space tree
[  514.017333][ T8669] BTRFS info (device loop1): checking UUID tree
[  514.727482][ T5781] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  514.883506][ T8715] FAULT_INJECTION: forcing a failure.
[  514.883506][ T8715] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.897317][ T8715] CPU: 0 UID: 0 PID: 8715 Comm: syz.0.819 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  514.908231][ T8715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  514.918551][ T8715] Call Trace:
[  514.922117][ T8715]  <TASK>
[  514.925236][ T8715]  dump_stack_lvl+0x216/0x2d0
[  514.930236][ T8715]  dump_stack+0x1e/0x24
[  514.934706][ T8715]  should_fail_ex+0x748/0x7f0
[  514.939713][ T8715]  should_fail+0x2a/0x40
[  514.944269][ T8715]  should_fail_usercopy+0x2e/0x40
[  514.949608][ T8715]  _copy_to_user+0x34/0x120
[  514.954501][ T8715]  simple_read_from_buffer+0x199/0x340
[  514.960326][ T8715]  proc_fail_nth_read+0x1e5/0x2c0
[  514.965686][ T8715]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  514.971552][ T8715]  vfs_read+0x29d/0xf50
[  514.976037][ T8715]  ? kmsan_get_metadata+0x13e/0x1c0
[  514.981547][ T8715]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  514.988254][ T8715]  ksys_read+0x240/0x4b0
[  514.992843][ T8715]  ? kmsan_get_metadata+0x13e/0x1c0
[  514.998412][ T8715]  __x64_sys_read+0x93/0xe0
[  515.003248][ T8715]  x64_sys_call+0x314c/0x3c30
[  515.008278][ T8715]  do_syscall_64+0xcd/0x1e0
[  515.013119][ T8715]  ? clear_bhb_loop+0x25/0x80
[  515.018127][ T8715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.024360][ T8715] RIP: 0033:0x7f6abcf7e8ec
[  515.029046][ T8715] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  515.049007][ T8715] RSP: 002b:00007f6abddf8050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  515.057768][ T8715] RAX: ffffffffffffffda RBX: 00007f6abd145fa0 RCX: 00007f6abcf7e8ec
[  515.066020][ T8715] RDX: 000000000000000f RSI: 00007f6abddf80b0 RDI: 0000000000000004
[  515.074273][ T8715] RBP: 00007f6abddf80a0 R08: 0000000000000000 R09: 0000000000000000
[  515.082515][ T8715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.090776][ T8715] R13: 0000000000000000 R14: 00007f6abd145fa0 R15: 00007ffff359ec18
[  515.099041][ T8715]  </TASK>
[  515.708275][ T3865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  515.716490][ T3865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  515.728234][ T3624] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  515.736456][ T3624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  515.933631][ T8722] 9pnet_fd: Insufficient options for proto=fd
[  516.048712][ T8724] netlink: 'syz.1.818': attribute type 21 has an invalid length.
[  516.057796][ T8724] netlink: 44 bytes leftover after parsing attributes in process `syz.1.818'.
[  516.067083][ T8724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.818'.
[  516.467395][ T8728] loop1: detected capacity change from 0 to 1024
[  517.252981][ T8734] fuse: Unknown parameter 'user_i00000000000000000000'
[  517.540509][ T8731] loop5: detected capacity change from 0 to 256
[  517.616896][ T8740] loop3: detected capacity change from 0 to 65
[  517.655595][ T8740] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  517.895823][ T8731] loop5: detected capacity change from 0 to 512
[  517.999154][ T8731] overlay: Unknown parameter '/�)��4�N�{��̏����0�\g�֛��"YK��67js!��FB'
[  518.081829][ T8723] syz.1.818 (8723): drop_caches: 3
[  518.465638][ T8746] loop4: detected capacity change from 0 to 1024
[  518.522676][ T8746] EXT4-fs: Ignoring removed orlov option
[  518.529230][ T8746] EXT4-fs: Ignoring removed nomblk_io_submit option
[  518.723991][ T8746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  519.080970][ T8758] loop3: detected capacity change from 0 to 128
[  519.373847][ T8758] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  519.782386][ T8769] loop1: detected capacity change from 0 to 128
[  519.869345][ T8758] ext4 filesystem being mounted at /173/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  519.980171][ T8731] loop5: detected capacity change from 0 to 32768
[  519.989184][ T8731] (syz.5.744,8731,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  519.999319][ T8731] (syz.5.744,8731,1):ocfs2_fill_super:1178 ERROR: status = -22
[  520.053075][ T8769] EXT4-fs (loop1): Test dummy encryption mode enabled
[  520.217704][ T8758] overlay: Unknown parameter '/'
[  520.244803][   T29] audit: type=1804 audit(1733631682.567:39): pid=8758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.829" name="/newroot/173/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0" dev="loop3" ino=12 res=1 errno=0
[  520.291511][ T8769] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  520.307890][ T5791] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  520.319280][ T8758] erofs (device erofs): cannot find valid erofs superblock
[  520.365485][ T8769] ext4 filesystem being mounted at /185/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  520.833961][ T8776] 9pnet_fd: Insufficient options for proto=fd
[  521.185679][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  521.340747][ T5781] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  521.654738][ T8786] fuse: Unknown parameter 'user_id00000000000000000000'
[  522.073736][ T8791] loop4: detected capacity change from 0 to 65
[  522.115556][ T8791] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  522.160769][ T8783] syz.3.834 (8783): drop_caches: 2
[  522.205839][ T8789] loop5: detected capacity change from 0 to 512
[  522.539645][ T8789] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  523.361154][ T8797] loop0: detected capacity change from 0 to 32768
[  523.370345][ T8797] btrfs: Deprecated parameter 'usebackuproot'
[  523.376907][ T8797] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  523.410995][ T8797] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.840 (8797)
[  523.431717][ T8788] netlink: 'syz.5.838': attribute type 21 has an invalid length.
[  523.440587][ T8788] netlink: 44 bytes leftover after parsing attributes in process `syz.5.838'.
[  523.449916][ T8788] netlink: 16 bytes leftover after parsing attributes in process `syz.5.838'.
[  523.512642][ T8802] netlink: 8 bytes leftover after parsing attributes in process `syz.3.841'.
[  523.567869][ T8797] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  523.578584][ T8797] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  523.588447][ T8797] BTRFS info (device loop0): using free-space-tree
[  524.136418][   T79] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  524.151960][ T8797] BTRFS error (device loop0): failed to load root extent
[  524.159880][ T8797] BTRFS warning (device loop0): try to load backup roots slot 1
[  524.172679][   T79] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  524.186731][ T8797] BTRFS warning (device loop0): couldn't read tree root
[  524.193962][ T8797] BTRFS warning (device loop0): try to load backup roots slot 2
[  524.296294][   T79] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  524.307632][ T8797] BTRFS warning (device loop0): couldn't read tree root
[  524.314860][ T8797] BTRFS warning (device loop0): try to load backup roots slot 3
[  524.439349][ T8797] BTRFS info (device loop0): rebuilding free space tree
[  524.586069][ T8797] BTRFS info (device loop0): checking UUID tree
[  524.625562][ T8788] syz.5.838 (8788): drop_caches: 3
[  525.097546][ T8839] loop3: detected capacity change from 0 to 128
[  525.118881][ T5793] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  525.131830][ T8360] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.189100][ T8839] vfat: Unknown parameter ''
[  525.196820][ T8836] fuse: Unknown parameter 'user_id00000000000000000000'
[  525.357631][ T8833] loop4: detected capacity change from 0 to 256
[  525.367384][ T8833] exfat: Deprecated parameter 'namecase'
[  525.386589][ T8838] loop3: detected capacity change from 0 to 128
[  525.420840][ T8833] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  525.520073][ T8838] vfat: Unknown parameter ''
[  525.965728][ T8853] loop5: detected capacity change from 0 to 128
[  526.126424][ T8859] 9pnet_fd: Insufficient options for proto=fd
[  526.177368][ T8853] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  526.195772][ T8853] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  526.363897][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  526.374408][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  526.535533][ T8837] loop3: detected capacity change from 0 to 1024
[  526.546437][ T8861] loop1: detected capacity change from 0 to 128
[  526.639966][ T8861] ext4: Unknown parameter 'uid<00000000000000000000'
[  527.008021][ T8360] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  527.412052][ T8870] loop5: detected capacity change from 0 to 65
[  527.710297][ T8870] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[  528.299967][ T8876] loop4: detected capacity change from 0 to 32768
[  528.309102][ T8876] btrfs: Deprecated parameter 'usebackuproot'
[  528.319214][ T8876] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  528.353513][ T8876] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.857 (8876)
[  528.375818][ T8876] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  528.386974][ T8876] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm
[  528.396858][ T8876] BTRFS info (device loop4): using free-space-tree
[  528.561476][ T8880] tipc: Started in network mode
[  528.567061][ T8880] tipc: Node identity ac14140f, cluster identity 4711
[  528.574667][ T8880] tipc: New replicast peer: 255.255.255.255
[  528.585116][ T8880] tipc: Enabled bearer <udp:syz2>, priority 10
[  528.786616][   T60] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  528.801708][ T8876] BTRFS error (device loop4): failed to load root extent
[  528.814722][ T8876] BTRFS warning (device loop4): try to load backup roots slot 1
[  528.896731][   T60] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  528.912319][ T8876] BTRFS warning (device loop4): couldn't read tree root
[  528.919956][ T8876] BTRFS warning (device loop4): try to load backup roots slot 2
[  528.940301][   T60] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  528.951661][ T8876] BTRFS warning (device loop4): couldn't read tree root
[  528.959362][ T8876] BTRFS warning (device loop4): try to load backup roots slot 3
[  529.249940][ T8876] BTRFS info (device loop4): rebuilding free space tree
[  529.332648][ T8903] loop3: detected capacity change from 0 to 128
[  529.469792][ T8903] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  529.626832][ T8876] BTRFS info (device loop4): checking UUID tree
[  529.674264][ T8906] fuse: Unknown parameter 'user_id00000000000000000000'
[  529.705246][    T8] tipc: Node number set to 2886997007
[  530.075601][ T8907] loop0: detected capacity change from 0 to 512
[  531.041168][ T5791] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  531.164484][ T8909] loop5: detected capacity change from 0 to 40427
[  531.220730][ T8914] 9pnet_fd: Insufficient options for proto=fd
[  532.248170][ T8907] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  532.639930][ T8919] loop5: detected capacity change from 0 to 512
[  532.979439][ T8919] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  533.029867][ T5793] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.102238][ T8931] loop1: detected capacity change from 0 to 256
[  533.194605][ T8919] UDF-fs: error (device loop5): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128
[  533.292360][ T8934] netlink: 4 bytes leftover after parsing attributes in process `syz.5.865'.
[  533.325509][ T8931] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f50, chksum : 0xa6aae999, utbl_chksum : 0xe619d30d)
[  534.879573][ T8947] overlayfs: missing 'lowerdir'
[  535.927150][ T8959] loop0: detected capacity change from 0 to 65
[  535.977628][ T8958] fuse: Bad value for 'fd'
[  536.125284][ T8959] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  536.920611][   T44] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  537.058216][ T8974] FAULT_INJECTION: forcing a failure.
[  537.058216][ T8974] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  537.071870][ T8974] CPU: 1 UID: 0 PID: 8974 Comm: syz.4.864 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  537.082786][ T8974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  537.093088][ T8974] Call Trace:
[  537.096558][ T8974]  <TASK>
[  537.099671][ T8974]  dump_stack_lvl+0x216/0x2d0
[  537.104665][ T8974]  dump_stack+0x1e/0x24
[  537.109108][ T8974]  should_fail_ex+0x748/0x7f0
[  537.114089][ T8974]  should_fail+0x2a/0x40
[  537.118617][ T8974]  should_fail_usercopy+0x2e/0x40
[  537.123952][ T8974]  _copy_from_user+0x35/0x110
[  537.128936][ T8974]  get_nodes+0x238/0x630
[  537.133471][ T8974]  __se_sys_mbind+0x181/0x2ee0
[  537.138512][ T8974]  ? kmsan_get_metadata+0x13e/0x1c0
[  537.143991][ T8974]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  537.150106][ T8974]  ? kmsan_get_metadata+0x13e/0x1c0
[  537.155571][ T8974]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  537.162218][ T8974]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  537.168595][ T8974]  ? fput+0x359/0x400
[  537.172848][ T8974]  ? kmsan_get_metadata+0x13e/0x1c0
[  537.178318][ T8974]  __x64_sys_mbind+0x11f/0x1a0
[  537.183351][ T8974]  x64_sys_call+0x2d47/0x3c30
[  537.188333][ T8974]  do_syscall_64+0xcd/0x1e0
[  537.193138][ T8974]  ? clear_bhb_loop+0x25/0x80
[  537.198109][ T8974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.204313][ T8974] RIP: 0033:0x7f225057fed9
[  537.208961][ T8974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  537.228875][ T8974] RSP: 002b:00007f225139a058 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  537.237596][ T8974] RAX: ffffffffffffffda RBX: 00007f2250745fa0 RCX: 00007f225057fed9
[  537.245823][ T8974] RDX: 0000000000000002 RSI: 0000000000004000 RDI: 00000000204e2000
[  537.254026][ T8974] RBP: 00007f225139a0a0 R08: 0000000000000401 R09: 0000000000000006
[  537.262671][ T8974] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001
[  537.270878][ T8974] R13: 0000000000000001 R14: 00007f2250745fa0 R15: 00007ffc291df5b8
[  537.279103][ T8974]  </TASK>
[  537.612871][ T8973] syz.1.876 (8973): drop_caches: 2
[  537.766938][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 121, changing to 10
[  537.778716][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25772, setting to 1024
[  537.791040][   T44] usb 4-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00
[  537.800564][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.946825][   T44] usb 4-1: config 0 descriptor??
[  538.017898][ T8966] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  540.117686][ T5830] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  540.223223][   T44] appletouch 4-1:0.0: Geyser mode initialized.
[  540.234705][   T44] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11
[  540.429128][ T5830] usb 2-1: Using ep0 maxpacket: 8
[  540.538979][ T5830] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  540.548651][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.777147][ T5830] usb 2-1: config 0 descriptor??
[  540.874540][   T44] usb 4-1: USB disconnect, device number 18
[  541.208320][ T5830] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  541.252817][   T44] appletouch 4-1:0.0: input: appletouch disconnected
[  541.412918][ T8992] tmpfs: Bad value for 'mpol'
[  542.606744][ T9002] netlink: 8 bytes leftover after parsing attributes in process `syz.4.881'.
[  543.455331][ T1912] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  544.422117][ T1912] usb 6-1: config 1 has an invalid descriptor of length 61, skipping remainder of the config
[  544.432852][ T1912] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  544.657319][ T1912] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  544.667114][ T1912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  544.675908][ T1912] usb 6-1: SerialNumber: syz
[  544.956090][ T1912] usb 6-1: can't set config #1, error -71
[  545.074843][ T9016] netlink: 16 bytes leftover after parsing attributes in process `syz.4.888'.
[  545.084554][ T1912] usb 6-1: USB disconnect, device number 2
[  546.103560][ T4940] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.702454][ T5830] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  546.703172][ T5830] asix 2-1:0.0: probe with driver asix failed with error -71
[  546.748086][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!!
[  546.761212][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  546.806669][ T5830] usb 2-1: USB disconnect, device number 20
[  546.989269][ T4940] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  547.287873][ T4940] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  547.452567][ T4940] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  547.506912][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  547.516358][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  547.568292][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  547.875362][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  547.883801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  549.293710][ T5078] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  549.308624][ T5078] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  549.329003][ T5078] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  549.378492][ T5078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  549.393786][ T5078] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  549.403630][ T5078] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  549.986566][ T9054] lo speed is unknown, defaulting to 1000
[  550.174170][ T4940] bridge_slave_1: left allmulticast mode
[  550.180918][ T4940] bridge_slave_1: left promiscuous mode
[  550.189011][ T4940] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.298815][ T4940] bridge_slave_0: left allmulticast mode
[  550.304783][ T4940] bridge_slave_0: left promiscuous mode
[  550.314397][ T4940] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.105953][ T5078] Bluetooth: hci0: command tx timeout
[  555.254037][ T5078] Bluetooth: hci0: command tx timeout
[  555.661127][ T4940] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  555.795260][ T4940] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.209323][ T4940] bond0 (unregistering): Released all slaves
[  557.110485][ T4940] tipc: Left network mode
[  557.296215][   T51] Bluetooth: hci0: command tx timeout
[  558.723534][ T4940] hsr_slave_0: left promiscuous mode
[  558.884738][ T4940] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  558.892880][ T4940] batman_adv: batadv0: Removing interface: batadv_slave_0
[  559.466981][   T51] Bluetooth: hci0: command tx timeout
[  560.528868][ T4940] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  560.536779][ T4940] batman_adv: batadv0: Removing interface: batadv_slave_1
[  560.751089][ T4940] veth1_macvtap: left promiscuous mode
[  560.757239][ T4940] veth0_macvtap: left promiscuous mode
[  560.763122][ T4940] veth1_vlan: left promiscuous mode
[  560.769340][ T4940] veth0_vlan: left promiscuous mode
[  561.914181][ T4940] team0 (unregistering): Port device team_slave_1 removed
[  561.946204][ T4940] team0 (unregistering): Port device team_slave_0 removed
[  566.429791][ T9132] sp0: Synchronizing with TNC
[  566.429935][ T9054] chnl_net:caif_netlink_parms(): no params data found
[  566.731980][ T9131] [U] �
[  567.689338][ T9151] vxcan1: tx drop: invalid sa for name 0xffffffffffffffff
[  567.829201][ T9153] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  568.136122][    T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  568.346549][    T8] usb 5-1: Using ep0 maxpacket: 8
[  568.443205][    T8] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  568.453016][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.463909][    T8] usb 5-1: Product: syz
[  568.469199][    T8] usb 5-1: Manufacturer: syz
[  568.474077][    T8] usb 5-1: SerialNumber: syz
[  568.483274][ T9054] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.492744][ T9054] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.500669][ T9054] bridge_slave_0: entered allmulticast mode
[  568.509905][ T9054] bridge_slave_0: entered promiscuous mode
[  568.554625][    T8] usb 5-1: config 0 descriptor??
[  568.586738][ T9054] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.594554][ T9054] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.602615][ T9054] bridge_slave_1: entered allmulticast mode
[  568.611851][ T9054] bridge_slave_1: entered promiscuous mode
[  568.637147][    T8] gspca_main: se401-2.14.0 probing 047d:5003
[  569.011566][    T8] gspca_se401: Bayer format not supported!
[  569.094018][ T9054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.182425][ T9054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  569.405651][    T8] usb 5-1: USB disconnect, device number 13
[  569.523461][ T9054] team0: Port device team_slave_0 added
[  569.542735][ T9054] team0: Port device team_slave_1 added
[  569.710796][ T9054] batman_adv: batadv0: Adding interface: batadv_slave_0
[  569.718207][ T9054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.744752][ T9054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  569.761480][ T9054] batman_adv: batadv0: Adding interface: batadv_slave_1
[  569.768965][ T9054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.798069][ T9054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.126699][ T9054] hsr_slave_0: entered promiscuous mode
[  570.184762][ T9054] hsr_slave_1: entered promiscuous mode
[  570.186773][ T5830] IPVS: starting estimator thread 0...
[  570.221223][ T9054] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.229613][ T9054] Cannot create hsr debugfs directory
[  570.287443][ T9184] IPVS: using max 240 ests per chain, 12000 per kthread
[  571.465581][ T9193] input: syz0 as /devices/virtual/input/input12
[  571.472160][ T9193] input: failed to attach handler leds to device input12, error: -6
[  571.771634][ T9193] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  573.521681][ T9054] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  573.636373][ T9054] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  573.743878][ T9054] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  573.914578][ T9054] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  574.435655][ T9054] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.482787][ T9054] 8021q: adding VLAN 0 to HW filter on device team0
[  574.610816][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.618643][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.634238][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.642049][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  575.389407][ T9054] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  578.633845][ T9241] input: syz0 as /devices/virtual/input/input14
[  579.400349][ T9054] 8021q: adding VLAN 0 to HW filter on device batadv0
[  580.301115][ T9054] veth0_vlan: entered promiscuous mode
[  580.488866][ T9054] veth1_vlan: entered promiscuous mode
[  581.136014][ T5838] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  581.161639][ T9054] veth0_macvtap: entered promiscuous mode
[  581.389062][ T9054] veth1_macvtap: entered promiscuous mode
[  581.446350][ T5838] usb 2-1: Using ep0 maxpacket: 16
[  581.520733][ T5838] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  581.521486][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  581.542485][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.552730][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  581.565307][ T5838] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  581.565478][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.565617][ T5838] usb 2-1: Product: syz
[  581.565725][ T5838] usb 2-1: Manufacturer: syz
[  581.565838][ T5838] usb 2-1: SerialNumber: syz
[  581.570992][ T5838] usb 2-1: config 0 descriptor??
[  581.578987][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.615170][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  581.625992][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.636846][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  581.647680][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.662207][ T9054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  581.751871][ T5838] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  581.762768][ T5838] usb 2-1: Detected FT232R
[  581.966673][ T5838] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  582.035854][ T5838] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  582.068965][ T5838] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[  582.103326][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.114697][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.125008][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.135814][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.145987][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.156928][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.167128][ T9054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.183035][ T9054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.200185][ T9054] batman_adv: batadv0: Interface activated: batadv_slave_1
[  582.217856][ T5838] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  582.314625][ T5838] usb 2-1: USB disconnect, device number 21
[  582.367816][ T5838] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  582.388211][ T5838] ftdi_sio 2-1:0.0: device disconnected
[  582.531015][ T9054] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  582.540409][ T9054] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  582.550192][ T9054] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  582.559403][ T9054] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  583.862393][ T9284] netlink: 8 bytes leftover after parsing attributes in process `syz.5.959'.
[  584.457257][ T9291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.961'.
[  587.460920][ T9311] netlink: 272 bytes leftover after parsing attributes in process `syz.0.966'.
[  587.818853][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  587.826037][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  588.168974][ T9316] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  588.176430][ T9316] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  588.344713][ T9316] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  588.351329][ T9316] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  588.455568][ T9316] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  588.462261][ T9316] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  588.595350][ T9316] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  588.602197][ T9316] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  588.802056][ T9316] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  589.375585][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  589.521305][ T9316] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  589.528056][ T9316] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  589.775351][ T9316] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  590.415992][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  590.495341][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  590.655487][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  591.455157][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  591.695605][   T51] Bluetooth: hci0: command 0x0405 tx timeout
[  592.496023][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  592.576136][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  592.757089][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  592.815519][ T5830] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  592.865747][ T1912] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  593.142743][ T5830] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  593.151230][ T5830] usb 1-1: config 0 has no interface number 0
[  593.157798][ T5830] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  593.169213][ T5830] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  593.180411][ T5830] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  593.190196][ T5830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.244573][ T1912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  593.329924][ T1912] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  593.343358][ T1912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.353189][ T1912] usb 5-1: Product: syz
[  593.357700][ T1912] usb 5-1: Manufacturer: syz
[  593.362537][ T1912] usb 5-1: SerialNumber: syz
[  593.799093][   T51] Bluetooth: hci0: command 0x0405 tx timeout
[  593.992942][ T1912] usb 5-1: config 0 descriptor??
[  594.059144][ T5830] usb 1-1: config 0 descriptor??
[  594.354519][ T9348] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  594.433875][ T1912] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input15
[  594.697295][ T5830] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  594.913038][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  595.350535][ T1912] usb 5-1: USB disconnect, device number 14
[  595.519741][    T8] usb 1-1: USB disconnect, device number 15
[  595.687598][ T3865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  595.699098][ T3865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.893503][   T51] Bluetooth: hci0: command 0x0405 tx timeout
[  598.382401][ T8370] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.390997][ T8370] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.275285][    T8] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  608.472125][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.768414][    T8] usb 2-1: config 0 has an invalid interface number: 20 but max is 0
[  608.776949][    T8] usb 2-1: config 0 has no interface number 0
[  608.783343][    T8] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  608.931994][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  609.147617][    T8] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  609.157656][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.166091][    T8] usb 2-1: Product: syz
[  609.170513][    T8] usb 2-1: Manufacturer: syz
[  609.175758][    T8] usb 2-1: SerialNumber: syz
[  609.234068][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  609.287877][    T8] usb 2-1: config 0 descriptor??
[  609.299427][ T9391] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  609.368787][    T8] usb-storage 2-1:0.20: USB Mass Storage device detected
[  609.470000][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  609.648453][ T9391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.658516][ T9391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.708397][    T8] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  609.878776][ T9391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.889438][ T9391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.902867][ T9391] netlink: 'syz.1.983': attribute type 10 has an invalid length.
[  609.939553][ T9391] 8021q: adding VLAN 0 to HW filter on device team0
[  609.958777][ T9391] bond0: (slave team0): Enslaving as an active interface with an up link
[  610.288244][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  610.303827][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  610.469427][    T8] scsi host1: usb-storage 2-1:0.20
[  610.596904][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  610.624471][ T9417] netlink: 'syz.4.988': attribute type 10 has an invalid length.
[  611.178435][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  611.293369][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  611.393242][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  611.692637][ T5830] usb 2-1: USB disconnect, device number 22
[  612.117064][   T13] bridge_slave_1: left allmulticast mode
[  612.123392][   T13] bridge_slave_1: left promiscuous mode
[  612.131078][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.535533][   T51] Bluetooth: hci0: command tx timeout
[  613.543020][   T13] bridge_slave_0: left allmulticast mode
[  613.550214][   T13] bridge_slave_0: left promiscuous mode
[  613.557510][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.498715][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  614.593027][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  614.616304][   T13] bond0 (unregistering): Released all slaves
[  614.683968][ T9404] lo speed is unknown, defaulting to 1000
[  615.695279][   T51] Bluetooth: hci0: command tx timeout
[  615.857452][   T13] hsr_slave_0: left promiscuous mode
[  615.955961][   T13] hsr_slave_1: left promiscuous mode
[  615.982186][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  615.990138][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  616.047124][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  616.055392][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  616.200594][   T13] veth1_macvtap: left promiscuous mode
[  616.206813][   T13] veth0_macvtap: left promiscuous mode
[  616.212854][   T13] veth1_vlan: left promiscuous mode
[  616.218667][   T13] veth0_vlan: left promiscuous mode
[  616.699143][ T9445] kAFS: unable to lookup cell 's/z1'
[  617.261732][   T13] team0 (unregistering): Port device team_slave_1 removed
[  617.297184][   T13] team0 (unregistering): Port device team_slave_0 removed
[  617.775481][   T51] Bluetooth: hci0: command tx timeout
[  618.407663][ T9404] chnl_net:caif_netlink_parms(): no params data found
[  619.855514][   T51] Bluetooth: hci0: command tx timeout
[  619.996097][ T9404] bridge0: port 1(bridge_slave_0) entered blocking state
[  620.003931][ T9404] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.012152][ T9404] bridge_slave_0: entered allmulticast mode
[  620.021636][ T9404] bridge_slave_0: entered promiscuous mode
[  620.171200][ T9404] bridge0: port 2(bridge_slave_1) entered blocking state
[  620.179802][ T9404] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.187825][ T9404] bridge_slave_1: entered allmulticast mode
[  620.197473][ T9404] bridge_slave_1: entered promiscuous mode
[  620.620557][ T9404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  620.647223][ T9404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  620.822256][ T9404] team0: Port device team_slave_0 added
[  620.842831][ T9404] team0: Port device team_slave_1 added
[  621.008465][ T9404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  621.016198][ T9404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.042814][ T9404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  621.136947][ T9404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  621.144146][ T9404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.172046][ T9404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.696677][ T9404] hsr_slave_0: entered promiscuous mode
[  621.780023][ T9404] hsr_slave_1: entered promiscuous mode
[  621.816317][ T9404] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  621.824140][ T9404] Cannot create hsr debugfs directory
[  622.927859][ T9503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1011'.
[  625.030287][ T9404] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  625.115572][ T9404] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  625.354017][ T9404] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  625.562591][ T9404] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  629.400612][ T9404] 8021q: adding VLAN 0 to HW filter on device bond0
[  629.747755][ T9404] 8021q: adding VLAN 0 to HW filter on device team0
[  629.878256][ T9330] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.886271][ T9330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  630.028023][ T9534] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  630.034840][ T9534] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  630.042581][ T9534] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  630.049519][ T9534] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  630.056504][ T9534] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  630.062855][ T9534] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  630.063561][ T9330] bridge0: port 2(bridge_slave_1) entered blocking state
[  630.076799][ T9330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  630.778308][ T9534] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  632.136593][ T5787] Bluetooth: hci1: command 0x0406 tx timeout
[  632.175799][ T5787] Bluetooth: hci0: command 0x0c1a tx timeout
[  632.182458][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  632.191195][ T5078] Bluetooth: hci4: command 0x0406 tx timeout
[  632.198016][ T5788] Bluetooth: hci3: command 0x0406 tx timeout
[  632.438677][ T9404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  632.946226][ T9404] veth0_vlan: entered promiscuous mode
[  633.006096][ T9404] veth1_vlan: entered promiscuous mode
[  633.016774][ T5830] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  633.126311][ T9404] veth0_macvtap: entered promiscuous mode
[  633.156932][ T9404] veth1_macvtap: entered promiscuous mode
[  633.217246][ T5830] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  633.229345][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  633.235522][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.240781][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  633.251149][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.260957][ T5830] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  633.270921][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.271016][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.288692][ T5830] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  633.298244][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.298345][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.298446][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.298537][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.302874][ T9404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  633.308692][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.477445][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.495959][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.506227][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.517054][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.527275][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.538522][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.548706][ T9404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.559494][ T9404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.573889][ T9404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  633.781804][ T9404] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  633.794409][ T9404] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  633.804803][ T9404] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  633.814172][ T9404] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  633.872843][ T5830] usb 2-1: config 0 descriptor??
[  633.977450][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  634.045336][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  634.114659][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  634.132203][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  634.256594][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  634.357071][   T51] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  634.377460][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  634.488598][ T5830] plantronics 0003:047F:FFFF.0008: ignoring exceeding usage max
[  634.942165][ T5830] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  635.109477][ T5830] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  635.901199][ T5830] usb 2-1: USB disconnect, device number 23
[  635.979947][ T9564] lo speed is unknown, defaulting to 1000
[  636.721514][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  636.728231][   T51] Bluetooth: hci5: command tx timeout
[  639.607338][ T5787] Bluetooth: hci5: command tx timeout
[  641.635277][ T5787] Bluetooth: hci5: command tx timeout
[  642.205590][ T9564] chnl_net:caif_netlink_parms(): no params data found
[  643.695249][ T5787] Bluetooth: hci5: command tx timeout
[  645.204806][ T9564] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.212662][ T9564] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.220827][ T9564] bridge_slave_0: entered allmulticast mode
[  645.230096][ T9564] bridge_slave_0: entered promiscuous mode
[  645.454461][ T9626] syz.1.1038 (9626): /proc/9622/oom_adj is deprecated, please use /proc/9622/oom_score_adj instead.
[  646.440721][ T9564] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.448493][ T9564] bridge0: port 2(bridge_slave_1) entered disabled state
[  646.456393][ T9564] bridge_slave_1: entered allmulticast mode
[  646.464546][ T9564] bridge_slave_1: entered promiscuous mode
[  646.679898][ T9564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  646.867449][ T9564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.364122][ T9564] team0: Port device team_slave_0 added
[  647.465865][ T9564] team0: Port device team_slave_1 added
[  647.757083][ T9564] batman_adv: batadv0: Adding interface: batadv_slave_0
[  647.764286][ T9564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.791220][ T9564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  647.905738][ T9564] batman_adv: batadv0: Adding interface: batadv_slave_1
[  647.913051][ T9564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.950252][ T9564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  648.563487][ T9564] hsr_slave_0: entered promiscuous mode
[  648.661909][ T9564] hsr_slave_1: entered promiscuous mode
[  648.713211][ T9564] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  648.721809][ T9564] Cannot create hsr debugfs directory
[  649.277092][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  649.283795][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  652.487191][ T9564] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  652.751027][ T9564] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  653.702715][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  653.711324][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  653.865297][ T9564] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  654.027594][ T9564] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  654.150557][ T4940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  654.158931][ T4940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  654.553432][ T9564] 8021q: adding VLAN 0 to HW filter on device bond0
[  654.633803][ T9564] 8021q: adding VLAN 0 to HW filter on device team0
[  654.671048][ T9330] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.678868][ T9330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  654.813699][ T9564] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  654.825459][ T9564] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  654.912554][ T9330] bridge0: port 2(bridge_slave_1) entered blocking state
[  654.920342][ T9330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  656.597474][ T9330] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.007391][ T9330] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.376928][ T9330] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.691666][ T9330] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.878632][ T9564] 8021q: adding VLAN 0 to HW filter on device batadv0
[  658.114631][ T9330] bridge_slave_1: left allmulticast mode
[  658.120878][ T9330] bridge_slave_1: left promiscuous mode
[  658.127650][ T9330] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.175456][ T9330] bridge_slave_0: left allmulticast mode
[  658.181400][ T9330] bridge_slave_0: left promiscuous mode
[  658.190287][ T9330] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.675465][ T9330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  658.699209][ T9330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  658.739396][ T9330] bond0 (unregistering): Released all slaves
[  660.216676][ T9330] hsr_slave_0: left promiscuous mode
[  660.290116][ T9330] hsr_slave_1: left promiscuous mode
[  660.363661][ T9330] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  660.371598][ T9330] batman_adv: batadv0: Removing interface: batadv_slave_0
[  660.518949][ T9330] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  660.526981][ T9330] batman_adv: batadv0: Removing interface: batadv_slave_1
[  660.589378][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  660.598982][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  660.608540][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  660.627190][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  660.638675][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  660.648205][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  661.012720][ T9330] veth1_macvtap: left promiscuous mode
[  661.018902][ T9330] veth0_macvtap: left promiscuous mode
[  661.029751][ T9330] veth1_vlan: left promiscuous mode
[  661.035519][ T9330] veth0_vlan: left promiscuous mode
[  662.754745][   T51] Bluetooth: hci0: command tx timeout
[  662.757037][ T9330] team0 (unregistering): Port device team_slave_1 removed
[  662.921999][ T9330] team0 (unregistering): Port device team_slave_0 removed
[  663.304207][ T9704] lo speed is unknown, defaulting to 1000
[  664.105646][ T9564] veth0_vlan: entered promiscuous mode
[  664.539045][ T9564] veth1_vlan: entered promiscuous mode
[  664.836325][   T51] Bluetooth: hci0: command tx timeout
[  665.109552][ T9564] veth0_macvtap: entered promiscuous mode
[  665.149510][ T9564] veth1_macvtap: entered promiscuous mode
[  665.208245][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.219666][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.232625][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.244305][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.254452][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.265200][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.275358][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.286123][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.300732][ T9564] batman_adv: batadv0: Interface activated: batadv_slave_0
[  665.318684][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.332423][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.343515][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.354293][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.364399][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.375201][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.385556][ T9564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.396320][ T9564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.410504][ T9564] batman_adv: batadv0: Interface activated: batadv_slave_1
[  665.432854][ T9564] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  665.442031][ T9564] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  665.451714][ T9564] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  665.460871][ T9564] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  666.937264][   T51] Bluetooth: hci0: command tx timeout
[  666.974492][ T9704] chnl_net:caif_netlink_parms(): no params data found
[  669.014250][   T51] Bluetooth: hci0: command tx timeout
[  670.452283][ T9704] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.461272][ T9704] bridge0: port 1(bridge_slave_0) entered disabled state
[  670.469197][ T9704] bridge_slave_0: entered allmulticast mode
[  670.478607][ T9704] bridge_slave_0: entered promiscuous mode
[  670.658640][ T9704] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.666697][ T9704] bridge0: port 2(bridge_slave_1) entered disabled state
[  670.674802][ T9704] bridge_slave_1: entered allmulticast mode
[  670.684117][ T9704] bridge_slave_1: entered promiscuous mode
[  671.292632][ T9704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  671.428673][ T9704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  672.742577][ T9704] team0: Port device team_slave_0 added
[  672.823544][ T9704] team0: Port device team_slave_1 added
[  673.439177][ T9704] batman_adv: batadv0: Adding interface: batadv_slave_0
[  673.446693][ T9704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  673.474714][ T9704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  673.570918][ T9704] batman_adv: batadv0: Adding interface: batadv_slave_1
[  673.580616][ T9704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  673.607138][ T9704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  673.939772][ T9704] hsr_slave_0: entered promiscuous mode
[  673.990498][ T9704] hsr_slave_1: entered promiscuous mode
[  674.023300][ T9704] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  674.036026][ T9704] Cannot create hsr debugfs directory
[  675.187780][ T9704] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  675.234507][ T9704] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  675.309894][ T9704] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  675.387841][ T9704] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  676.527804][ T9704] 8021q: adding VLAN 0 to HW filter on device bond0
[  676.703915][ T9704] 8021q: adding VLAN 0 to HW filter on device team0
[  676.790917][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  676.798791][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  676.948867][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  676.956657][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  677.121515][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.130516][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  677.262319][ T9704] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  677.423828][ T3624] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.433168][ T3624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.554189][ T9704] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.334713][ T9704] veth0_vlan: entered promiscuous mode
[  681.530814][ T9704] veth1_vlan: entered promiscuous mode
[  681.833544][ T9704] veth0_macvtap: entered promiscuous mode
[  681.890792][ T9704] veth1_macvtap: entered promiscuous mode
[  682.053465][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.064590][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.074836][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.085811][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.098131][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.109341][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.124502][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.136937][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.147118][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.157920][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.172793][ T9704] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.380725][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.392375][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.402681][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.413568][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.423858][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.439525][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.451719][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.462558][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.472783][ T9704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.483925][ T9704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.500011][ T9704] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.621953][ T9704] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.636333][ T9704] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.647301][ T9704] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.656585][ T9704] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  689.395517][ T5845] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  689.542089][ T9882] sctp: [Deprecated]: syz.1.1103 (pid 9882) Use of int in maxseg socket option.
[  689.542089][ T9882] Use struct sctp_assoc_value instead
[  690.654507][ T5845] usb 7-1: Using ep0 maxpacket: 32
[  690.678163][ T5845] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  690.689631][ T5845] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  690.699709][ T5845] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  690.713081][ T5845] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  690.725505][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.364240][ T5845] usb 7-1: config 0 descriptor??
[  692.081980][ T5845] hid (null): report_id 0 is invalid
[  692.088090][ T5845] hid (null): unknown global tag 0xc
[  692.094759][ T5845] hid (null): unknown global tag 0xd
[  692.168149][ T5845] hid (null): unknown global tag 0xe
[  692.173823][ T5845] hid (null): invalid report_size -1913422257
[  692.181006][ T5845] hid (null): unknown global tag 0xd
[  692.187332][ T5845] hid (null): global environment stack overflow
[  692.205542][ T5845] hid (null): unknown global tag 0xc
[  692.906858][ T5845] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5011.0009/input/input16
[  693.088000][ T5845] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5011.0009/input/input17
[  693.461896][ T5845] kye 0003:0458:5011.0009: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.6-1/input0
[  693.610196][ T5845] usb 7-1: USB disconnect, device number 2
[  699.397606][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.406032][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.591154][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.600067][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.676363][ T5838] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  699.862914][ T5838] usb 1-1: Using ep0 maxpacket: 16
[  699.901771][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.913387][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.923610][ T5838] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  699.940878][ T5838] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  699.951639][ T5838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.169986][ T5838] usb 1-1: config 0 descriptor??
[  700.686426][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.693749][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.701157][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.708475][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.715778][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.722939][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.730276][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.737577][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.744717][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.752028][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  700.766327][ T5838] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0
[  702.779483][ T5838] ryos 0003:1E7D:31CE.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:31ce] on usb-dummy_hcd.0-1/input0
[  703.784288][ T5838] usb 1-1: USB disconnect, device number 16
[  704.232260][ T1889] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.471672][ T1889] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.542284][ T1889] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.626591][ T1889] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.801629][ T1889] bridge_slave_1: left allmulticast mode
[  704.807801][ T1889] bridge_slave_1: left promiscuous mode
[  704.814445][ T1889] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.996401][ T1889] bridge_slave_0: left allmulticast mode
[  705.002356][ T1889] bridge_slave_0: left promiscuous mode
[  705.009351][ T1889] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.322439][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  705.332982][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  705.346053][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  705.361208][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  705.382592][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  705.392414][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  705.796075][ T1889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  705.844539][ T1889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  705.884824][ T1889] bond0 (unregistering): Released all slaves
[  706.054391][ T9957] lo speed is unknown, defaulting to 1000
[  707.033735][ T1889] hsr_slave_0: left promiscuous mode
[  707.100678][ T1889] hsr_slave_1: left promiscuous mode
[  707.155334][ T1889] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.163440][ T1889] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.268676][ T1889] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.276744][ T1889] batman_adv: batadv0: Removing interface: batadv_slave_1
[  707.351884][ T1889] veth1_macvtap: left promiscuous mode
[  707.358519][ T1889] veth0_macvtap: left promiscuous mode
[  707.364448][ T1889] veth1_vlan: left promiscuous mode
[  707.370200][ T1889] veth0_vlan: left promiscuous mode
[  707.561094][ T5787] Bluetooth: hci0: command tx timeout
[  709.572998][ T1889] team0 (unregistering): Port device team_slave_1 removed
[  709.617155][ T5787] Bluetooth: hci0: command tx timeout
[  709.695203][ T1889] team0 (unregistering): Port device team_slave_0 removed
[  710.683608][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  710.694601][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  710.780672][ T9957] chnl_net:caif_netlink_parms(): no params data found
[  711.709029][ T5787] Bluetooth: hci0: command tx timeout
[  713.842588][ T5787] Bluetooth: hci0: command tx timeout
[  715.611380][ T9957] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.619277][ T9957] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.627314][ T9957] bridge_slave_0: entered allmulticast mode
[  715.636509][ T9957] bridge_slave_0: entered promiscuous mode
[  715.679982][ T9957] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.687903][ T9957] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.696690][ T9957] bridge_slave_1: entered allmulticast mode
[  715.712922][ T9957] bridge_slave_1: entered promiscuous mode
[  716.843119][ T9957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  716.972279][ T9957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  717.495302][ T9957] team0: Port device team_slave_0 added
[  717.573200][ T9957] team0: Port device team_slave_1 added
[  718.142274][ T9957] batman_adv: batadv0: Adding interface: batadv_slave_0
[  718.149949][ T9957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  718.180900][ T9957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  718.549719][ T9957] batman_adv: batadv0: Adding interface: batadv_slave_1
[  718.557303][ T9957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  718.588229][ T9957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  718.889490][T10039] program syz.6.1162 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  719.029494][ T9957] hsr_slave_0: entered promiscuous mode
[  719.058549][ T9957] hsr_slave_1: entered promiscuous mode
[  719.075883][ T9957] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  719.089889][ T9957] Cannot create hsr debugfs directory
[  721.975969][ T5830] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  722.485420][ T5830] usb 2-1: config 0 has an invalid interface number: 235 but max is 0
[  722.494132][ T5830] usb 2-1: config 0 has no interface number 0
[  723.065447][ T5830] usb 2-1: New USB device found, idVendor=0421, idProduct=0492, bcdDevice=22.e3
[  723.075200][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.087407][ T5830] usb 2-1: Product: syz
[  723.091817][ T5830] usb 2-1: Manufacturer: syz
[  723.098030][ T5830] usb 2-1: SerialNumber: syz
[  723.117099][T10061] Bluetooth: MGMT ver 1.23
[  723.349951][ T5830] usb 2-1: config 0 descriptor??
[  723.405781][ T5830] usb 2-1: can't set config #0, error -71
[  723.423173][ T5830] usb 2-1: USB disconnect, device number 24
[  724.184410][ T9957] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  724.259101][ T9957] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  724.340551][ T9957] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  724.532782][ T9957] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  724.600224][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.608288][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.621379][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.630654][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.638832][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.646753][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.654536][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.662459][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.670499][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.678413][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.686289][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.694047][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.701958][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.709843][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.722766][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.732169][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.740053][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.748015][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.755886][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.763647][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.771522][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.779434][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.787274][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.795127][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.802880][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.810804][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.823797][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.833235][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.841140][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.849005][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.856872][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.864631][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.872481][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.880412][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.888295][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.896845][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.904649][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.912528][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.920368][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.933839][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.943092][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.950991][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  724.958945][ T1912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  725.923629][ T1912] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  728.698343][ T9957] 8021q: adding VLAN 0 to HW filter on device bond0
[  728.762833][ T9957] 8021q: adding VLAN 0 to HW filter on device team0
[  728.832621][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  728.840379][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  728.856523][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  728.864201][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  728.905645][ T5845] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  729.036805][ T9957] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  729.047703][ T9957] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  729.359080][ T5845] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  729.368817][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.393980][ T5845] usb 1-1: config 0 descriptor??
[  729.410500][ T5845] cp210x 1-1:0.0: cp210x converter detected
[  730.236528][ T5845] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  730.244736][ T5845] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  730.334105][ T5845] usb 1-1: cp210x converter now attached to ttyUSB0
[  730.392786][ T5845] usb 1-1: USB disconnect, device number 17
[  730.439318][ T9957] 8021q: adding VLAN 0 to HW filter on device batadv0
[  730.471259][ T5845] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  730.481232][ T5845] cp210x 1-1:0.0: device disconnected
[  731.302480][ T9957] veth0_vlan: entered promiscuous mode
[  731.341302][ T9957] veth1_vlan: entered promiscuous mode
[  734.210333][ T9957] veth0_macvtap: entered promiscuous mode
[  734.408879][ T9957] veth1_macvtap: entered promiscuous mode
[  734.683722][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  734.695608][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  734.706107][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  734.716862][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  734.726976][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  734.738276][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  734.748482][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  734.764060][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  734.775750][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  734.786600][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  734.801467][ T9957] batman_adv: batadv0: Interface activated: batadv_slave_0
[  735.702272][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  735.713474][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.723729][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  735.734649][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.749105][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  735.760543][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.770782][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  735.786397][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.799905][ T9957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  735.810936][ T9957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.826012][ T9957] batman_adv: batadv0: Interface activated: batadv_slave_1
[  736.028228][ T9957] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  736.037444][ T9957] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  736.046667][ T9957] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  736.055808][ T9957] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  740.380668][T10145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1197'.
[  741.610022][T10148] hub 2-0:1.0: USB hub found
[  741.626624][T10148] hub 2-0:1.0: 1 port detected
[  750.196109][T10193] =====================================================
[  750.203370][T10193] BUG: KMSAN: uninit-value in ___bpf_prog_run+0x94d5/0xe0f0
[  750.210966][T10193]  ___bpf_prog_run+0x94d5/0xe0f0
[  750.216213][T10193]  __bpf_prog_run32+0xc2/0xf0
[  750.221108][T10193]  __ppp_xmit_process+0x416/0x2840
[  750.226537][T10193]  ppp_xmit_process+0x100/0x2b0
[  750.231576][T10193]  ppp_write+0x71d/0x910
[  750.236061][T10193]  vfs_write+0x48a/0x1540
[  750.240603][T10193]  ksys_write+0x240/0x4b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  750.245210][T10193]  __x64_sys_write+0x93/0xe0
[  750.250034][T10193]  x64_sys_call+0x3161/0x3c30
[  750.255034][T10193]  do_syscall_64+0xcd/0x1e0
[  750.259777][T10193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.265980][T10193] 
[  750.268414][T10193] Uninit was stored to memory at:
[  750.273710][T10193]  ___bpf_prog_run+0x98e7/0xe0f0
[  750.278925][T10193]  __bpf_prog_run32+0xc2/0xf0
[  750.283811][T10193]  __ppp_xmit_process+0x416/0x2840
[  750.289249][T10193]  ppp_xmit_process+0x100/0x2b0
[  750.294290][T10193]  ppp_write+0x71d/0x910
[  750.298798][T10193]  vfs_write+0x48a/0x1540
[  750.303341][T10193]  ksys_write+0x240/0x4b0
[  750.307974][T10193]  __x64_sys_write+0x93/0xe0
[  750.312789][T10193]  x64_sys_call+0x3161/0x3c30
[  750.317779][T10193]  do_syscall_64+0xcd/0x1e0
[  750.322606][T10193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.328855][T10193] 
[  750.331373][T10193] Uninit was created at:
[  750.335961][T10193]  kmem_cache_alloc_node_noprof+0x907/0xe00
[  750.342098][T10193]  kmalloc_reserve+0x13d/0x4a0
[  750.347137][T10193]  __alloc_skb+0x363/0x7b0
[  750.351730][T10193]  ppp_write+0xdf/0x910
[  750.356135][T10193]  vfs_write+0x48a/0x1540
[  750.360675][T10193]  ksys_write+0x240/0x4b0
[  750.365283][T10193]  __x64_sys_write+0x93/0xe0
[  750.370095][T10193]  x64_sys_call+0x3161/0x3c30
[  750.375063][T10193]  do_syscall_64+0xcd/0x1e0
[  750.379800][T10193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.385983][T10193] 
[  750.388456][T10193] CPU: 1 UID: 0 PID: 10193 Comm: syz.1.1214 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  750.399504][T10193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  750.409945][T10193] =====================================================
[  750.417069][T10193] Disabling lock debugging due to kernel taint
[  750.423368][T10193] Kernel panic - not syncing: kmsan.panic set ...
[  750.429939][T10193] CPU: 1 UID: 0 PID: 10193 Comm: syz.1.1214 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  750.442437][T10193] Tainted: [B]=BAD_PAGE
[  750.446712][T10193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  750.456940][T10193] Call Trace:
[  750.460370][T10193]  <TASK>
[  750.463423][T10193]  dump_stack_lvl+0x216/0x2d0
[  750.468334][T10193]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  750.474359][T10193]  dump_stack+0x1e/0x24
[  750.478742][T10193]  panic+0x4e2/0xcf0
[  750.482855][T10193]  ? kmsan_get_metadata+0xa1/0x1c0
[  750.488178][T10193]  kmsan_report+0x2c7/0x2d0
[  750.492865][T10193]  ? kmsan_internal_chain_origin+0xb0/0xd0
[  750.498931][T10193]  ? __msan_warning+0x95/0x120
[  750.503938][T10193]  ? ___bpf_prog_run+0x94d5/0xe0f0
[  750.509273][T10193]  ? __bpf_prog_run32+0xc2/0xf0
[  750.514330][T10193]  ? __ppp_xmit_process+0x416/0x2840
[  750.519876][T10193]  ? ppp_xmit_process+0x100/0x2b0
[  750.525106][T10193]  ? ppp_write+0x71d/0x910
[  750.529725][T10193]  ? vfs_write+0x48a/0x1540
[  750.534463][T10193]  ? ksys_write+0x240/0x4b0
[  750.539188][T10193]  ? __x64_sys_write+0x93/0xe0
[  750.544175][T10193]  ? x64_sys_call+0x3161/0x3c30
[  750.549267][T10193]  ? do_syscall_64+0xcd/0x1e0
[  750.554178][T10193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.560484][T10193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.566807][T10193]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  750.572859][T10193]  ? filter_irq_stacks+0x60/0x1a0
[  750.578129][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.583534][T10193]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  750.590125][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.595540][T10193]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  750.601553][T10193]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  750.607574][T10193]  __msan_warning+0x95/0x120
[  750.612407][T10193]  ___bpf_prog_run+0x94d5/0xe0f0
[  750.617579][T10193]  __bpf_prog_run32+0xc2/0xf0
[  750.622490][T10193]  ? __pfx___bpf_prog_run32+0x10/0x10
[  750.628089][T10193]  __ppp_xmit_process+0x416/0x2840
[  750.633469][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.638879][T10193]  ppp_xmit_process+0x100/0x2b0
[  750.643978][T10193]  ? ppp_xmit_process+0x2d/0x2b0
[  750.649145][T10193]  ppp_write+0x71d/0x910
[  750.653612][T10193]  ? __pfx_ppp_write+0x10/0x10
[  750.658610][T10193]  vfs_write+0x48a/0x1540
[  750.663181][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.668579][T10193]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  750.675157][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.680574][T10193]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  750.686604][T10193]  ksys_write+0x240/0x4b0
[  750.691166][T10193]  ? kmsan_get_metadata+0x13e/0x1c0
[  750.696562][T10193]  __x64_sys_write+0x93/0xe0
[  750.701385][T10193]  x64_sys_call+0x3161/0x3c30
[  750.706301][T10193]  do_syscall_64+0xcd/0x1e0
[  750.711042][T10193]  ? clear_bhb_loop+0x25/0x80
[  750.715955][T10193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.722099][T10193] RIP: 0033:0x7fdebad7fed9
[  750.726683][T10193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.746973][T10193] RSP: 002b:00007fdeb8bf6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  750.755603][T10193] RAX: ffffffffffffffda RBX: 00007fdebaf45fa0 RCX: 00007fdebad7fed9
[  750.763753][T10193] RDX: 0000000000000002 RSI: 0000000020000300 RDI: 0000000000000005
[  750.771899][T10193] RBP: 00007fdebadf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  750.780064][T10193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  750.788209][T10193] R13: 0000000000000000 R14: 00007fdebaf45fa0 R15: 00007ffdd538a508
[  750.796391][T10193]  </TASK>
[  750.799835][T10193] Kernel Offset: disabled
[  750.804240][T10193] Rebooting in 86400 seconds..