last executing test programs:

1m53.388356959s ago: executing program 2 (id=1505):
syz_open_dev$usbmon(&(0x7f0000000080), 0xffffffffffff6176, 0x80000)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1010000, &(0x7f0000000a80)=ANY=[@ANYBLOB='utf8=1,uni_xlate=1,uni_xlate=0,check=strict,utf8=0,uni_xlate=0,rodir,codepage=949,uni_xlate=1,shortname=winnt,shortname=mixed,shortname=win95,shortname=win95,iocharset=iso8859-13,shortname=mixed,nonumtail=0,discard,nonumtail=0,incharset=macturkish,\x00'], 0x1, 0x369, &(0x7f0000000700)="$eJzs3U1oY1UbAOA3vWnSGfi+dicKQnQnaJnOTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQmc34OCR5OYmt0naaQerFJ9nkZy+57znnPtDcntJTp5bjPal6bh8/fq1mJmpRHXxkcW4UYm5yKKwG+NqE2IAwOlwI6X4PeWOmFI54SkBACes9/7/QkQ0Yi6PvP7lYe2Td38AOPX6//+fOazNzEEVr5zIlACAEzZ2///efdW1akQtqsWf1dKnAgCA0+qJp595dGkl4vFGYyZi7c3N5mYzHhrWL12Ol6ITq3EuZuNmRH6h0H2o9B4vXFxZPtdoNHbip7loRsRUP7GZXyksZb38eizEbMz187uXGqlXzi58srK80OiJiN2d3vixVtlsTsfZ/vjfn43V4YVH0UnvKeLiyvL5Rr+D5lqRvxOxN7xv0Z3/fMzGt88Pukmp+ATjyvKVhWLSw/zNZj0uDfbCgXdAAAAAAAAAAAAAAAAAAAAAAADgtsw3BuYG6+ek7nO+Us78/IT63vo4eX5/faC9fH2gVE+R0m+vPdB8K4t96wONrs+zaSFBAAAAAAAAAAAAAAAAAAAAGNjYqkWr01ld39jabpcLO+sbW1MR0Y28/PVHX5yJ8Ta3KFTzIeoRgyEa/WG3262UFY1TFjGennUHLyIffDqYcblNfbAVE6dRP7iq0/nfPT++O4zcnRU9/zlsk8XkDcxK03h4pOe1/+dTOs6OGhTOlyP18dGvppRKkTfK6VeeHe8wKhHV4x+47fZUHNwmdQtfXXvxzmLvtz5Pufvun33y6jvv/9JudbojR+8I1tY3bqZ2q1I0Pt5u6e7qIlKJvFApnwnVw9L39kda2Xe/PnXX298cbfRUjrzaPZ9H2mT55nw8ml7LC91pjlSdGaZP9zeiszo94eS/VeE2jukd7332YUo//HzkIYamxl42Kn/Pqw8AAAAAAAAAAAAAAAAAAFBW+q54X//LvtOHZT342MnPDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+OcPf/y8V9nZjJDIo7I5FBoU/diZk1VfXNyJq//ZmAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH/dXAAAA//+g5Vir")
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)

1m52.02935307s ago: executing program 2 (id=1509):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1e, 0x4, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r3, 0x0, 0x8}, 0x18)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x4, 0x0, 0x28)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab"], 0x10b8}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c)

1m50.907467898s ago: executing program 2 (id=1515):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000340)=[{0x7, 0xbb11, 0x34, &(0x7f0000000780)="cfbb4ad407409c574d44ea5a4c6e6caead8ca6c06200395f905d1919fb36ff42c294de16f1d8b236fcd9ab8fac4a2ed964a37e44"}], 0x1})

1m48.813342201s ago: executing program 2 (id=1537):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000280)='binfmt_misc\x00', 0x800, 0x0)

1m47.907626475s ago: executing program 2 (id=1542):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0xc00)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)={0x20, 0xa, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0xd}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24048014}, 0x4800)

1m47.5875752s ago: executing program 2 (id=1546):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x1254, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r2}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)=0x3)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r6)

1m47.241244725s ago: executing program 32 (id=1546):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x1254, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r2}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)=0x3)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r6)

1m9.407514023s ago: executing program 4 (id=1827):
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='br_fdb_add\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c500", 0x2c}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

1m9.284430695s ago: executing program 4 (id=1829):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000340)=[{0x7, 0xbb11, 0x2e, &(0x7f0000000780)="cfbb4ad407409c574d44ea5a4c6e6caead8ca6c06200395f905d1919fb36ff42c294de16f1d8b236fcd9ab8fac4a"}, {0xff, 0x8000, 0x0, 0x0}], 0x2})

1m7.394113295s ago: executing program 4 (id=1842):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x0, 0x8, 0xfa04, 0x98, 0x6c02, 0x230, 0x194, 0x194, 0x230, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0xff000000, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@SYNPROXY={0x28}}, {{@ip={@broadcast, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:man_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)

1m6.427627261s ago: executing program 4 (id=1844):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/")

1m6.259486273s ago: executing program 4 (id=1846):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000040085000000330000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m5.751712321s ago: executing program 4 (id=1851):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x262200, 0x0)
close(r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x6})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x19)

1m5.494429355s ago: executing program 33 (id=1851):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x262200, 0x0)
close(r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x6})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x19)

51.716853783s ago: executing program 3 (id=1921):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040084)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000003c0)=0x1, 0x4)
connect$inet(r1, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x18}}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x100402, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r4, 0x4004743a, &(0x7f0000000300))
pwritev(r3, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x20000002, 0x100000)

51.568508916s ago: executing program 3 (id=1924):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x5c}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4020000)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x4022c0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
userfaultfd(0x80001)
preadv(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x80000003)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="8dffffff0600"})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000500)='rxrpc_local\x00', r1}, 0x18)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
getsockopt(0xffffffffffffffff, 0x111, 0x1, 0x0, &(0x7f0000000080))
recvmmsg(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448cb, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, 0x0, 0x0)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

51.24455569s ago: executing program 3 (id=1927):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, 0x0, &(0x7f00000001c0))

50.389723784s ago: executing program 3 (id=1930):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/")

50.162614697s ago: executing program 3 (id=1933):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
r0 = timerfd_create(0x0, 0x80800)
timerfd_gettime(r0, &(0x7f0000000000))

49.679746005s ago: executing program 3 (id=1938):
socket(0x2, 0x3, 0xff)
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0xb, 0x70, 0x66, 0x0, 0x1, 0x1, 0x0, @remote, @remote}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x7, 0x0, {0x15, 0x4, 0x0, 0x17, 0x3b, 0x65, 0x7b98, 0x40, 0xff, 0x5, @multicast2, @loopback, {[@rr={0x7, 0x7, 0xe4, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0x13, 0x56, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, @loopback]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0xb, 0xa2, [@rand_addr=0x64010100, @rand_addr=0x64010101]}, @timestamp_prespec={0x44, 0x14, 0x95, 0x3, 0x2, [{@empty, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}]}]}}}}}}}, 0x0)

49.454997258s ago: executing program 34 (id=1938):
socket(0x2, 0x3, 0xff)
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0xb, 0x70, 0x66, 0x0, 0x1, 0x1, 0x0, @remote, @remote}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x7, 0x0, {0x15, 0x4, 0x0, 0x17, 0x3b, 0x65, 0x7b98, 0x40, 0xff, 0x5, @multicast2, @loopback, {[@rr={0x7, 0x7, 0xe4, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0x13, 0x56, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, @loopback]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0xb, 0xa2, [@rand_addr=0x64010100, @rand_addr=0x64010101]}, @timestamp_prespec={0x44, 0x14, 0x95, 0x3, 0x2, [{@empty, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}]}]}}}}}}}, 0x0)

34.873599949s ago: executing program 6 (id=2032):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x4236, &(0x7f0000000740)={0x0, 0xaf8c, 0x10100, 0x0, 0x12e}, &(0x7f0000000300)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000001080), 0x0, 0x80)
ioctl$CEC_RECEIVE(r5, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x4, 0x0, 0x9, "260000001000", 0x0, 0x0, 0x4a, 0x0, 0x0, 0x9, 0xe})

33.855085155s ago: executing program 6 (id=2037):
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20)

33.649965768s ago: executing program 6 (id=2038):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)={0x0, 0x6}, 0x8)

33.251786105s ago: executing program 6 (id=2039):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/")

33.000350188s ago: executing program 6 (id=2041):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040084)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000003c0)=0x1, 0x4)
connect$inet(r1, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x18}}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x100402, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r4, 0x4004743a, &(0x7f0000000300))
pwritev(r3, 0x0, 0x0, 0x20000002, 0x100000)

32.483755817s ago: executing program 6 (id=2043):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000800)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, 0x0, 0x0)

32.27906011s ago: executing program 35 (id=2043):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000800)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, 0x0, 0x0)

20.725448493s ago: executing program 1 (id=2089):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaa3088a84d008100660086dd6eb3d5f001952f"], 0x1d7)

20.307831409s ago: executing program 1 (id=2092):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004001000ffff00000b00000005"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r1}, 0x38)

20.200927711s ago: executing program 1 (id=2093):
connect$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e8, 0x0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @local, [0xff, 0xffffffff, 0x0, 0xff000000], [0xffffff00, 0xff000000], 'erspan0\x00', 'wlan0\x00', {}, {0xff}, 0x2b, 0x3, 0x3}, 0x0, 0x298, 0x2e0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)

18.117808063s ago: executing program 1 (id=2098):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c200000308060001080006040002aaaaaaaaaabbac1414bbaaaaaaaaaafbac"], 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)

16.207657544s ago: executing program 0 (id=2106):
connect$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e8, 0x0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @local, [0xff, 0xffffffff, 0x0, 0xff000000], [0xffffff00, 0xff000000], 'erspan0\x00', 'wlan0\x00', {}, {0xff}, 0x2b, 0x3, 0x3}, 0x0, 0x298, 0x2e0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)

15.676359362s ago: executing program 5 (id=2110):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x2020)

15.16351998s ago: executing program 5 (id=2111):
socket$kcm(0x10, 0x3, 0x10)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x15)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f00000005c0)=@get={0x1, &(0x7f00000018c0)=""/4096, 0x3d})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x8010, r3, 0x75987000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="010000000300000004000000ff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080), 0xce4, r6}, 0x38)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$l2tp6(r8, 0x0, 0xf5, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @mcast1, 0x6, 0x4}, 0x20)
socket$l2tp(0x2, 0x2, 0x73)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r10, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x1c}}, 0x20000001)
sendmsg$NL80211_CMD_START_AP(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="88000000", @ANYRES16=r10, @ANYBLOB="050000000000c60000000f000000080003", @ANYRES32=r11, @ANYBLOB="41000e0080000000ffffffffffffffffffffffffffffffffffff00000000000000000000070001000406f0027f0006a7060206002503018c08720603030303030300000010000e8004000100050003005a000000080026006c09000008000c006400000008000d0000000000"], 0x88}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r10, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0xe7, 0x26}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0xc0884)

14.966513903s ago: executing program 0 (id=2112):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000083c0)={0x2020, 0x0, <r1=>0x0}, 0x49e8648f)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r2, 0x0, 0xffffffffffffffaf)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x200000000004, 0x1, 0x2, '\x00', 0x8}}, 0x2a)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x10, 0x0, 0x800}, 0x0, 0x0, 0x0})

14.50940593s ago: executing program 0 (id=2115):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x801, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)

14.323899964s ago: executing program 0 (id=2116):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
setxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.impure\x00', &(0x7f0000000200)='+$$+\x00', 0x5, 0x1)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

14.052017128s ago: executing program 5 (id=2118):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
setgroups(0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket(0x10, 0x803, 0x0)
socket$igmp(0x2, 0x3, 0x2)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1\x00', 0x80, 0x5)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80)
r0 = open(0x0, 0x101040, 0x115)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, 0x0, 0x4000080)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

13.808782202s ago: executing program 0 (id=2120):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x4236, &(0x7f0000000740)={0x0, 0xaf8c, 0x10100, 0x0, 0x12e}, &(0x7f0000000300)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x6610}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = syz_open_dev$cec(0x0, 0x0, 0x80)
ioctl$CEC_RECEIVE(r5, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x4, 0x0, 0x9, "260000001000", 0x0, 0x0, 0x4a, 0x0, 0x0, 0x9, 0xe})

13.610325675s ago: executing program 5 (id=2121):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/")

13.372418369s ago: executing program 5 (id=2122):
r0 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000010000005a0008", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]})

12.795613798s ago: executing program 0 (id=2125):
openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x88003, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r0, &(0x7f0000000340), 0x8)

12.759510189s ago: executing program 5 (id=2126):
socket$kcm(0x10, 0x3, 0x10)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x15)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f00000005c0)=@get={0x1, &(0x7f00000018c0)=""/4096, 0x3d})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x8010, r3, 0x75987000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="010000000300000004000000ff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080), 0xce4, r6}, 0x38)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$l2tp6(r8, 0x0, 0xf5, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @mcast1, 0x6, 0x4}, 0x20)
socket$l2tp(0x2, 0x2, 0x73)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r10, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x1c}}, 0x20000001)
sendmsg$NL80211_CMD_START_AP(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="88000000", @ANYRES16=r10, @ANYBLOB="050000000000c60000000f000000080003", @ANYRES32=r11, @ANYBLOB="41000e0080000000ffffffffffffffffffffffffffffffffffff00000000000000000000070001000406f0027f0006a7060206002503018c08720603030303030300000010000e8004000100050003005a000000080026006c09000008000c006400000008000d0000000000"], 0x88}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r10, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0xe7, 0x26}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0xc0884)

12.360573575s ago: executing program 36 (id=2125):
openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x88003, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r0, &(0x7f0000000340), 0x8)

12.354526655s ago: executing program 37 (id=2126):
socket$kcm(0x10, 0x3, 0x10)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x15)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f00000005c0)=@get={0x1, &(0x7f00000018c0)=""/4096, 0x3d})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x8010, r3, 0x75987000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="010000000300000004000000ff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080), 0xce4, r6}, 0x38)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$l2tp6(r8, 0x0, 0xf5, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @mcast1, 0x6, 0x4}, 0x20)
socket$l2tp(0x2, 0x2, 0x73)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r10, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x1c}}, 0x20000001)
sendmsg$NL80211_CMD_START_AP(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="88000000", @ANYRES16=r10, @ANYBLOB="050000000000c60000000f000000080003", @ANYRES32=r11, @ANYBLOB="41000e0080000000ffffffffffffffffffffffffffffffffffff00000000000000000000070001000406f0027f0006a7060206002503018c08720603030303030300000010000e8004000100050003005a000000080026006c09000008000c006400000008000d0000000000"], 0x88}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r10, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0xe7, 0x26}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0xc0884)

6.467329588s ago: executing program 7 (id=2135):
unshare(0x20000400)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e24, 0x3, 'lc\x00', 0xb, 0x323b, 0x3a}, {@rand_addr=0x64010102, 0x4e23, 0x0, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)

6.34357351s ago: executing program 7 (id=2136):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_IFNAME={0x14, 0x3, 'batadv_slave_1\x00'}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

6.222944212s ago: executing program 7 (id=2137):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000380)={0x40, 0xc}, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

3.536319414s ago: executing program 7 (id=2138):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

549.968621ms ago: executing program 1 (id=2099):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f0000000140)={[{@acl}, {@barrier_val={'barrier', 0x3d, 0x1003}}, {@errors_remount}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x1, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==")
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x133042, 0x19)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x3)

357.588684ms ago: executing program 7 (id=2139):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20)

139.792208ms ago: executing program 7 (id=2140):
syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='noadinicb,partition=00000000000000000005,noadinicb,mode=00000000000000000003324,gid=', @ANYRESDEC=0x0, @ANYBLOB=',volume=0000000000000,\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO")
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)

0s ago: executing program 1 (id=2141):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

kernel console output (not intermixed with test programs):

0000-000000000000.
[  455.674046][T10806] bridge1: entered promiscuous mode
[  455.679421][T10806] bridge1: entered allmulticast mode
[  455.709915][T10806] team0: Port device bridge1 added
[  456.282190][T10809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1470'.
[  456.625976][T10818] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1473'.
[  456.761756][T10821] netlink: 'syz.2.1475': attribute type 4 has an invalid length.
[  456.963770][T10823] loop3: detected capacity change from 0 to 40427
[  457.003730][T10823] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  457.011545][T10823] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  457.033970][T10823] F2FS-fs (loop3): invalid crc value
[  457.094644][T10823] F2FS-fs (loop3): Found nat_bits in checkpoint
[  458.052739][T10823] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  458.060654][T10823] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  458.801285][T10823] syz.3.1476: attempt to access beyond end of device
[  458.801285][T10823] loop3: rw=2049, sector=45096, nr_sectors = 48 limit=40427
[  458.816482][T10823] syz.3.1476: attempt to access beyond end of device
[  458.816482][T10823] loop3: rw=0, sector=45096, nr_sectors = 8 limit=40427
[  459.337019][   T27] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  459.451519][T10837] bridge1: entered promiscuous mode
[  459.456816][T10837] bridge1: entered allmulticast mode
[  459.488502][T10837] team0: Port device bridge1 added
[  459.998027][   T27] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  460.006046][   T27] usb 3-1: config 0 has no interface number 0
[  460.012479][   T27] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  460.021582][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.034992][   T27] usb 3-1: config 0 descriptor??
[  460.050827][   T27] usb 3-1: selecting invalid altsetting 1
[  460.057074][   T27] dvb_ttusb_budget: ttusb_init_controller: error
[  460.069063][   T27] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  460.194000][   T27] DVB: Unable to find symbol cx22700_attach()
[  460.851739][   T27] DVB: Unable to find symbol tda10046_attach()
[  460.890144][   T27] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  460.924227][   T27] usb 3-1: USB disconnect, device number 6
[  461.250627][T10850] loop3: detected capacity change from 0 to 512
[  461.262594][T10850] EXT4-fs: Ignoring removed nobh option
[  461.325165][T10853] xt_CT: You must specify a L4 protocol and not use inversions on it
[  461.892310][T10852] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1484'.
[  461.946988][T10850] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.1479: iget: bad i_size value: 38620345925642
[  461.987700][T10850] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1479: couldn't read orphan inode 15 (err -117)
[  462.004566][T10850] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  462.323574][ T7143] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm kworker/u4:11: bg 0: block 5: invalid block bitmap
[  462.371736][ T7143] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 16 with error 28
[  462.398524][ T7143] EXT4-fs (loop3): This should not happen!! Data will be lost
[  462.398524][ T7143] 
[  462.411211][ T7143] EXT4-fs (loop3): Total free blocks count 0
[  462.418154][ T7143] EXT4-fs (loop3): Free/Dirty block details
[  462.424884][ T7143] EXT4-fs (loop3): free_blocks=0
[  462.430604][ T7143] EXT4-fs (loop3): dirty_blocks=16
[  462.435836][ T7143] EXT4-fs (loop3): Block reservation details
[  462.443549][ T7143] EXT4-fs (loop3): i_reserved_data_blocks=16
[  462.458996][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.575678][T10875] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1489'.
[  462.766428][T10862] loop2: detected capacity change from 0 to 40427
[  462.774823][T10862] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  462.796431][T10862] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  462.810981][T10862] F2FS-fs (loop2): invalid crc value
[  462.823913][T10862] F2FS-fs (loop2): Found nat_bits in checkpoint
[  462.900537][T10862] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  462.911275][T10862] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  463.033456][T10883] netlink: 'syz.3.1494': attribute type 10 has an invalid length.
[  463.043050][T10883] 8021q: adding VLAN 0 to HW filter on device team0
[  463.073545][T10883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1494'.
[  463.310047][T10888] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1496'.
[  463.607795][T10898] xt_CT: You must specify a L4 protocol and not use inversions on it
[  464.916890][T10905] loop3: detected capacity change from 0 to 2048
[  465.020224][T10905] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  465.258282][  T786] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  465.291650][T10905] syz.3.1500 (10905): drop_caches: 2
[  465.300092][T10915] loop2: detected capacity change from 0 to 256
[  465.420913][T10915] FAT-fs (loop2): Directory bread(block 64) failed
[  465.439903][T10915] FAT-fs (loop2): Directory bread(block 65) failed
[  465.447073][T10915] FAT-fs (loop2): Directory bread(block 66) failed
[  465.453624][T10915] FAT-fs (loop2): Directory bread(block 67) failed
[  465.457153][  T786] usb 2-1: Using ep0 maxpacket: 32
[  465.461319][T10915] FAT-fs (loop2): Directory bread(block 68) failed
[  465.471886][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  465.471915][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  465.471949][  T786] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  465.471970][  T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.480721][  T786] usb 2-1: config 0 descriptor??
[  465.490884][T10915] FAT-fs (loop2): Directory bread(block 69) failed
[  465.525850][T10915] FAT-fs (loop2): Directory bread(block 70) failed
[  465.532479][T10915] FAT-fs (loop2): Directory bread(block 71) failed
[  465.539197][T10915] FAT-fs (loop2): Directory bread(block 72) failed
[  465.545744][T10915] FAT-fs (loop2): Directory bread(block 73) failed
[  465.663503][T10921] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1506'.
[  465.914926][  T786] ft260 0003:0403:6030.0001: unknown main item tag 0x7
[  466.636549][  T786] ft260 0003:0403:6030.0001: chip code: 6663 baf7
[  467.091706][  T786] usb 2-1: USB disconnect, device number 10
[  468.055870][  T786] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  468.690537][  T786] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  468.733866][  T786] usb 3-1: config 0 has no interface number 0
[  468.784161][  T786] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  468.834844][  T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.871230][  T786] usb 3-1: config 0 descriptor??
[  468.904291][  T786] usb 3-1: selecting invalid altsetting 1
[  468.935826][  T786] dvb_ttusb_budget: ttusb_init_controller: error
[  468.956229][  T786] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  469.223736][  T786] DVB: Unable to find symbol cx22700_attach()
[  469.305574][  T786] DVB: Unable to find symbol tda10046_attach()
[  469.329071][  T786] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  469.350498][T10990] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1532'.
[  469.381562][  T786] usb 3-1: USB disconnect, device number 7
[  469.969934][T11003] xt_CT: You must specify a L4 protocol and not use inversions on it
[  470.698667][T11010] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  470.794463][ T5781] bridge0: port 3(syz_tun) entered disabled state
[  470.871430][ T5781] syz_tun (unregistering): left allmulticast mode
[  470.885182][T11018] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1544'.
[  470.898333][ T5781] syz_tun (unregistering): left promiscuous mode
[  470.904858][ T5781] bridge0: port 3(syz_tun) entered disabled state
[  470.927555][T11016] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1543'.
[  471.209024][ T3467] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.347277][ T5872] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  471.420467][ T3467] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.640860][ T3467] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.711071][T11029] xt_CT: You must specify a L4 protocol and not use inversions on it
[  472.331822][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  472.339646][ T5872] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  472.377359][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  472.379059][ T5872] usb 4-1: config 0 has no interface number 0
[  472.391009][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  472.417172][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  472.425681][ T3467] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.442216][ T5872] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  472.442224][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  472.465683][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  472.479944][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.488289][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  472.498844][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  472.506398][ T5792] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  472.516407][ T5792] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  472.526241][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  472.536387][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  472.545526][ T5872] usb 4-1: config 0 descriptor??
[  472.650032][ T5872] usb 4-1: selecting invalid altsetting 1
[  472.676778][ T5872] dvb_ttusb_budget: ttusb_init_controller: error
[  472.717537][ T5872] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  472.936019][ T5872] DVB: Unable to find symbol cx22700_attach()
[  473.125912][ T5872] DVB: Unable to find symbol tda10046_attach()
[  473.166379][ T5872] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  473.203117][ T5872] usb 4-1: USB disconnect, device number 18
[  473.435222][T11058] xt_CT: You must specify a L4 protocol and not use inversions on it
[  474.559115][ T5792] Bluetooth: hci2: command tx timeout
[  474.974588][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1562'.
[  474.985252][T11082] netlink: 'syz.0.1562': attribute type 10 has an invalid length.
[  475.289556][T11030] chnl_net:caif_netlink_parms(): no params data found
[  475.639081][T11030] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.646694][T11030] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.666999][ T5872] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  475.676270][T11030] bridge_slave_0: entered allmulticast mode
[  475.688445][T11030] bridge_slave_0: entered promiscuous mode
[  475.721751][T11030] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.729148][T11030] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.736660][T11030] bridge_slave_1: entered allmulticast mode
[  475.754143][T11030] bridge_slave_1: entered promiscuous mode
[  475.851503][T11030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  475.863961][ T5872] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  475.876304][ T5872] usb 4-1: config 0 has no interface number 0
[  475.886429][ T5872] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  475.896123][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.946723][ T5872] usb 4-1: config 0 descriptor??
[  475.949475][T11030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  475.960576][ T5872] usb 4-1: selecting invalid altsetting 1
[  475.979217][ T5872] dvb_ttusb_budget: ttusb_init_controller: error
[  476.012947][ T5872] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  476.175757][ T5872] DVB: Unable to find symbol cx22700_attach()
[  476.315777][T11030] team0: Port device team_slave_0 added
[  476.346116][ T5872] DVB: Unable to find symbol tda10046_attach()
[  476.402455][ T5872] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  476.424402][T11030] team0: Port device team_slave_1 added
[  476.457579][ T5872] usb 4-1: USB disconnect, device number 19
[  476.639067][ T3467] hsr_slave_0: left promiscuous mode
[  476.655114][ T5792] Bluetooth: hci2: command tx timeout
[  476.678949][ T3467] hsr_slave_1: left promiscuous mode
[  476.727079][T11132] loop3: detected capacity change from 0 to 16
[  476.751876][ T3467] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  476.774354][T11132] erofs: (device loop3): mounted with root inode @ nid 36.
[  476.795291][ T3467] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.860632][ T3467] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  476.880852][ T3467] batman_adv: batadv0: Removing interface: batadv_slave_1
[  476.952673][ T3467] bridge_slave_1: left allmulticast mode
[  476.963885][ T3467] bridge_slave_1: left promiscuous mode
[  476.976623][ T3467] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.998064][ T3467] bridge_slave_0: left allmulticast mode
[  477.003766][ T3467] bridge_slave_0: left promiscuous mode
[  477.015401][ T3467] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.111546][ T3467] veth1_macvtap: left promiscuous mode
[  477.127327][ T3467] veth0_macvtap: left promiscuous mode
[  477.135304][ T3467] veth1_vlan: left promiscuous mode
[  477.158596][ T3467] veth0_vlan: left promiscuous mode
[  477.593076][ T3467] team0 (unregistering): Port device bridge1 removed
[  478.070021][ T3467] team0 (unregistering): Port device team_slave_1 removed
[  478.114522][ T3467] team0 (unregistering): Port device team_slave_0 removed
[  478.161582][ T3467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  478.210134][ T3467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.552172][ T3467] bond0 (unregistering): (slave team0): Releasing backup interface
[  478.692771][ T3467] bond0 (unregistering): Released all slaves
[  478.727193][ T5792] Bluetooth: hci2: command tx timeout
[  478.807589][T11158] bond0: option mode: unable to set because the bond device has slaves
[  478.817797][T11030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  478.824760][T11030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.857796][T11030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  478.877343][T11030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  478.884320][T11030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.930230][T11030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  479.165781][T11030] hsr_slave_0: entered promiscuous mode
[  479.208579][T11030] hsr_slave_1: entered promiscuous mode
[  479.275829][T11030] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  479.321994][T11030] Cannot create hsr debugfs directory
[  480.199089][T11030] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  480.270328][T11030] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  480.306815][T11030] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  480.367955][T11030] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  480.728161][T11030] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.757984][T11030] 8021q: adding VLAN 0 to HW filter on device team0
[  480.799931][ T3467] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.807114][ T3467] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.816800][ T5792] Bluetooth: hci2: command tx timeout
[  480.872981][ T7143] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.880192][ T7143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.337100][ T5839] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  481.455754][T11030] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.554375][ T5839] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  481.593610][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.637231][ T5839] usb 4-1: config 0 descriptor??
[  481.650323][ T5839] cp210x 4-1:0.0: cp210x converter detected
[  482.496191][ T5839] usb 4-1: cp210x converter now attached to ttyUSB0
[  482.623344][T11030] veth0_vlan: entered promiscuous mode
[  482.674106][ T5839] usb 4-1: USB disconnect, device number 20
[  482.683532][ T5839] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  482.691918][ T5839] cp210x 4-1:0.0: device disconnected
[  482.728790][T11030] veth1_vlan: entered promiscuous mode
[  482.936104][T11030] veth0_macvtap: entered promiscuous mode
[  482.984196][   T28] audit: type=1326 audit(1753579268.281:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.012329][T11030] veth1_macvtap: entered promiscuous mode
[  483.103018][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  483.117797][   T28] audit: type=1326 audit(1753579268.281:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.142726][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.156986][   T28] audit: type=1326 audit(1753579268.281:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.225383][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  483.242992][   T28] audit: type=1326 audit(1753579268.331:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.294578][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.310811][T11030] batman_adv: batadv0: Interface activated: batadv_slave_0
[  483.353596][   T28] audit: type=1326 audit(1753579268.331:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.428708][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  483.444240][   T28] audit: type=1326 audit(1753579268.331:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.477048][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.492952][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  483.512647][   T28] audit: type=1326 audit(1753579268.331:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.535306][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.564545][T11030] batman_adv: batadv0: Interface activated: batadv_slave_1
[  483.572410][   T28] audit: type=1326 audit(1753579268.331:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.620414][T11030] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  483.629781][T11030] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  483.647006][   T28] audit: type=1326 audit(1753579268.331:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  483.669767][T11030] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  483.696950][T11030] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  484.023044][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.052044][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.136159][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.182138][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.803004][T11307] loop4: detected capacity change from 0 to 40427
[  484.829191][T11307] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  484.837205][T11307] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  484.861059][T11307] F2FS-fs (loop4): invalid crc value
[  484.890752][T11307] F2FS-fs (loop4): Found nat_bits in checkpoint
[  484.968720][T11307] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  484.975816][T11307] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  485.018241][T11307] syz.4.1549: attempt to access beyond end of device
[  485.018241][T11307] loop4: rw=2049, sector=45096, nr_sectors = 48 limit=40427
[  485.033921][T11307] syz.4.1549: attempt to access beyond end of device
[  485.033921][T11307] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427
[  485.173491][T11325] netlink: 'syz.0.1607': attribute type 29 has an invalid length.
[  485.277427][T11325] netlink: 'syz.0.1607': attribute type 29 has an invalid length.
[  485.453964][T11330] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1614'.
[  485.486071][T11330] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1614'.
[  485.980897][T11341] loop3: detected capacity change from 0 to 1024
[  486.069366][T11341] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  486.304591][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.222461][T11385] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1628'.
[  487.358915][T11380] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1628'.
[  487.442171][T11357] loop4: detected capacity change from 0 to 40427
[  487.450628][T11357] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  487.460842][T11357] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  487.480793][T11357] F2FS-fs (loop4): invalid crc value
[  487.496168][T11357] F2FS-fs (loop4): Found nat_bits in checkpoint
[  487.595144][T11357] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  487.607303][T11357] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  487.691734][T11357] syz.4.1624: attempt to access beyond end of device
[  487.691734][T11357] loop4: rw=2049, sector=45096, nr_sectors = 48 limit=40427
[  487.735883][T11357] syz.4.1624: attempt to access beyond end of device
[  487.735883][T11357] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427
[  488.380611][T11413] loop3: detected capacity change from 0 to 128
[  488.457613][T11413] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  488.527566][T11413] ext4 filesystem being mounted at /370/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  488.890469][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  488.944355][T11433] loop4: detected capacity change from 0 to 128
[  489.091650][T11438] loop6: detected capacity change from 0 to 524287999
[  489.124220][T11439] syz.4.1633: attempt to access beyond end of device
[  489.124220][T11439] loop4: rw=2049, sector=145, nr_sectors = 328 limit=128
[  489.491331][T11441] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1643'.
[  489.553748][T11441] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1643'.
[  490.403231][T11453] GUP no longer grows the stack in syz.0.1645 (11453): 200000005000-200000008000 (200000004000)
[  490.450208][T11453] CPU: 0 PID: 11453 Comm: syz.0.1645 Not tainted 6.6.100-syzkaller #0
[  490.458417][T11453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  490.468505][T11453] Call Trace:
[  490.471804][T11453]  <TASK>
[  490.474759][T11453]  dump_stack_lvl+0x16c/0x230
[  490.479466][T11453]  ? show_regs_print_info+0x20/0x20
[  490.484688][T11453]  ? load_image+0x3b0/0x3b0
[  490.489214][T11453]  ? find_vma+0x12e/0x1b0
[  490.493573][T11453]  fixup_user_fault+0x652/0x710
[  490.498454][T11453]  fault_in_user_writeable+0x71/0xe0
[  490.503765][T11453]  futex_lock_pi+0x21b/0x8d0
[  490.508382][T11453]  ? fixup_pi_state_owner+0x5c0/0x5c0
[  490.513799][T11453]  ? __fget_files+0x28/0x4d0
[  490.518392][T11453]  do_futex+0x23d/0x3e0
[  490.522544][T11453]  ? __ia32_sys_get_robust_list+0x90/0x90
[  490.528252][T11453]  ? __fdget+0x192/0x210
[  490.532491][T11453]  __se_sys_futex+0x36f/0x3f0
[  490.537161][T11453]  ? __x64_sys_futex+0xf0/0xf0
[  490.541921][T11453]  ? __x64_sys_futex+0x21/0xf0
[  490.546701][T11453]  do_syscall_64+0x55/0xb0
[  490.551110][T11453]  ? clear_bhb_loop+0x40/0x90
[  490.555781][T11453]  ? clear_bhb_loop+0x40/0x90
[  490.560451][T11453]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  490.566343][T11453] RIP: 0033:0x7ff61858e9a9
[  490.570760][T11453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  490.590365][T11453] RSP: 002b:00007ff61941b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  490.598779][T11453] RAX: ffffffffffffffda RBX: 00007ff6187b5fa0 RCX: 00007ff61858e9a9
[  490.606746][T11453] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  490.614709][T11453] RBP: 00007ff618610d69 R08: 0000200000004000 R09: 0000000000000000
[  490.622669][T11453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  490.630632][T11453] R13: 0000000000000000 R14: 00007ff6187b5fa0 R15: 00007ffc6ba9a2a8
[  490.638612][T11453]  </TASK>
[  490.850696][   T28] audit: type=1326 audit(1753579276.151:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  490.924648][   T28] audit: type=1326 audit(1753579276.151:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  490.951447][   T28] audit: type=1326 audit(1753579276.151:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  490.978246][   T28] audit: type=1326 audit(1753579276.151:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  491.006597][   T28] audit: type=1326 audit(1753579276.151:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  491.030644][   T28] audit: type=1326 audit(1753579276.151:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  491.055041][   T28] audit: type=1326 audit(1753579276.151:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11473 comm="syz.0.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x7ffc0000
[  491.177029][ T5825] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  491.262532][T11486] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1656'.
[  491.276421][T11486] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1656'.
[  491.285923][ T5854] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  491.380361][ T5825] usb 4-1: Using ep0 maxpacket: 32
[  491.389387][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  491.400734][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  491.410837][ T5825] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  491.420314][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.443835][ T5825] usb 4-1: config 0 descriptor??
[  491.466244][ T5825] hub 4-1:0.0: USB hub found
[  491.506987][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  491.514873][ T5854] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  491.534914][ T5854] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  491.545396][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.554154][ T5854] usb 5-1: Product: syz
[  491.560838][ T5854] usb 5-1: Manufacturer: syz
[  491.565574][ T5854] usb 5-1: SerialNumber: syz
[  491.575733][ T5854] usb 5-1: config 0 descriptor??
[  491.669477][ T5825] hub 4-1:0.0: config failed, can't read hub descriptor (err -90)
[  491.873754][ T5825] usbhid 4-1:0.0: can't add hid device: -71
[  491.880605][ T5825] usbhid: probe of 4-1:0.0 failed with error -71
[  491.929320][ T5825] usb 4-1: USB disconnect, device number 21
[  493.231728][T11544] loop3: detected capacity change from 0 to 4096
[  493.999468][ T5825] usb 5-1: USB disconnect, device number 2
[  494.092019][T11572] loop4: detected capacity change from 0 to 64
[  494.484364][   T28] audit: type=1326 audit(1753579279.771:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.0.1698" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff61858e9a9 code=0x0
[  494.538583][T11590] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1699'.
[  494.667142][ T5839] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  494.851196][ T5839] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  494.876969][ T5839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.885002][ T5839] usb 5-1: Product: syz
[  494.889456][T11600] netlink: 'syz.3.1701': attribute type 29 has an invalid length.
[  494.897509][ T5839] usb 5-1: Manufacturer: syz
[  494.902110][ T5839] usb 5-1: SerialNumber: syz
[  494.907323][T11600] netlink: 'syz.3.1701': attribute type 29 has an invalid length.
[  494.917439][ T5839] usb 5-1: config 0 descriptor??
[  494.926351][ T5839] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  495.533003][ T5839] gspca_stk1135: reg_w 0x3 err -71
[  495.548658][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.558944][ T5839] gspca_stk1135: Sensor write failed
[  495.564279][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.573086][ T5839] gspca_stk1135: Sensor write failed
[  495.581782][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.599147][ T5839] gspca_stk1135: Sensor read failed
[  495.623263][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.629853][ T5839] gspca_stk1135: Sensor read failed
[  495.645055][ T5839] gspca_stk1135: Detected sensor type unknown (0x0)
[  495.662184][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.681571][ T5839] gspca_stk1135: Sensor read failed
[  495.697519][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.703946][ T5839] gspca_stk1135: Sensor read failed
[  495.721348][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.732846][ T5839] gspca_stk1135: Sensor write failed
[  495.753944][ T5839] gspca_stk1135: serial bus timeout: status=0x00
[  495.777691][ T5839] gspca_stk1135: Sensor write failed
[  495.793385][ T5839] stk1135: probe of 5-1:0.0 failed with error -71
[  495.812473][ T5839] usb 5-1: USB disconnect, device number 3
[  496.053396][T11626] loop3: detected capacity change from 0 to 4096
[  496.078330][T11626] ntfs3: Bad value for 'uid'
[  496.174315][T11628] xt_CT: You must specify a L4 protocol and not use inversions on it
[  496.194071][ T5786] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  496.615768][T11646] netlink: 'syz.0.1719': attribute type 10 has an invalid length.
[  496.625118][T11646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1719'.
[  496.707252][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  496.897809][    T9] usb 5-1: too many configurations: 25, using maximum allowed: 8
[  496.942214][    T9] usb 5-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98
[  496.962382][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.983887][    T9] usb 5-1: config 0 descriptor??
[  496.991069][T11659] netlink: 'syz.1.1718': attribute type 29 has an invalid length.
[  497.027996][    T9] pwc: Creative Labs Webcam Pro Ex detected.
[  497.034041][    T9] pwc: Warning: more than 1 configuration available.
[  497.048560][T11659] netlink: 'syz.1.1718': attribute type 29 has an invalid length.
[  497.166116][T11667] loop3: detected capacity change from 0 to 256
[  497.235359][    T9] pwc: Failed to set LED on/off time (-71)
[  497.242287][T11667] FAT-fs (loop3): Directory bread(block 64) failed
[  497.248545][    T9] pwc: send_video_command error -71
[  497.256248][    T9] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  497.257705][T11667] FAT-fs (loop3): Directory bread(block 65) failed
[  497.268939][    T9] Philips webcam: probe of 5-1:0.0 failed with error -71
[  497.277748][T11667] FAT-fs (loop3): Directory bread(block 66) failed
[  497.277804][T11667] FAT-fs (loop3): Directory bread(block 67) failed
[  497.277892][T11667] FAT-fs (loop3): Directory bread(block 68) failed
[  497.277917][T11667] FAT-fs (loop3): Directory bread(block 69) failed
[  497.277999][T11667] FAT-fs (loop3): Directory bread(block 70) failed
[  497.278023][T11667] FAT-fs (loop3): Directory bread(block 71) failed
[  497.278139][T11667] FAT-fs (loop3): Directory bread(block 72) failed
[  497.301353][    T9] usb 5-1: USB disconnect, device number 4
[  497.330698][T11667] FAT-fs (loop3): Directory bread(block 73) failed
[  498.048744][T11675] netlink: 'syz.3.1730': attribute type 10 has an invalid length.
[  498.221977][T11675] 8021q: adding VLAN 0 to HW filter on device team0
[  498.223937][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1730'.
[  498.581792][T11687] loop3: detected capacity change from 0 to 2048
[  498.602928][T11687] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=2365, location=2365
[  498.645054][T11687] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  498.702723][T11687] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  498.756822][T11687] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  499.168521][T11699] serio: Serial port ptm0
[  499.237127][ T5773] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  499.440968][ T5773] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  499.467377][ T5773] usb 4-1: config 0 has no interface number 0
[  499.473970][ T5773] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  499.494790][ T5773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.529598][ T5773] usb 4-1: config 0 descriptor??
[  499.560019][ T5773] usb 4-1: selecting invalid altsetting 1
[  499.577471][ T5773] dvb_ttusb_budget: ttusb_init_controller: error
[  499.584135][ T5773] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  499.746469][ T5773] DVB: Unable to find symbol cx22700_attach()
[  499.866737][ T5773] DVB: Unable to find symbol tda10046_attach()
[  499.895126][ T5773] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  499.945032][ T5773] usb 4-1: USB disconnect, device number 22
[  500.002322][T11731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1753'.
[  500.119998][T11731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1753'.
[  500.335224][T11731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1753'.
[  500.775279][T11733] loop4: detected capacity change from 0 to 40427
[  500.796167][T11763] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1757'.
[  500.820792][T11733] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  500.845659][T11733] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  500.870814][T11767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1762'.
[  500.891701][T11733] F2FS-fs (loop4): invalid crc value
[  500.906631][T11767] hsr_slave_0: left promiscuous mode
[  500.922430][T11733] F2FS-fs (loop4): Found nat_bits in checkpoint
[  500.971477][T11767] hsr_slave_1: left promiscuous mode
[  501.188458][T11733] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  501.231416][T11733] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  501.685272][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  501.691760][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  501.998060][ T5854] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  502.192444][T11814] netlink: 'syz.4.1767': attribute type 12 has an invalid length.
[  502.212467][ T5854] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  502.232015][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.005149][ T5854] usb 4-1: config 0 descriptor??
[  503.019534][ T5854] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  503.467533][T11827] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1777'.
[  504.038770][ T5854] usb 4-1: USB disconnect, device number 23
[  504.205641][T11857] xt_CT: You must specify a L4 protocol and not use inversions on it
[  504.407219][ T5839] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  504.617794][ T5839] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  504.660660][ T5839] usb 5-1: config 0 has no interface number 0
[  504.708452][ T5839] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  504.855130][ T5839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.104673][ T5839] usb 5-1: config 0 descriptor??
[  505.153346][ T5839] usb 5-1: selecting invalid altsetting 1
[  505.167339][ T5839] dvb_ttusb_budget: ttusb_init_controller: error
[  505.181276][ T5839] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  505.374691][ T5839] DVB: Unable to find symbol cx22700_attach()
[  505.505660][ T5839] DVB: Unable to find symbol tda10046_attach()
[  505.519463][ T5839] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  505.543190][ T5839] usb 5-1: USB disconnect, device number 5
[  506.093070][T11907] binder_alloc: 11906: binder_alloc_buf, no vma
[  506.285090][T11886] loop3: detected capacity change from 0 to 40427
[  506.312392][T11886] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  506.329655][T11886] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  506.341687][T11886] F2FS-fs (loop3): invalid crc value
[  506.408344][T11886] F2FS-fs (loop3): Found nat_bits in checkpoint
[  506.611519][T11886] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  506.624579][T11886] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  507.098153][T11947] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1805'.
[  507.119906][T11948] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1808'.
[  507.147513][T11948] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1808'.
[  507.170445][T11948] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1808'.
[  508.171573][T11979] vlan2: entered promiscuous mode
[  508.201465][T11979] bridge0: entered promiscuous mode
[  508.218061][T11979] vlan2: entered allmulticast mode
[  508.223889][T11979] bridge0: entered allmulticast mode
[  508.253650][T11985] syz_tun: left allmulticast mode
[  508.267032][T11985] syz_tun: left promiscuous mode
[  508.283217][T11985] bridge0: port 3(syz_tun) entered disabled state
[  508.343016][T11985] bridge_slave_0: left allmulticast mode
[  508.359479][T11985] bridge_slave_0: left promiscuous mode
[  508.365419][T11985] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.396413][T11985] bridge_slave_1: left allmulticast mode
[  508.422778][T11985] bridge_slave_1: left promiscuous mode
[  508.442659][T11985] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.468010][T11985] bond0: (slave bond_slave_0): Releasing backup interface
[  508.492561][T11985] bond0: (slave bond_slave_1): Releasing backup interface
[  508.549331][T11985] team0: Port device team_slave_0 removed
[  508.570187][T11985] team0: Port device team_slave_1 removed
[  508.580289][T11985] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  508.588298][T11985] batman_adv: batadv0: Removing interface: batadv_slave_0
[  508.597819][T11985] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  508.605380][T11985] batman_adv: batadv0: Removing interface: batadv_slave_1
[  508.632439][T11985] team0: Port device bridge1 removed
[  509.335277][T12019] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1823'.
[  509.757004][ T5773] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  510.292260][ T5773] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  510.300629][ T5773] usb 5-1: config 0 has no interface number 0
[  510.328057][ T5773] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  510.363599][ T5773] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.390135][ T5773] usb 5-1: config 0 descriptor??
[  510.413814][ T5773] usb 5-1: selecting invalid altsetting 1
[  510.427468][ T5773] dvb_ttusb_budget: ttusb_init_controller: error
[  510.442644][ T5773] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  510.626593][ T5773] DVB: Unable to find symbol cx22700_attach()
[  510.745754][ T5773] DVB: Unable to find symbol tda10046_attach()
[  510.765921][ T5773] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  510.787929][ T5773] usb 5-1: USB disconnect, device number 6
[  510.852159][T12054] netlink: 'syz.1.1838': attribute type 10 has an invalid length.
[  510.864380][T12054] 8021q: adding VLAN 0 to HW filter on device team0
[  510.873375][T12054] bond0: (slave team0): Enslaving as an active interface with an up link
[  510.894150][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1838'.
[  512.085529][T12069] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1841'.
[  512.210673][T12075] loop4: detected capacity change from 0 to 512
[  512.591327][T12081] netlink: 'syz.0.1848': attribute type 10 has an invalid length.
[  512.601273][ T5773] usb 4-1: new low-speed USB device number 24 using dummy_hcd
[  512.611623][T12081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1848'.
[  512.818861][ T5773] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  512.841257][ T5773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.862429][ T5773] usb 4-1: config 0 descriptor??
[  512.880232][   T42] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  512.959588][T12090] netlink: 'syz.1.1847': attribute type 29 has an invalid length.
[  513.021145][   T42] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.057761][T12090] netlink: 'syz.1.1847': attribute type 29 has an invalid length.
[  513.131270][   T42] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.168395][T12091] netlink: 'syz.1.1847': attribute type 29 has an invalid length.
[  513.198673][T12091] netlink: 'syz.1.1847': attribute type 29 has an invalid length.
[  513.253864][   T42] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.553938][T12095] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  513.589005][T12099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  513.627881][T12099] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  513.645468][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  513.656507][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  513.682473][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  513.697236][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  514.731243][T12096] chnl_net:caif_netlink_parms(): no params data found
[  514.907566][T12096] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.936793][ T5773] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  514.961348][T12096] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.977526][ T5773] asix: probe of 4-1:0.0 failed with error -71
[  514.987592][T12096] bridge_slave_0: entered allmulticast mode
[  515.007410][ T5773] usb 4-1: USB disconnect, device number 24
[  515.022653][T12096] bridge_slave_0: entered promiscuous mode
[  515.114593][T12096] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.123775][T12096] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.135193][T12096] bridge_slave_1: entered allmulticast mode
[  515.144046][T12096] bridge_slave_1: entered promiscuous mode
[  515.237783][   T42] hsr_slave_0: left promiscuous mode
[  515.249499][   T42] hsr_slave_1: left promiscuous mode
[  515.287524][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.302779][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.322571][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  515.351429][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  515.371127][   T42] bridge_slave_1: left allmulticast mode
[  515.387103][   T42] bridge_slave_1: left promiscuous mode
[  515.397393][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.429533][   T42] bridge_slave_0: left allmulticast mode
[  515.456512][   T42] bridge_slave_0: left promiscuous mode
[  515.478509][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.605184][   T42] veth1_macvtap: left promiscuous mode
[  515.614038][   T42] veth0_macvtap: left promiscuous mode
[  515.632514][   T42] veth1_vlan: left promiscuous mode
[  515.661030][   T42] veth0_vlan: left promiscuous mode
[  515.828382][T12172] netlink: 'syz.1.1864': attribute type 29 has an invalid length.
[  515.847028][ T5787] Bluetooth: hci2: command tx timeout
[  516.166978][ T5854] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  516.385263][ T5854] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  516.406450][ T5854] usb 4-1: config 0 has no interface number 0
[  516.424426][ T5854] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  516.445856][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.469905][ T5854] usb 4-1: config 0 descriptor??
[  516.497708][ T5854] usb 4-1: selecting invalid altsetting 1
[  516.508021][ T5854] dvb_ttusb_budget: ttusb_init_controller: error
[  516.515788][ T5854] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  516.665771][ T5854] DVB: Unable to find symbol cx22700_attach()
[  516.743439][ T5854] DVB: Unable to find symbol tda10046_attach()
[  516.756757][ T5854] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  516.777506][ T5854] usb 4-1: USB disconnect, device number 25
[  517.004011][T12184] netlink: 'syz.0.1871': attribute type 29 has an invalid length.
[  517.014850][   T42] team0 (unregistering): Port device team_slave_1 removed
[  517.064765][   T42] team0 (unregistering): Port device team_slave_0 removed
[  517.120847][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  517.172754][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  517.862522][   T42] bond0 (unregistering): Released all slaves
[  517.917176][ T5787] Bluetooth: hci2: command tx timeout
[  517.989177][T12172] netlink: 'syz.1.1864': attribute type 29 has an invalid length.
[  518.000410][T12184] netlink: 'syz.0.1871': attribute type 29 has an invalid length.
[  518.138044][T12096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.167798][T12096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.349074][T12096] team0: Port device team_slave_0 added
[  518.369002][T12096] team0: Port device team_slave_1 added
[  518.446436][T12096] batman_adv: batadv0: Adding interface: batadv_slave_0
[  518.458479][T12096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.501105][T12096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  518.550996][T12096] batman_adv: batadv0: Adding interface: batadv_slave_1
[  518.563530][T12096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.610865][T12096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  518.761984][T12096] hsr_slave_0: entered promiscuous mode
[  518.785766][T12096] hsr_slave_1: entered promiscuous mode
[  518.794885][T12096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  518.817154][T12096] Cannot create hsr debugfs directory
[  519.271756][T12096] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  519.311359][T12096] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  519.335443][T12096] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  519.347178][T12228] netlink: 'syz.1.1881': attribute type 29 has an invalid length.
[  519.405395][T12228] netlink: 'syz.1.1881': attribute type 29 has an invalid length.
[  519.416521][T12230] netlink: 'syz.1.1881': attribute type 29 has an invalid length.
[  519.426122][T12230] netlink: 'syz.1.1881': attribute type 29 has an invalid length.
[  519.451731][T12096] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  519.919497][T12096] 8021q: adding VLAN 0 to HW filter on device bond0
[  519.984923][T12096] 8021q: adding VLAN 0 to HW filter on device team0
[  520.000079][ T5787] Bluetooth: hci2: command tx timeout
[  520.022406][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.032387][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  520.143761][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.152386][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  520.288883][T12096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  520.560082][T12254] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1886'.
[  520.581786][T12260] netlink: 'syz.0.1884': attribute type 29 has an invalid length.
[  520.617388][T12260] netlink: 'syz.0.1884': attribute type 29 has an invalid length.
[  520.945894][T12096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  521.546971][ T5839] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  521.704334][T12096] veth0_vlan: entered promiscuous mode
[  521.733312][T12096] veth1_vlan: entered promiscuous mode
[  521.747407][ T5839] usb 4-1: Using ep0 maxpacket: 16
[  521.763213][ T5839] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  521.790279][ T5839] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  521.795498][T12096] veth0_macvtap: entered promiscuous mode
[  521.804598][ T5839] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.825287][T12096] veth1_macvtap: entered promiscuous mode
[  521.849559][ T5839] usb 4-1: Product: syz
[  521.867034][ T5839] usb 4-1: Manufacturer: syz
[  521.871496][T12096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  521.875809][ T5839] usb 4-1: SerialNumber: syz
[  521.890485][T12096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.917729][ T5839] usb 4-1: config 0 descriptor??
[  521.933197][T12096] batman_adv: batadv0: Interface activated: batadv_slave_0
[  521.974055][T12096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.993517][T12096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  522.008189][T12096] batman_adv: batadv0: Interface activated: batadv_slave_1
[  522.032390][T12096] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  522.048616][T12096] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  522.075602][T12096] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  522.086698][ T5787] Bluetooth: hci2: command tx timeout
[  522.101966][T12096] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  522.266208][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  522.294505][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  522.386369][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  522.421652][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  522.543221][T12314] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1896'.
[  522.735365][T12322] netlink: 'syz.0.1894': attribute type 29 has an invalid length.
[  522.745690][T12322] netlink: 'syz.0.1894': attribute type 29 has an invalid length.
[  522.756362][T12322] netlink: 'syz.0.1894': attribute type 29 has an invalid length.
[  522.767352][T12322] netlink: 'syz.0.1894': attribute type 29 has an invalid length.
[  522.934553][T12329] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1897'.
[  524.006736][T12361] loop5: detected capacity change from 0 to 512
[  524.016312][T12361] EXT4-fs: Ignoring removed oldalloc option
[  524.053516][T12361] EXT4-fs (loop5): 1 truncate cleaned up
[  524.083527][T12361] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  524.153656][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.353737][    T9] usb 4-1: USB disconnect, device number 26
[  524.476297][T12374] loop3: detected capacity change from 0 to 512
[  524.512107][T12374] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  524.570762][   T28] audit: type=1804 audit(1753579309.861:635): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1908" name="/newroot/418/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  524.696632][   T28] audit: type=1804 audit(1753579309.871:636): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1908" name="/newroot/418/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  524.777403][   T28] audit: type=1804 audit(1753579309.871:637): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1908" name="/newroot/418/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  524.803698][   T28] audit: type=1804 audit(1753579309.871:638): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1908" name="/newroot/418/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  524.942460][T12389] netlink: 'syz.0.1909': attribute type 29 has an invalid length.
[  524.952414][T12389] netlink: 'syz.0.1909': attribute type 29 has an invalid length.
[  524.963195][T12389] netlink: 'syz.0.1909': attribute type 29 has an invalid length.
[  524.972875][T12389] netlink: 'syz.0.1909': attribute type 29 has an invalid length.
[  525.641099][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.767142][ T5839] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  525.927845][T12399] kvm: pic: single mode not supported
[  525.932202][T12399] kvm: pic: level sensitive irq not supported
[  525.968831][ T5839] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.974396][T12399] kvm: pic: single mode not supported
[  525.977045][ T5839] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  526.073964][ T5839] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  526.086575][ T5839] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.107267][ T5839] usb 6-1: Product: syz
[  526.122668][ T5839] usb 6-1: Manufacturer: syz
[  526.135013][ T5839] usb 6-1: SerialNumber: syz
[  526.159854][ T5839] cdc_mbim 6-1:1.0: skipping garbage
[  527.218409][ T5839] cdc_mbim 6-1:1.0: bind() failure
[  527.261141][ T5839] usbtest: probe of 6-1:1.1 failed with error -71
[  527.330579][ T5839] usb 6-1: USB disconnect, device number 2
[  527.397188][T12445] netlink: 'syz.1.1923': attribute type 29 has an invalid length.
[  527.407111][T12445] netlink: 'syz.1.1923': attribute type 29 has an invalid length.
[  528.306235][T12457] loop3: detected capacity change from 0 to 512
[  529.059396][ T5839] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  529.182300][T12480] validate_nla: 2 callbacks suppressed
[  529.182314][T12480] netlink: 'syz.0.1937': attribute type 29 has an invalid length.
[  529.198976][T12480] netlink: 'syz.0.1937': attribute type 29 has an invalid length.
[  529.209911][T12480] netlink: 'syz.0.1937': attribute type 29 has an invalid length.
[  529.219531][T12480] netlink: 'syz.0.1937': attribute type 29 has an invalid length.
[  529.545215][ T5839] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  529.649700][ T5839] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  529.822439][ T5839] usb 6-1: config 0 interface 0 has no altsetting 0
[  529.874904][ T5839] usb 6-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  529.928652][ T5839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.982314][ T5839] usb 6-1: config 0 descriptor??
[  530.179951][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  530.193673][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  530.209142][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  530.228392][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  530.239993][ T5792] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  530.249724][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  530.322617][   T42] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.418444][   T42] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.482781][ T5839] input: HID 054c:03d5 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:054C:03D5.0002/input/input18
[  530.559753][   T42] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.653616][   T42] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.674470][T12494] chnl_net:caif_netlink_parms(): no params data found
[  530.730551][ T5839] sony 0003:054C:03D5.0002: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.5-1/input0
[  530.817222][ T5839] usb 6-1: USB disconnect, device number 3
[  530.956302][T12494] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.987512][T12494] bridge0: port 1(bridge_slave_0) entered disabled state
[  531.000855][T12504] fido_id[12504]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  531.023896][T12494] bridge_slave_0: entered allmulticast mode
[  531.048613][T12494] bridge_slave_0: entered promiscuous mode
[  531.077373][T12494] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.085910][T12494] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.104434][T12494] bridge_slave_1: entered allmulticast mode
[  531.113172][T12494] bridge_slave_1: entered promiscuous mode
[  531.423863][T12522] netlink: 'syz.1.1948': attribute type 29 has an invalid length.
[  531.456435][T12494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  531.516063][T12522] netlink: 'syz.1.1948': attribute type 29 has an invalid length.
[  531.526209][T12523] netlink: 'syz.1.1948': attribute type 29 has an invalid length.
[  531.538603][T12523] netlink: 'syz.1.1948': attribute type 29 has an invalid length.
[  531.792541][T12494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.317188][ T5787] Bluetooth: hci3: command tx timeout
[  532.427738][T12494] team0: Port device team_slave_0 added
[  532.460392][T12494] team0: Port device team_slave_1 added
[  532.572927][T12539] lo: entered promiscuous mode
[  532.590033][T12539] tunl0: entered promiscuous mode
[  532.610750][   T28] audit: type=1326 audit(1753579317.911:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.611312][T12539] gre0: entered promiscuous mode
[  532.665331][T12539] gretap0: entered promiscuous mode
[  532.681745][T12539] erspan0: entered promiscuous mode
[  532.692502][T12539] ip_vti0: entered promiscuous mode
[  532.696971][   T28] audit: type=1326 audit(1753579317.911:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.703263][T12539] ip6_vti0: entered promiscuous mode
[  532.747709][   T28] audit: type=1326 audit(1753579317.941:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.752910][T12539] sit0: entered promiscuous mode
[  532.788774][T12539] ip6tnl0: entered promiscuous mode
[  532.795201][T12539] ip6gre0: entered promiscuous mode
[  532.815644][   T28] audit: type=1326 audit(1753579317.941:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe39ff8e9e3 code=0x7ffc0000
[  532.843052][T12539] ip6gretap0: entered promiscuous mode
[  532.850175][T12539] bridge0: entered promiscuous mode
[  532.856567][T12539] vcan0: entered promiscuous mode
[  532.863041][   T28] audit: type=1326 audit(1753579317.951:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.890357][T12539] bond0: entered promiscuous mode
[  532.896410][T12539] bond_slave_0: entered promiscuous mode
[  532.909041][   T28] audit: type=1326 audit(1753579317.951:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.941721][T12539] bond_slave_1: entered promiscuous mode
[  532.941853][T12450] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  532.948787][T12539] team0: entered promiscuous mode
[  532.965672][   T28] audit: type=1326 audit(1753579317.961:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  532.994770][T12539] team_slave_0: entered promiscuous mode
[  533.005430][T12539] team_slave_1: entered promiscuous mode
[  533.021005][   T28] audit: type=1326 audit(1753579317.961:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  533.053782][T12539] dummy0: entered promiscuous mode
[  533.072392][T12539] nlmon0: entered promiscuous mode
[  533.081143][   T28] audit: type=1326 audit(1753579317.961:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  533.113766][T12539] caif0: entered promiscuous mode
[  533.124952][T12539] batadv0: entered promiscuous mode
[  533.138912][T12539] veth0: entered promiscuous mode
[  533.155483][T12539] veth1: entered promiscuous mode
[  533.165417][   T28] audit: type=1326 audit(1753579317.961:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12541 comm="syz.5.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39ff8e9a9 code=0x7ffc0000
[  533.196693][T12539] wg0: entered promiscuous mode
[  533.204049][T12539] wg1: entered promiscuous mode
[  533.210793][T12539] wg2: entered promiscuous mode
[  533.219072][T12539] veth0_to_bridge: entered promiscuous mode
[  533.226437][T12539] veth1_to_bridge: entered promiscuous mode
[  533.233934][T12539] veth0_to_bond: entered promiscuous mode
[  533.241170][T12539] veth1_to_bond: entered promiscuous mode
[  533.248412][T12539] veth0_to_team: entered promiscuous mode
[  533.255583][T12539] veth1_to_team: entered promiscuous mode
[  533.282091][T12539] veth0_to_batadv: entered promiscuous mode
[  533.304401][T12539] batadv_slave_0: entered promiscuous mode
[  533.318721][T12561] netlink: 'syz.0.1959': attribute type 29 has an invalid length.
[  533.354738][T12539] veth1_to_batadv: entered promiscuous mode
[  533.375458][T12539] batadv_slave_1: entered promiscuous mode
[  533.405970][T12539] xfrm0: entered promiscuous mode
[  533.418353][T12539] veth0_to_hsr: entered promiscuous mode
[  533.479984][T12539] veth1_to_hsr: entered promiscuous mode
[  533.501571][T12450] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  533.517330][T12539] hsr0: entered promiscuous mode
[  533.523507][T12450] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  533.540478][T12539] veth1_virt_wifi: entered promiscuous mode
[  533.548398][T12450] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  533.568636][T12539] veth0_virt_wifi: entered promiscuous mode
[  533.620185][T12539] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  533.630960][T12450] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.711268][T12539] vlan0: entered promiscuous mode
[  533.907631][T12539] vlan1: entered promiscuous mode
[  533.913963][T12539] macvlan0: entered promiscuous mode
[  533.938301][T12539] macvlan1: entered promiscuous mode
[  533.944854][T12539] ipvlan0: entered promiscuous mode
[  533.951350][T12539] ipvlan1: entered promiscuous mode
[  533.958035][T12539] macvtap0: entered promiscuous mode
[  533.964544][T12539] macsec0: entered promiscuous mode
[  533.971014][T12539] geneve0: entered promiscuous mode
[  533.977454][T12539] geneve1: entered promiscuous mode
[  533.983857][T12539] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  533.992850][T12539] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[  534.002641][T12539] netdevsim netdevsim1 netdevsim2: entered promiscuous mode
[  534.011798][T12539] netdevsim netdevsim1 netdevsim3: entered promiscuous mode
[  534.020773][T12539] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  534.029698][T12539] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  534.041348][T12539] gretap1: entered promiscuous mode
[  534.108730][T12450] usb 6-1: usb_control_msg returned -32
[  534.115460][T12450] usbtmc 6-1:16.0: can't read capabilities
[  534.221832][T12561] netlink: 'syz.0.1959': attribute type 29 has an invalid length.
[  534.232084][T12494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  534.244300][T12494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  534.288515][T12494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  534.310780][T12494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  534.325286][T12494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  534.366575][T12494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.397239][ T5787] Bluetooth: hci3: command tx timeout
[  534.599931][T12494] hsr_slave_0: entered promiscuous mode
[  534.615829][T12494] hsr_slave_1: entered promiscuous mode
[  534.623969][T12494] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  534.633523][T12494] Cannot create hsr debugfs directory
[  535.080197][T12588] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1965'.
[  535.222631][T12494] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  535.294961][T12494] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  535.317470][T12494] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  535.336331][T12494] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  535.613508][ T5825] usb 6-1: USB disconnect, device number 4
[  535.765194][T12617] loop5: detected capacity change from 0 to 512
[  535.773243][   T42] hsr_slave_0: left promiscuous mode
[  535.792449][T12617] EXT4-fs: Ignoring removed nomblk_io_submit option
[  535.806712][   T42] hsr_slave_1: left promiscuous mode
[  535.822857][T12617] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  535.865814][T12617] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  535.920643][T12617] EXT4-fs (loop5): 1 truncate cleaned up
[  535.932602][T12617] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  535.969592][T12617] EXT4-fs error (device loop5): mb_free_blocks:1943: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt.
[  536.009585][   T42] veth1_macvtap: left promiscuous mode
[  536.016401][   T42] veth0_macvtap: left promiscuous mode
[  536.026603][   T42] veth1_vlan: left promiscuous mode
[  536.042545][   T42] veth0_vlan: left promiscuous mode
[  536.099517][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.477380][ T5787] Bluetooth: hci3: command tx timeout
[  536.701878][T12648] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1979'.
[  538.006448][T12664] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1987'.
[  538.022293][   T42] bond0 (unregistering): Released all slaves
[  538.353917][T12494] 8021q: adding VLAN 0 to HW filter on device bond0
[  538.438039][T12675] loop5: detected capacity change from 0 to 512
[  538.447745][T12494] 8021q: adding VLAN 0 to HW filter on device team0
[  538.488624][ T7143] bridge0: port 1(bridge_slave_0) entered blocking state
[  538.497221][ T7143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  538.557218][ T5787] Bluetooth: hci3: command tx timeout
[  538.610197][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state
[  538.618817][ T7804] bridge0: port 2(bridge_slave_1) entered forwarding state
[  538.749579][ T5773] IPVS: starting estimator thread 0...
[  538.876291][T12693] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1995'.
[  538.902862][T12688] IPVS: using max 19 ests per chain, 45600 per kthread
[  539.280884][T12494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  539.445450][T12716] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1997'.
[  540.105927][T12494] veth0_vlan: entered promiscuous mode
[  540.133490][T12494] veth1_vlan: entered promiscuous mode
[  540.276842][T12494] veth0_macvtap: entered promiscuous mode
[  540.311746][T12494] veth1_macvtap: entered promiscuous mode
[  540.418250][T12494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  540.473397][T12494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.494888][T12494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  540.511353][T12494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.532534][T12494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  540.579516][T12494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.624616][T12494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.630044][T12758] loop5: detected capacity change from 0 to 512
[  540.637269][T12494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.676998][T12494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.708784][T12494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  540.743048][T12494] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.775373][T12494] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.796634][T12494] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.807990][T12494] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.959134][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.976278][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.009655][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.019601][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.256424][T12776] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2014'.
[  541.573388][T12781] loop6: detected capacity change from 0 to 512
[  541.809182][ T9614] bridge0: port 3(syz_tun) entered disabled state
[  541.970833][ T9614] syz_tun (unregistering): left allmulticast mode
[  541.991661][ T9614] syz_tun (unregistering): left promiscuous mode
[  542.013620][ T9614] bridge0: port 3(syz_tun) entered disabled state
[  542.092825][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  542.131673][T12101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  542.164292][T12101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  542.276704][T12101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  542.286973][ T5839] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  542.306192][T12101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  542.319207][T12101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  542.509249][ T5839] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.521668][ T5839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  542.532662][ T5839] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  542.548548][ T5839] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.575703][T12793] netlink: 'syz.1.2024': attribute type 29 has an invalid length.
[  542.613887][T12793] netlink: 'syz.1.2024': attribute type 29 has an invalid length.
[  542.631907][ T5839] usb 7-1: config 0 descriptor??
[  542.652027][ T5839] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  542.710661][ T5839] dvb-usb: bulk message failed: -22 (3/0)
[  542.719020][T12786] chnl_net:caif_netlink_parms(): no params data found
[  542.747415][ T5839] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  542.788869][ T5839] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  542.798973][ T5839] usb 7-1: media controller created
[  542.820421][ T5839] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  542.848775][ T5839] dvb-usb: bulk message failed: -22 (6/0)
[  542.858703][ T5839] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  542.872681][ T5839] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input19
[  542.949569][ T5839] dvb-usb: schedule remote query interval to 150 msecs.
[  542.973977][ T5839] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  543.005941][ T5839] usb 7-1: USB disconnect, device number 2
[  543.062862][ T5839] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  543.173379][T12786] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.208019][T12786] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.238485][T12786] bridge_slave_0: entered allmulticast mode
[  543.267802][T12786] bridge_slave_0: entered promiscuous mode
[  543.301237][T12786] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.337289][T12786] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.369616][T12786] bridge_slave_1: entered allmulticast mode
[  543.422372][T12786] bridge_slave_1: entered promiscuous mode
[  543.530729][T12810] loop6: detected capacity change from 0 to 64
[  543.579198][ T3442] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.665484][   T48] hfs: request for non-existent node 1573 in B*Tree
[  543.685998][   T48] hfs: request for non-existent node 1573 in B*Tree
[  543.699777][T12786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  543.704383][   T48] hfs: request for non-existent node 1573 in B*Tree
[  543.727256][   T48] hfs: request for non-existent node 1573 in B*Tree
[  543.746744][ T3442] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.812776][T12786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  543.881876][ T3442] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.014257][T12786] team0: Port device team_slave_0 added
[  544.041189][T12786] team0: Port device team_slave_1 added
[  544.055485][T12824] loop5: detected capacity change from 0 to 4096
[  544.190197][ T3442] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.227838][T12824] ntfs3: loop5: ino=5, "/" directory corrupted
[  544.397116][ T5787] Bluetooth: hci1: command tx timeout
[  544.424214][T12786] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.462072][T12786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.528506][T12786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  544.562188][T12826] loop5: detected capacity change from 0 to 512
[  544.580365][T12786] batman_adv: batadv0: Adding interface: batadv_slave_1
[  544.607126][T12786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.670218][T12786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  544.741797][T12826] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.795139][T12826] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  544.900385][   T28] kauditd_printk_skb: 579 callbacks suppressed
[  544.900399][   T28] audit: type=1800 audit(1753579330.201:1228): pid=12826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2035" name="file1" dev="loop5" ino=15 res=0 errno=0
[  544.963824][T12786] hsr_slave_0: entered promiscuous mode
[  544.975918][   T28] audit: type=1800 audit(1753579330.231:1229): pid=12826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2035" name="file2" dev="loop5" ino=16 res=0 errno=0
[  545.007463][T12786] hsr_slave_1: entered promiscuous mode
[  545.064732][   T28] audit: type=1800 audit(1753579330.241:1230): pid=12826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2035" name="file1" dev="loop5" ino=15 res=0 errno=0
[  545.290088][ T3442] tipc: Left network mode
[  545.352120][T12837] netlink: 'syz.1.2036': attribute type 29 has an invalid length.
[  545.433384][T12839] loop6: detected capacity change from 0 to 512
[  545.435417][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.452711][T12837] netlink: 'syz.1.2036': attribute type 29 has an invalid length.
[  545.662343][   T28] audit: type=1326 audit(1753579330.961:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12840 comm="syz.5.2040" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe39ff8e9a9 code=0x0
[  545.760466][T12843] loop5: detected capacity change from 0 to 512
[  545.852999][T12843] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  545.868703][T12843] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  546.470094][T12786] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  546.487740][ T5787] Bluetooth: hci1: command tx timeout
[  546.490597][T12786] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  546.525842][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  546.544656][T12786] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  546.705756][T12786] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  546.778202][T12101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  546.799294][T12101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  546.809980][T12101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  546.824685][T12101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  546.834114][T12101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  546.845834][T12101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  546.912276][T12867] loop5: detected capacity change from 0 to 512
[  546.947811][T12867] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  546.993475][T12867] EXT4-fs (loop5): 1 truncate cleaned up
[  547.026842][T12867] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  547.185588][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  547.244891][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  547.296448][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  547.337780][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  547.348295][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  547.358824][ T3442] bridge_slave_1: left allmulticast mode
[  547.365618][ T3442] bridge_slave_1: left promiscuous mode
[  547.372674][ T3442] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.383433][ T3442] bridge_slave_0: left allmulticast mode
[  547.391435][ T3442] bridge_slave_0: left promiscuous mode
[  547.398587][ T3442] bridge0: port 1(bridge_slave_0) entered disabled state
[  547.445007][ T3442] veth1_macvtap: left promiscuous mode
[  547.453210][ T3442] veth0_macvtap: left promiscuous mode
[  547.460638][ T3442] veth1_vlan: left promiscuous mode
[  547.467121][ T3442] veth0_vlan: left promiscuous mode
[  548.103081][ T3442] team0 (unregistering): Port device team_slave_1 removed
[  548.163896][ T3442] team0 (unregistering): Port device team_slave_0 removed
[  548.241563][ T3442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  548.297036][ T3442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  548.557454][T12101] Bluetooth: hci1: command tx timeout
[  548.693720][ T3442] bond0 (unregistering): (slave team0): Releasing backup interface
[  548.861560][ T3442] bond0 (unregistering): Released all slaves
[  548.959584][T12101] Bluetooth: hci3: command tx timeout
[  549.029971][T12786] 8021q: adding VLAN 0 to HW filter on device bond0
[  549.179577][T12786] 8021q: adding VLAN 0 to HW filter on device team0
[  549.281398][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.290341][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  549.434799][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  549.443474][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  549.518662][T12899] netlink: 'syz.5.2061': attribute type 29 has an invalid length.
[  549.529931][T12899] netlink: 'syz.5.2061': attribute type 29 has an invalid length.
[  549.546767][T12899] netlink: 'syz.5.2061': attribute type 29 has an invalid length.
[  549.558440][T12899] netlink: 'syz.5.2061': attribute type 29 has an invalid length.
[  550.196746][T12859] chnl_net:caif_netlink_parms(): no params data found
[  550.216791][T12786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  550.346306][ T3442] IPVS: stop unused estimator thread 0...
[  550.556759][T12859] bridge0: port 1(bridge_slave_0) entered blocking state
[  550.587313][T12859] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.603175][T12915] loop5: detected capacity change from 0 to 2048
[  550.605107][T12859] bridge_slave_0: entered allmulticast mode
[  550.628720][T12859] bridge_slave_0: entered promiscuous mode
[  550.637063][T12101] Bluetooth: hci1: command tx timeout
[  550.666239][T12859] bridge0: port 2(bridge_slave_1) entered blocking state
[  550.682857][T12859] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.691716][T12859] bridge_slave_1: entered allmulticast mode
[  550.700591][T12859] bridge_slave_1: entered promiscuous mode
[  550.715792][T12915] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  550.784391][T12921] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  550.805221][T12859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  550.831667][T12859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  550.984220][T12859] team0: Port device team_slave_0 added
[  550.994374][T12859] team0: Port device team_slave_1 added
[  551.027882][T12859] batman_adv: batadv0: Adding interface: batadv_slave_0
[  551.036419][T12859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  551.068693][T12101] Bluetooth: hci3: command tx timeout
[  551.076281][T12859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  551.125890][ T3442] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.165147][T12859] batman_adv: batadv0: Adding interface: batadv_slave_1
[  551.173666][T12859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  551.278807][T12929] netlink: 'syz.5.2070': attribute type 29 has an invalid length.
[  551.530567][T12859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  551.800767][T12929] netlink: 'syz.5.2070': attribute type 29 has an invalid length.
[  551.816357][T12786] 8021q: adding VLAN 0 to HW filter on device batadv0
[  551.869105][ T3442] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.993837][ T3442] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.023122][T12859] hsr_slave_0: entered promiscuous mode
[  552.036460][T12859] hsr_slave_1: entered promiscuous mode
[  552.044379][T12859] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  552.063349][T12859] Cannot create hsr debugfs directory
[  552.104935][ T3442] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.209085][T12786] veth0_vlan: entered promiscuous mode
[  552.252564][T12786] veth1_vlan: entered promiscuous mode
[  552.386302][T12938] netlink: 'syz.5.2072': attribute type 29 has an invalid length.
[  552.415153][T12938] netlink: 'syz.5.2072': attribute type 29 has an invalid length.
[  552.460206][T12786] veth0_macvtap: entered promiscuous mode
[  552.489947][T12786] veth1_macvtap: entered promiscuous mode
[  552.534736][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  552.560161][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.598982][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  552.627856][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.642445][T12786] batman_adv: batadv0: Interface activated: batadv_slave_0
[  552.735632][T12940] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2073'.
[  552.780844][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.813444][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.834516][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.867028][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.886719][T12786] batman_adv: batadv0: Interface activated: batadv_slave_1
[  552.911905][T12941] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  552.929225][T12941] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  552.944806][T12941] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  552.962368][T12941] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  552.985950][T12941] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  553.095572][T12940] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2073'.
[  553.107523][T12940] 8021q: adding VLAN 0 to HW filter on device bond1
[  553.117714][T12101] Bluetooth: hci3: command tx timeout
[  553.219573][T12786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  553.236714][T12786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  553.277949][T12786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  553.303170][T12786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  553.316454][T12859] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  553.330826][T12859] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  553.349113][T12948] loop5: detected capacity change from 0 to 164
[  553.439574][T12859] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  553.467817][T12948] rock: directory entry would overflow storage
[  553.487307][T12948] rock: sig=0x4f50, size=4, remaining=3
[  553.494093][T12948] iso9660: Corrupted directory entry in block 4 of inode 1792
[  553.554339][T12859] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  553.927170][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.962617][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.982577][T12968] xt_CT: You must specify a L4 protocol and not use inversions on it
[  554.197965][ T7804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.220101][ T7804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.520071][T12859] 8021q: adding VLAN 0 to HW filter on device bond0
[  554.539481][T12972] netlink: 'syz.0.2019': attribute type 29 has an invalid length.
[  554.601449][T12859] 8021q: adding VLAN 0 to HW filter on device team0
[  554.636589][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.645227][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  554.683401][T12972] netlink: 'syz.0.2019': attribute type 29 has an invalid length.
[  554.742748][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.751357][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[  554.785908][T12973] netlink: 'syz.0.2019': attribute type 29 has an invalid length.
[  554.852110][T12975] netlink: 'syz.1.2082': attribute type 29 has an invalid length.
[  554.920462][ T3442] hsr_slave_0: left promiscuous mode
[  554.929065][ T3442] hsr_slave_1: left promiscuous mode
[  554.949087][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  554.965089][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.984201][T12977] loop0: detected capacity change from 0 to 164
[  554.992812][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  555.002058][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  555.024656][ T3442] bridge_slave_1: left allmulticast mode
[  555.037950][ T3442] bridge_slave_1: left promiscuous mode
[  555.044833][ T3442] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.075249][ T5786] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  555.108930][ T3442] bridge_slave_0: left allmulticast mode
[  555.115748][ T3442] bridge_slave_0: left promiscuous mode
[  555.167887][ T3442] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.207731][T12101] Bluetooth: hci3: command tx timeout
[  555.348683][ T3442] veth1_macvtap: left promiscuous mode
[  555.355360][ T3442] veth0_macvtap: left promiscuous mode
[  555.376517][ T3442] veth1_vlan: left promiscuous mode
[  555.397237][ T3442] veth0_vlan: left promiscuous mode
[  555.607363][T12987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2086'.
[  556.646653][ T3442] team0 (unregistering): Port device team_slave_1 removed
[  556.751448][ T3442] team0 (unregistering): Port device team_slave_0 removed
[  556.830776][ T3442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.893638][ T3442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  557.550340][ T3442] bond0 (unregistering): Released all slaves
[  557.632189][T12975] netlink: 'syz.1.2082': attribute type 29 has an invalid length.
[  557.642183][T12985] netlink: 'syz.0.2086': attribute type 10 has an invalid length.
[  557.714024][T12985] 8021q: adding VLAN 0 to HW filter on device team0
[  557.736012][T12985] bond0: (slave team0): Enslaving as an active interface with an up link
[  557.983542][   T28] audit: type=1326 audit(1753579343.281:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12994 comm="syz.0.2088" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ea058e9a9 code=0x0
[  558.344650][T12859] 8021q: adding VLAN 0 to HW filter on device batadv0
[  558.426437][T13013] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2091'.
[  558.761431][T13023] xt_CT: You must specify a L4 protocol and not use inversions on it
[  559.130582][T12859] veth0_vlan: entered promiscuous mode
[  559.160399][T12859] veth1_vlan: entered promiscuous mode
[  559.244804][T12859] veth0_macvtap: entered promiscuous mode
[  559.321648][T12859] veth1_macvtap: entered promiscuous mode
[  559.374038][T13034] netlink: 'syz.5.2096': attribute type 10 has an invalid length.
[  559.403228][T13035] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2096'.
[  559.637223][T13034] 8021q: adding VLAN 0 to HW filter on device team0
[  559.737357][T13034] bond0: (slave team0): Enslaving as an active interface with an up link
[  559.783709][T12859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  559.803319][T12859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  559.816694][T12859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  559.836630][T12859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  559.884489][T12859] batman_adv: batadv0: Interface activated: batadv_slave_0
[  559.926754][T12859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  559.942167][T12859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  559.955606][T12859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  559.974791][T12859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  559.995907][T12859] batman_adv: batadv0: Interface activated: batadv_slave_1
[  560.038902][T12859] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.049997][T12859] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.062421][T12859] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.073640][T12859] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.286357][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.327100][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.367428][ T3467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.391025][ T3467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.545094][T13044] netlink: 'syz.0.2097': attribute type 29 has an invalid length.
[  560.611070][T13044] netlink: 'syz.0.2097': attribute type 29 has an invalid length.
[  561.636689][ T5782] syz_tun (unregistering): left allmulticast mode
[  561.670771][ T5782] bridge0: port 3(syz_tun) entered disabled state
[  561.715196][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  561.752419][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  561.763250][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  561.783595][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  561.796649][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  561.805511][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  561.994778][T13064] loop5: detected capacity change from 0 to 1024
[  562.019526][   T42] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  562.042616][T13064] EXT4-fs: Ignoring removed orlov option
[  562.044941][T13066] loop0: detected capacity change from 0 to 1024
[  562.101645][T13066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.137109][T13066] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  562.192218][T13064] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.232888][   T42] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  562.270666][T12096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.364146][   T42] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  562.383132][T12786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.541627][   T42] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  562.615695][T13061] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  562.785710][T13056] chnl_net:caif_netlink_parms(): no params data found
[  563.019640][   T42] tipc: Left network mode
[  563.121500][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  563.129310][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  563.189994][T13094] xt_CT: You must specify a L4 protocol and not use inversions on it
[  563.349877][T13056] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.391406][T13056] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.465027][T13056] bridge_slave_0: entered allmulticast mode
[  563.484460][T13056] bridge_slave_0: entered promiscuous mode
[  563.576297][T13056] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.621464][T13056] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.644131][T13056] bridge_slave_1: entered allmulticast mode
[  563.690046][T13098] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2111'.
[  563.704247][T13098] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2111'.
[  563.725685][T13056] bridge_slave_1: entered promiscuous mode
[  563.871591][T13103] loop7: detected capacity change from 0 to 16
[  563.903801][T13103] erofs: (device loop7): mounted with root inode @ nid 36.
[  563.930253][T13056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  563.964499][T13056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  564.101468][T13056] team0: Port device team_slave_0 added
[  564.125856][T13056] team0: Port device team_slave_1 added
[  564.215788][T13056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  564.225220][T13056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.287648][T13056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.346831][T13056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.392277][T13113] loop0: detected capacity change from 0 to 1024
[  564.400130][T13056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.400157][T13056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.514842][T13113] EXT4-fs: Ignoring removed orlov option
[  564.529674][T13113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  564.723436][   T42] batman_adv: batadv0: Removing interface: gretap1
[  564.747393][T13120] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  564.788918][T13120] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  564.821767][T13056] hsr_slave_0: entered promiscuous mode
[  564.834162][T13056] hsr_slave_1: entered promiscuous mode
[  564.845989][T13056] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  564.860973][T13056] Cannot create hsr debugfs directory
[  564.908796][T12786] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  564.943343][T12786] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  565.086681][T13125] xt_CT: You must specify a L4 protocol and not use inversions on it
[  565.101723][T13124] loop5: detected capacity change from 0 to 512
[  565.682844][T13127] netlink: 68 bytes leftover after parsing attributes in process `syz.7.2123'.
[  565.706024][T12786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  565.894674][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.913406][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  565.960938][   T42] bridge_slave_1: left allmulticast mode
[  565.974365][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.991471][   T42] bridge_slave_0: left allmulticast mode
[  566.007629][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.069643][   T42] bond1 (unregistering): (slave geneve2): Releasing backup interface
[  566.405825][   T42] bond1 (unregistering): Released all slaves
[  566.483391][   T42] team0 (unregistering): Port device bridge1 removed
[  566.677771][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  566.692006][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  566.702312][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  566.715852][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  566.727993][ T5787] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  566.737155][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  566.799727][T12099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  566.821920][T12099] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  566.834789][T12099] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  566.853861][T12099] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  566.871312][T12099] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  566.887813][T12099] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  567.252422][   T42] team0 (unregistering): Port device team_slave_1 removed
[  567.311383][   T42] team0 (unregistering): Port device team_slave_0 removed
[  567.362628][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  567.423874][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  567.794710][   T42] bond0 (unregistering): (slave team0): Releasing backup interface
[  567.957417][   T42] bond0 (unregistering): Released all slaves
[  568.651795][   T42] IPVS: stop unused estimator thread 0...
[  568.719380][T13137] chnl_net:caif_netlink_parms(): no params data found
[  568.797134][ T5787] Bluetooth: hci1: command tx timeout
[  568.845734][T13135] chnl_net:caif_netlink_parms(): no params data found
[  568.866916][T13056] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  568.903376][T13056] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  568.950288][   T42] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.963259][ T5787] Bluetooth: hci2: command tx timeout
[  568.978102][T13056] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  569.001901][T13056] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  569.070599][   T42] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.101331][T13135] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.110282][T13135] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.119450][T13135] bridge_slave_0: entered allmulticast mode
[  569.128914][T13135] bridge_slave_0: entered promiscuous mode
[  569.137998][T13135] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.146517][T13135] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.155240][T13135] bridge_slave_1: entered allmulticast mode
[  569.163616][T13135] bridge_slave_1: entered promiscuous mode
[  569.201376][   T42] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.245716][T13137] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.254349][T13137] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.262997][T13137] bridge_slave_0: entered allmulticast mode
[  569.271857][T13137] bridge_slave_0: entered promiscuous mode
[  569.283338][T13135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.315399][   T42] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.332417][T13137] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.341391][T13137] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.350797][T13137] bridge_slave_1: entered allmulticast mode
[  569.359292][T13137] bridge_slave_1: entered promiscuous mode
[  569.380912][T13135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  569.425652][T13137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.454740][T13135] team0: Port device team_slave_0 added
[  569.467220][T13137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  569.486427][T13135] team0: Port device team_slave_1 added
[  569.573566][T13135] batman_adv: batadv0: Adding interface: batadv_slave_0
[  569.586335][T13135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.620345][T13135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  569.651309][T13160] Bluetooth: MGMT ver 1.22
[  569.662551][T13135] batman_adv: batadv0: Adding interface: batadv_slave_1
[  569.671899][T13135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.705411][T13135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  569.743362][T13137] team0: Port device team_slave_0 added
[  569.796516][T13162] loop7: detected capacity change from 0 to 512
[  569.807935][T13162] EXT4-fs: Ignoring removed nobh option
[  569.844927][T13162] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -13
[  569.872497][T13162] EXT4-fs error (device loop7): ext4_clear_blocks:883: inode #13: comm syz.7.2131: attempt to clear invalid blocks 1 len 1
[  569.891859][T13137] team0: Port device team_slave_1 added
[  569.898602][T13162] EXT4-fs (loop7): Remounting filesystem read-only
[  569.900094][T13162] EXT4-fs (loop7): 1 truncate cleaned up
[  569.934659][T13162] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.975967][T13135] hsr_slave_0: entered promiscuous mode
[  569.987766][T13135] hsr_slave_1: entered promiscuous mode
[  569.995273][T13135] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.004585][T13135] Cannot create hsr debugfs directory
[  570.030337][T12859] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  570.090666][T13137] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.110544][T13137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.144714][T13137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.209137][   T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.250889][T13137] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.260280][T13137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.292275][T13137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.331253][   T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.377134][ T5839] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  570.394347][T13137] hsr_slave_0: entered promiscuous mode
[  570.402606][T13137] hsr_slave_1: entered promiscuous mode
[  570.411253][T13137] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.420475][T13137] Cannot create hsr debugfs directory
[  570.459899][   T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.533902][T13056] 8021q: adding VLAN 0 to HW filter on device bond0
[  570.568678][ T5839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  570.581173][   T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.583431][ T5839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.606199][ T5839] usb 8-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  570.617296][ T5839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.641597][ T5839] usb 8-1: config 0 descriptor??
[  570.765433][T13056] 8021q: adding VLAN 0 to HW filter on device team0
[  570.793346][ T3442] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.801922][ T3442] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.863396][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.871992][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.887194][ T5787] Bluetooth: hci1: command tx timeout
[  571.008454][T13137] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  571.039256][ T5787] Bluetooth: hci2: command tx timeout
[  571.067387][T13137] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  571.102534][T13056] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  571.108794][ T5839] razer 0003:1532:010E.0003: unknown main item tag 0x1
[  571.115791][T13056] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  571.161390][T13137] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  571.305956][ T5839] razer 0003:1532:010E.0003: failed to enable macro keys: -71
[  571.348606][ T5839] razer 0003:1532:010E.0003: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.7-1/input0
[  571.387547][ T5839] usb 8-1: USB disconnect, device number 2
[  571.388542][T13137] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  571.471144][T13168] fido_id[13168]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  571.619531][T13135] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  571.632695][T13135] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  571.644375][T13135] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  571.702543][T13135] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  571.766220][T13056] 8021q: adding VLAN 0 to HW filter on device batadv0
[  572.251770][T13190] netlink: 'syz.7.2136': attribute type 1 has an invalid length.
[  572.270065][T13056] veth0_vlan: entered promiscuous mode
[  572.289699][T13190] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  572.301096][T13190] batadv_slave_1: entered promiscuous mode
[  572.315412][T13190] batman_adv: batadv0: Removing interface: batadv_slave_1
[  572.425159][T13056] veth1_vlan: entered promiscuous mode
[  572.492997][T13135] 8021q: adding VLAN 0 to HW filter on device bond0
[  572.546244][T13137] 8021q: adding VLAN 0 to HW filter on device bond0
[  572.606181][T13056] veth0_macvtap: entered promiscuous mode
[  572.618240][T13056] veth1_macvtap: entered promiscuous mode
[  572.629480][T13135] 8021q: adding VLAN 0 to HW filter on device team0
[  572.664482][T13137] 8021q: adding VLAN 0 to HW filter on device team0
[  572.667437][ T5883] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  572.688420][ T3442] bridge0: port 1(bridge_slave_0) entered blocking state
[  572.697001][ T3442] bridge0: port 1(bridge_slave_0) entered forwarding state
[  572.711093][ T3442] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.719670][ T3442] bridge0: port 2(bridge_slave_1) entered forwarding state
[  572.765278][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  572.773901][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  572.835391][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.844014][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  572.861314][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.876232][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.889451][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.897405][ T5883] usb 8-1: Using ep0 maxpacket: 32
[  572.902389][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.919771][ T5883] usb 8-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  572.923309][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.944033][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.945595][ T5883] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.958181][T13056] batman_adv: batadv0: Interface activated: batadv_slave_0
[  572.966630][ T5787] Bluetooth: hci1: command tx timeout
[  572.997547][ T5883] usb 8-1: config 0 descriptor??
[  573.015257][ T5883] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  573.052263][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066273][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.078376][T13056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.090954][T13056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.104401][T13056] batman_adv: batadv0: Interface activated: batadv_slave_1
[  573.127683][ T5787] Bluetooth: hci2: command tx timeout
[  573.175150][T13056] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  573.187242][T13056] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  573.202575][T13056] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  573.213631][T13056] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  573.243366][T13137] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  573.274547][   T42] hsr_slave_0: left promiscuous mode
[  573.282412][   T42] hsr_slave_1: left promiscuous mode
[  573.292568][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  573.302388][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  573.312021][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  573.321512][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  573.331757][   T42] bridge_slave_1: left allmulticast mode
[  573.338617][   T42] bridge_slave_1: left promiscuous mode
[  573.345445][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.356061][   T42] bridge_slave_0: left allmulticast mode
[  573.364326][   T42] bridge_slave_0: left promiscuous mode
[  573.373407][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.391437][   T42] hsr_slave_0: left promiscuous mode
[  573.398734][   T42] hsr_slave_1: left promiscuous mode
[  573.405893][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  573.415651][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  573.426986][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  573.435984][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  573.446242][   T42] bridge_slave_1: left allmulticast mode
[  573.453600][   T42] bridge_slave_1: left promiscuous mode
[  573.460528][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.472627][   T42] bridge_slave_0: left allmulticast mode
[  573.479760][   T42] bridge_slave_0: left promiscuous mode
[  573.486643][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.540680][   T42] veth1_macvtap: left promiscuous mode
[  573.547639][   T42] veth0_macvtap: left promiscuous mode
[  573.554340][   T42] veth1_vlan: left promiscuous mode
[  573.560976][   T42] veth0_vlan: left promiscuous mode
[  573.569677][   T42] veth1_macvtap: left promiscuous mode
[  573.576277][   T42] veth0_macvtap: left promiscuous mode
[  573.583109][   T42] veth1_vlan: left promiscuous mode
[  573.591420][   T42] veth0_vlan: left promiscuous mode
[  574.444448][ T5883] gspca_vc032x: reg_w err -71
[  574.450190][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.459665][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.466050][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.472856][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.481728][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.488469][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.494853][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.496565][   T42] team0 (unregistering): Port device team_slave_1 removed
[  574.507508][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.516742][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.525505][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.552774][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.559387][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.565751][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.572511][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.578940][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.585279][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.591855][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.599023][   T42] team0 (unregistering): Port device team_slave_0 removed
[  574.600263][ T5883] gspca_vc032x: I2c Bus Busy Wait 00
[  574.614130][ T5883] gspca_vc032x: Unknown sensor...
[  574.620580][ T5883] vc032x: probe of 8-1:0.0 failed with error -22
[  574.637317][ T5883] usb 8-1: USB disconnect, device number 3
[  574.683024][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  574.750815][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  575.052279][ T5787] Bluetooth: hci1: command tx timeout
[  575.207238][ T5787] Bluetooth: hci2: command tx timeout
[  575.308935][   T42] bond0 (unregistering): (slave team0): Releasing backup interface
[  575.517110][   T42] bond0 (unregistering): Released all slaves
[  576.275141][   T42] team0 (unregistering): Port device team_slave_1 removed
[  576.337942][   T42] team0 (unregistering): Port device team_slave_0 removed
[  576.396509][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  576.474680][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  577.055769][   T42] bond0 (unregistering): (slave team0): Releasing backup interface
[  577.251364][   T42] bond0 (unregistering): Released all slaves
[  577.578246][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.600237][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.866316][ T3442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.887977][T13137] 8021q: adding VLAN 0 to HW filter on device batadv0
[  577.898865][ T3442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.086392][T13207] loop1: detected capacity change from 0 to 512
[  578.151298][T13135] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.169009][T13207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.268301][T13207] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  578.405157][T13207] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  578.479684][T13207] EXT4-fs (loop1): Remounting filesystem read-only
[  578.542570][T13221] loop7: detected capacity change from 0 to 128
[  578.583417][T13056] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.604309][ T7804] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync!
[  578.643125][ T7804] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync!
[  578.662070][T13221] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[  578.711494][T13137] veth0_vlan: entered promiscuous mode
[  578.725442][T13221] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  578.774478][T13137] veth1_vlan: entered promiscuous mode
[  578.845706][T13221] ------------[ cut here ]------------
[  578.853257][T13221] WARNING: CPU: 0 PID: 13221 at fs/udf/truncate.c:224 udf_truncate_extents+0xd46/0xeb0
[  578.865364][T13221] Modules linked in:
[  578.870602][T13221] CPU: 0 PID: 13221 Comm: syz.7.2140 Not tainted 6.6.100-syzkaller #0
[  578.881117][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  578.893616][T13221] RIP: 0010:udf_truncate_extents+0xd46/0xeb0
[  578.901315][T13221] Code: 65 48 8b 04 25 28 00 00 00 48 3b 84 24 80 01 00 00 75 70 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4a 4f 8e fe <0f> 0b eb 8e 44 89 e9 80 e1 07 38 c1 0f 8c ec f3 ff ff 4c 89 ef e8
[  578.923111][T13137] veth0_macvtap: entered promiscuous mode
[  578.925667][T13221] RSP: 0018:ffffc900035f78e0 EFLAGS: 00010283
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  578.939930][T13221] RAX: ffffffff82f74636 RBX: 1ffff1100b2a280a RCX: 0000000000080000
[  578.950090][T13221] RDX: ffffc9000cb71000 RSI: 0000000000013eeb RDI: 0000000000013eec
[  578.960036][T13221] RBP: ffffc900035f7ac0 R08: ffff888028c79e00 R09: 0000000000000002
[  578.969936][T13221] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000
[  578.979776][T13221] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a
[  578.990597][T13221] FS:  00007fa95e1fe6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  579.001387][T13221] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  579.009389][T13221] CR2: 00007eff73814000 CR3: 000000003005d000 CR4: 00000000003506f0
[  579.019033][T13221] Call Trace:
[  579.022983][T13221]  <TASK>
[  579.026531][T13221]  ? udf_discard_prealloc+0x570/0x570
[  579.033151][T13221]  ? udf_write_failed+0x178/0x1b0
[  579.039278][T13221]  ? __lock_acquire+0x7c80/0x7c80
[  579.045332][T13221]  ? __rwlock_init+0x90/0x150
[  579.051422][T13221]  ? down_write+0x162/0x1f0
[  579.056997][T13221]  ? do_raw_spin_unlock+0x121/0x230
[  579.063259][T13221]  udf_write_failed+0x180/0x1b0
[  579.069187][T13221]  udf_write_begin+0x21f/0x430
[  579.075003][T13221]  generic_perform_write+0x2fb/0x5b0
[  579.081495][T13221]  ? generic_file_direct_write+0x3e0/0x3e0
[  579.088569][T13221]  ? __mnt_drop_write_file+0xc3/0x100
[  579.095074][T13221]  ? __generic_file_write_iter+0xf7/0x230
[  579.102100][T13221]  ? udf_file_write_iter+0x2b1/0x620
[  579.108555][T13221]  udf_file_write_iter+0x2c0/0x620
[  579.114713][T13221]  vfs_write+0x43b/0x940
[  579.120147][T13221]  ? file_end_write+0x250/0x250
[  579.125998][T13221]  ? __fget_files+0x44a/0x4d0
[  579.131723][T13221]  ? __fdget_pos+0x2a3/0x330
[  579.137336][T13221]  ? ksys_write+0x75/0x250
[  579.142666][T13221]  ksys_write+0x147/0x250
[  579.147970][T13221]  ? __ia32_sys_read+0x90/0x90
[  579.154073][T13221]  ? lockdep_hardirqs_on+0x98/0x150
[  579.160597][T13221]  do_syscall_64+0x55/0xb0
[  579.165906][T13221]  ? clear_bhb_loop+0x40/0x90
[  579.171623][T13221]  ? clear_bhb_loop+0x40/0x90
[  579.177316][T13221]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  579.184410][T13221] RIP: 0033:0x7fa95d38e9a9
[  579.189831][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.213673][T13221] RSP: 002b:00007fa95e1fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  579.223858][T13221] RAX: ffffffffffffffda RBX: 00007fa95d5b5fa0 RCX: 00007fa95d38e9a9
[  579.233662][T13221] RDX: 00000000fffffdab RSI: 0000200000000000 RDI: 0000000000000004
[  579.243298][T13221] RBP: 00007fa95d410d69 R08: 0000000000000000 R09: 0000000000000000
[  579.253419][T13221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  579.263203][T13221] R13: 0000000000000000 R14: 00007fa95d5b5fa0 R15: 00007fff8846cac8
[  579.272967][T13221]  </TASK>
[  579.276598][T13221] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  579.285321][T13221] CPU: 0 PID: 13221 Comm: syz.7.2140 Not tainted 6.6.100-syzkaller #0
[  579.295080][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  579.307121][T13221] Call Trace:
[  579.311040][T13221]  <TASK>
[  579.314541][T13221]  dump_stack_lvl+0x16c/0x230
[  579.320134][T13221]  ? show_regs_print_info+0x20/0x20
[  579.326346][T13221]  ? load_image+0x3b0/0x3b0
[  579.331744][T13221]  panic+0x2c0/0x710
[  579.336406][T13221]  ? bpf_jit_dump+0xd0/0xd0
[  579.341799][T13221]  __warn+0x2e0/0x470
[  579.346560][T13221]  ? udf_truncate_extents+0xd46/0xeb0
[  579.352982][T13221]  ? udf_truncate_extents+0xd46/0xeb0
[  579.359401][T13221]  report_bug+0x2be/0x4f0
[  579.364574][T13221]  ? udf_truncate_extents+0xd46/0xeb0
[  579.370996][T13221]  ? udf_truncate_extents+0xd46/0xeb0
[  579.377414][T13221]  ? udf_truncate_extents+0xd48/0xeb0
[  579.383830][T13221]  handle_bug+0xcf/0x120
[  579.388903][T13221]  exc_invalid_op+0x1a/0x50
[  579.394279][T13221]  asm_exc_invalid_op+0x1a/0x20
[  579.400077][T13221] RIP: 0010:udf_truncate_extents+0xd46/0xeb0
[  579.407227][T13221] Code: 65 48 8b 04 25 28 00 00 00 48 3b 84 24 80 01 00 00 75 70 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4a 4f 8e fe <0f> 0b eb 8e 44 89 e9 80 e1 07 38 c1 0f 8c ec f3 ff ff 4c 89 ef e8
[  579.430739][T13221] RSP: 0018:ffffc900035f78e0 EFLAGS: 00010283
[  579.438003][T13221] RAX: ffffffff82f74636 RBX: 1ffff1100b2a280a RCX: 0000000000080000
[  579.447544][T13221] RDX: ffffc9000cb71000 RSI: 0000000000013eeb RDI: 0000000000013eec
[  579.457088][T13221] RBP: ffffc900035f7ac0 R08: ffff888028c79e00 R09: 0000000000000002
[  579.466634][T13221] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000
[  579.476175][T13221] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a
[  579.485726][T13221]  ? udf_truncate_extents+0xd46/0xeb0
[  579.492169][T13221]  ? udf_discard_prealloc+0x570/0x570
[  579.498594][T13221]  ? udf_write_failed+0x178/0x1b0
[  579.504598][T13221]  ? __lock_acquire+0x7c80/0x7c80
[  579.510599][T13221]  ? __rwlock_init+0x90/0x150
[  579.516181][T13221]  ? down_write+0x162/0x1f0
[  579.521572][T13221]  ? do_raw_spin_unlock+0x121/0x230
[  579.527788][T13221]  udf_write_failed+0x180/0x1b0
[  579.533586][T13221]  udf_write_begin+0x21f/0x430
[  579.539280][T13221]  generic_perform_write+0x2fb/0x5b0
[  579.545611][T13221]  ? generic_file_direct_write+0x3e0/0x3e0
[  579.552548][T13221]  ? __mnt_drop_write_file+0xc3/0x100
[  579.558980][T13221]  ? __generic_file_write_iter+0xf7/0x230
[  579.565826][T13221]  ? udf_file_write_iter+0x2b1/0x620
[  579.572148][T13221]  udf_file_write_iter+0x2c0/0x620
[  579.578266][T13221]  vfs_write+0x43b/0x940
[  579.583340][T13221]  ? file_end_write+0x250/0x250
[  579.589154][T13221]  ? __fget_files+0x44a/0x4d0
[  579.594750][T13221]  ? __fdget_pos+0x2a3/0x330
[  579.600228][T13221]  ? ksys_write+0x75/0x250
[  579.605499][T13221]  ksys_write+0x147/0x250
[  579.610669][T13221]  ? __ia32_sys_read+0x90/0x90
[  579.616362][T13221]  ? lockdep_hardirqs_on+0x98/0x150
[  579.622579][T13221]  do_syscall_64+0x55/0xb0
[  579.627856][T13221]  ? clear_bhb_loop+0x40/0x90
[  579.633453][T13221]  ? clear_bhb_loop+0x40/0x90
[  579.639055][T13221]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  579.646520][T13221] RIP: 0033:0x7fa95d38e9a9
[  579.651791][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.675398][T13221] RSP: 002b:00007fa95e1fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  579.685471][T13221] RAX: ffffffffffffffda RBX: 00007fa95d5b5fa0 RCX: 00007fa95d38e9a9
[  579.695009][T13221] RDX: 00000000fffffdab RSI: 0000200000000000 RDI: 0000000000000004
[  579.704567][T13221] RBP: 00007fa95d410d69 R08: 0000000000000000 R09: 0000000000000000
[  579.714103][T13221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  579.723636][T13221] R13: 0000000000000000 R14: 00007fa95d5b5fa0 R15: 00007fff8846cac8
[  579.733195][T13221]  </TASK>
[  579.737030][T13221] Kernel Offset: disabled
[  579.742267][T13221] Rebooting in 86400 seconds..