last executing test programs:

4m41.791391154s ago: executing program 0 (id=1):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

4m41.672198101s ago: executing program 0 (id=6):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000800030003"], 0x68}}, 0x64000004)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x10000051}, 0x24008840)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

4m30.805059903s ago: executing program 2 (id=86):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e26, @empty}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="8000000002000200080004000000000008001b"], 0x30}}, 0x0)

4m30.388513898s ago: executing program 2 (id=89):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x8002c}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0xffffffffffff7fff}, @fda={0x66646185, 0x9, 0x1, 0x1}}, &(0x7f0000000300)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

4m30.284913693s ago: executing program 2 (id=90):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe7", 0x0, 0x18})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xff}, {0x2000, 0x8080000, 0xc, 0x0, 0x7, 0xc6, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x7, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0xb, 0x0, 0xfd, 0x4, 0x0, 0x0, 0x0, 0x3f}, {0x100000, 0x0, 0x0, 0x78, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xdddd1000, 0xeeee0000, 0xa, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0xffffffffffffffff]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m30.058302577s ago: executing program 2 (id=92):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000180), 0xfa, 0x58f, &(0x7f0000002d00)="$eJzs3U1rXFUfAPD/nUzSNu3zNIVS1IUUurBSO2kSXyoI1pWIFgu6r0MyDSWTTslMShMLtgu7cSNFELEgfgD3LotfwE9R0EKREnQhQuRO7qTTZCavE2fS+f3gtufMuTfn/nPuOTln7gw3gL51Mv0nF/FiRHydRBxtKstHVnhyZb+lJ7cm0y2J5eVP/kgiyV5r7J9k/x/OMi9ExC9fRpzJra+3urA4UyyXS3NZfrQ2e320urB49upscbo0Xbo2PjFx/o2J8bfferNjsb566a/vPn7wwfmvTi19+9OjY/eSuBBHsrLmOHbhdnPmZPGfLDUYF9bsONaBynpJ0u0TYEcGsn4+GOkYcDQGsl4PPP++iIhloE8l+j/0qcY8oLG279A6eN94/N7KAqge+1Bz/PmV90biYH1tNLyUPLMySte7Ix2oP63j59/v30u32Ph9iEOb5AG25fadiDiXz68f/5Ns/Nu5c/U3jze2to5++/sD3fQgnf+81mr+l1ud/0SL+c/hFn13Jzbv/7lHHaimrXT+907L+e/q0DUykOX+V5/zDSZXrpZL5yLi/xFxOgYPpPmN7uecX3q43K6sef6Xbmn9jblgdh6P8geePWaqWCtGxNBu4m54fCfipXyr+JPV9k9atH/6+7i0xTpOlO6/3K5s8/j31vKPEa+0bP+nd7SSje9Pjtavh9HGVbHen3dP/Nqu/m7Hn7b/8MbxjyTN92ur26/jh4N/l9qVpfEP7+D6H0o+racbneBmsVabG4sYSj5a//r402Mb+cb+afynT63E/+xkJbfh9Z8uvj7bYvx3j99tu2svtP/Uttp/+4mHH37+fbv6tzb+vV5Pnc5eyca/1rJrZasnuNvfHwAAAAAAAPSSXEQciSRXWE3ncoXCyuc7jsdwrlyp1s5cqcxfm4r6d2VHYjDXuNN9tOnzEGPZ52Eb+fE1+YmIOBYR3wwcqucLk5XyVLeDBwAAAAAAAAAAAAAAAAAAgB5xuM33/1O/DXT77IA9V3+wwYFunwXQDZs+8r8TT3oCetKm/R94bun/0L/0f+hfa/t/R54sDOwL/v5D/9L/oX/p/9C/9H8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqEsXL6bb8tKTW5NpfurGwvxM5cbZqVJ1pjA7P1mYrMxdL0xXKtPlUmGyMrvZzytXKtfHxmP+5mitVK2NVhcWL89W5q/VLl+dLU6XLpcG/5OoAAAAAAAAAAAAAAAAAAAAYH+pLizOFMvl0txqIp+VzK0v6tPEu9ETp7GXAa7Y0eH5XolibxLvD/TEaewmcSdr3u0d1aUBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa+DcAAP//Rm0oPg==")
fallocate(0xffffffffffffffff, 0x0, 0x9, 0x2000403)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20000, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

4m29.65417518s ago: executing program 2 (id=98):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x61)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000140))

4m29.123238261s ago: executing program 2 (id=105):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x280a01, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5405, 0x0, 0x0)

4m29.064982185s ago: executing program 32 (id=105):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x280a01, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5405, 0x0, 0x0)

4m28.088961672s ago: executing program 3 (id=114):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x14a0, &(0x7f0000000700)=ANY=[], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, r1)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3})

4m27.93958952s ago: executing program 3 (id=115):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x21c000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000180)=0x800, 0x4)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000000c0)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r3, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)

4m27.726413352s ago: executing program 3 (id=116):
socket(0x1b, 0x3, 0x9)
r0 = socket$inet6(0xa, 0x800000000000002, 0x8)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000600)={0x200000000000001, 0x3}, 0x8)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x47, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220500000083"], 0x0}, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x34000, 0x0)
syz_open_dev$evdev(&(0x7f0000000340), 0x3f, 0x0)

4m26.875741422s ago: executing program 3 (id=118):
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a1", 0xa}], 0x1}, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x8, 0x95, 0x0, 0x8, 0x8e, 0x5}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m26.798492627s ago: executing program 3 (id=119):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xd000, 0x43102})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x9, 0x3, 0x0, 0x7], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x5, 0x5, 0x2, 0x89}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x3, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0xc000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0x15, 0x7, 0x3, 0x9, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0x0, 0x1500, 0x3000, [0x9, 0x204, 0x5b, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m26.702138032s ago: executing program 3 (id=120):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@nodevmap}, {@access_any}], [], 0x6b}})
read$FUSE(r0, &(0x7f0000000740)={0x2020}, 0x2020)
chdir(&(0x7f0000000240)='./file0\x00')
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0)

4m26.585426599s ago: executing program 33 (id=6):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000800030003"], 0x68}}, 0x64000004)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x10000051}, 0x24008840)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

4m11.591281951s ago: executing program 34 (id=120):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@nodevmap}, {@access_any}], [], 0x6b}})
read$FUSE(r0, &(0x7f0000000740)={0x2020}, 0x2020)
chdir(&(0x7f0000000240)='./file0\x00')
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0)

2m58.155969904s ago: executing program 4 (id=607):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crc32c-generic)\x00'}, 0x58)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x400000000000000})
fcntl$lock(r2, 0x7, &(0x7f0000001140)={0x1, 0x2, 0x6})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20000184)

2m56.814356252s ago: executing program 4 (id=620):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r2=>0x0})
r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r0, r2, 0x25, 0x0, @void}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="20000000110001002cbd70000000000000000000", @ANYRES32=r5], 0x20}}, 0x2000e844)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r0, 0x4, r0}, 0x10)

2m55.717383336s ago: executing program 4 (id=630):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
close(r1)
socket$inet(0x2, 0x1, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f00000021c0)={0x0, 0x5011, 0x8, 0x8001, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000002180)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0xffff, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xa0028000})

2m55.597127023s ago: executing program 4 (id=633):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x223}}, './file1\x00'})

2m55.455207991s ago: executing program 4 (id=636):
syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x0)

2m54.597900431s ago: executing program 4 (id=641):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002180), 0xa0002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f0000000700)="2e3665f2af6766c74424005f0000006766c7442402000000006766c744240600000000670f011c2466b9030100c066b85bd1e45366bad6062a620f3066b9370200000f320f01d1440f20c066350f000000440f22c066660f383b8032500fe99400003e2e660fc7b302000f20e06635200000000f22e0", 0x76}], 0xaaaaaaaaaaaaaae, 0x54, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000)={0x79})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2m54.544714384s ago: executing program 35 (id=641):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002180), 0xa0002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f0000000700)="2e3665f2af6766c74424005f0000006766c7442402000000006766c744240600000000670f011c2466b9030100c066b85bd1e45366bad6062a620f3066b9370200000f320f01d1440f20c066350f000000440f22c066660f383b8032500fe99400003e2e660fc7b302000f20e06635200000000f22e0", 0x76}], 0xaaaaaaaaaaaaaae, 0x54, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000)={0x79})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

12.261889056s ago: executing program 8 (id=1416):
syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000001980), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg0\x00'}]}, 0x34}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e00)={0x14, r3, 0x311, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x8010)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_clone3(0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140), 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)

10.222945045s ago: executing program 1 (id=1422):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$key(0xf, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r3 = eventfd(0x0)
write$binfmt_misc(r3, &(0x7f0000000200)="3acf172daec69f65", 0x8)

10.210415766s ago: executing program 6 (id=1423):
socket$netlink(0x10, 0x3, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0xd931d3864d39dcca)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$packet(0x11, 0x3, 0x300)
syz_open_procfs$pagemap(0x0, &(0x7f00000001c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
openat(0xffffffffffffff9c, 0x0, 0x0, 0xc1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./file0\x00', 0x18a)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r3, @ANYRES64=r0], 0x0)

8.487159816s ago: executing program 8 (id=1426):
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x31, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="800037", 0x3, 0x4000, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x10102, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)

8.185536333s ago: executing program 6 (id=1428):
socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)

7.364951712s ago: executing program 5 (id=1429):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
shutdown(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r5=>0x0})
sendto$packet(r3, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14)

6.932050036s ago: executing program 6 (id=1431):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x6c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
ioctl$I2C_PEC(r0, 0x708, 0x2)

6.058731827s ago: executing program 7 (id=1432):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000280)=0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup2(r0, r3)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r3, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000080)={r2, 0x2, 0x1, "fa"}, 0x9)
sendto$inet6(r0, &(0x7f0000000180)="86", 0x1, 0x20000100, &(0x7f00000000c0)={0xa, 0x4e24, 0x8, @private0, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000140)={r2, 0x2}, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b2a, 0x0)
ioctl(0xffffffffffffffff, 0x8b1a, &(0x7f0000000040))

6.058221647s ago: executing program 8 (id=1433):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r4, r3, 0x0, 0x3a)
syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="63727566742c6d61703d6e6f726d616c2c73657373696f6e3d3078303030303030303030303030303031362c636865636b3d72656c617865642c636865636b3d72656c617865642c004ebe02d83839c183098ea4c343c253a3817a1be99fce11d4eb199c8293a8e4edde99717f074b2f8657ce6ba6ad43223cc53c7956558e58c034cc0480ac8c6aa3dc369cd820bf5e83cbc56c0a80d15de24e02d679ed41f8c6c857ae056f277f0cf61fd89cdbf69e958ecb1fb37260f1579c4aa969bbd1f441590c9176efa1e5b98583b0ed66fdc6f1c3311d3033b260303cc6556bd6ce3d5e3c85b1d4cf3d35b7dbce8b8545f832c1346e6a0dd95ed6144444fba9592efe8559", @ANYRES16], 0x1, 0x538, &(0x7f0000003480)="$eJzs3VFr21YbwPFHaULyulBe3neUEpL2NN0ghdST7TbFlF1o8rFzWlkyklySqxIap4Q6XWk2WHIzetNtsH2I3u5DjH2hsruxuwxJduskjh3S1M7C/2facyw91nkkGz0otiQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiuRXbLljiGb+5qo7nVsKgPmB+d3m3DzQDxhWxkn8yMyPXsknXPvsw+2ry34LMZc/mZCZpZmTv8tX/Pvj/5ET39QMSGomd3b3n6+1269W4ExmTmvZNFJi6U9PKRIEq/0dEVqqRqhpPR2tRrOvKDbUTB6FadG+rQrlcUjq/FjT9WsXxdHfi/TtF215WD/MN7YRR4H/5MB+5K8bzjF9LY5LZScz95IP4yMQq1k5dqc2tdqs0LMkkqHCSoOKwoKJdLBYKxWJh+V753n3bnjwywT5EjkSM/0OL8TrjPThwehOd+i+eGPGlKaui+j5cqUgogdSPmd/Rrf9fTA8et7f+d6v8tQ+zZyWt/9ezZ9ePq//H5DK6x47syp48l3VpS1ta8mrsGY32URMtvhiJJBAjdXHSKaozRUlZlmVZbHkiK1KVSJRUxYgnWiJZk0hi0eknypVQtDgSSyChKFkUV26LkoLsT5elJEq05GVNAmmKLzWpiJMuZVO20u1eGpDj+6DCSYKKA4Ko//h4Z74PB05rv1v/AQAAAADAhWWlf31Pjv+nZF5kypKq8bQ97rQAAAAAAMAZSr/5n0uaqaQ3LxbH/wAAAAAAXDRWeo6dJSI5uZH1umdC8UcAAAAAAAAuiPT7/+tJk0t6N8Ti+B8AAAAAgIvmp+7VdycOXWP3j3SqZUnUmLZ+/1PCcMp63Vj93Np2khnO9qXsdZcOLzGuzlpXOgtJm+XJzjNXz1mdq1++vwjmu06zOexa/9YZJCC/yM0s5uZG1m5052Sj5KrG03k38B4UxHGuTMR6Nf7uxdb3kq7+z379iiWbW+1W/uk37Y00l9fJUl5vdy6geOQ6igNy+Vbms5j5/ms8lZ6I0Rk3l41r967/RPeNO/mYb2Qhi1nIZW3u4PrPJGMW8g+663Fo7bMspkXko9b8jdzKYm4t3sqaPlkU88e9B51tUezd/qfaFifIojQsi9KwLC5/NTALABiXzSFVyDpa+E+xrx1NdX8ji1nM4my6Y52c7bNHt4ft0e2PrOu/HbkHUv8aW0jH/TUZ9wfZarcK6bhvkxe8PXbcyCtaMvPyr/397ZdydWd3787W9vqz1rPWi2KxtGzfte17RZna3Jps2UnTbtnUHgBAH8PvsTM0wro75Kj6f+9/UpCXpyJ/7+9vyFJ6tkH6i4O+S831/AxhachRa67nDi9LQ47qcj03ejl5bGkE7wQAAKOzMKQOn6T+Lw057j5YywcfHffWcgAA8Gno8J2Vi3+0wtA0nhTK5YITr2gVBu4jFZpKTSvjxzp0Vxy/plUjDOLADbyk89hUdKSiZqMRhLGqBqFqBJFZTe/8rjq3fo903fFj40YNTzuRVm7gx44bq4qJXNVofu2ZaEWH6YujhnZN1bhObAJfRUEzdHVeqUjrnkBT0X5sqibp+qoRmroTrqnHgdesa1XRkRuaRhxkC+yOZfxqENbTxebHvbEBADgndnb3nq+3261Xn7Az7nUEAAAHUaUBAAAAAAAAAAAAAAAAAAAAADj/RnH+37+vM30+0hh3Z+J8pJF1Zno/tucgnzPrWHIu0jjcGd8+CcBo/BMAAP//fJVRAw==")
mount$bind(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)

5.871043238s ago: executing program 5 (id=1434):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000300)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1c1342, 0x836d9fb164f927b3)

5.028603547s ago: executing program 8 (id=1435):
syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
socket$packet(0x11, 0x3, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000003c0), 0x13f, 0x4}}, 0x20)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, r3, 0x8001}}, 0x48)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

4.896364275s ago: executing program 5 (id=1436):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xfff2}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004805d}, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)

4.840011608s ago: executing program 1 (id=1437):
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000440)={0x1, 0x9, 0x1, 0x0})
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r0 = syz_clone3(0x0, 0x0)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
r4 = socket$kcm(0x10, 0x2, 0x0)
ioctl$VIDIOC_ENUMAUDIO(r3, 0xc0345641, &(0x7f0000000040)={0xe4, "51c6edf2bea616da2ad4099ab73c40fe15f41fa1b04f8b303f03748de07d91af"})
sendmsg$inet(r4, 0x0, 0x240000c0)

4.839557378s ago: executing program 8 (id=1438):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
fstatfs(0xffffffffffffffff, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, 0x0)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000080)={0x0, 0x1})

4.839195218s ago: executing program 7 (id=1439):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x40044581, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="180000001600010a"], 0x78}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r2)
recvmmsg$unix(r2, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)

4.027185386s ago: executing program 5 (id=1440):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$netlink(0x10, 0x3, 0xa)
r4 = dup(r3)
r5 = open(&(0x7f0000000140)='./file1\x00', 0x109cc2, 0x5c)
ftruncate(r5, 0x200004)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)

3.871870054s ago: executing program 8 (id=1441):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_NRSYNTHS(0xffffffffffffffff, 0x8004510a, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, &(0x7f0000000040))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0}, 0x28)
openat$binfmt_format(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))

3.871338235s ago: executing program 1 (id=1442):
mbind(&(0x7f0000bdc000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000140)=0x3ff, 0x3, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070001040000000000040002000600030000000903000038000104ce0000000e"], 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x25, &(0x7f0000000080)={@private, @multicast2, @loopback}, &(0x7f0000000240)=0xc)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.703149864s ago: executing program 7 (id=1443):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000000)=r0)
setuid(0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b0100000000"], 0x38}, 0x0)
shutdown(0xffffffffffffffff, 0x0)

2.631162837s ago: executing program 1 (id=1444):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x10000000000}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@nombcache}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x5f41, 0x80})
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x48}, [@ldst={0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0xffffff33}, 0x48)

2.57241788s ago: executing program 7 (id=1445):
socket$inet_udplite(0x2, 0x2, 0x88)
socket$packet(0x11, 0x2, 0x300)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10)

2.368081012s ago: executing program 6 (id=1446):
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xf5}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0)

1.556905849s ago: executing program 1 (id=1447):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}], 0x10)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e24, @remote}], 0x10)
sendto$inet6(r4, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r5)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000480)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)

1.55561232s ago: executing program 7 (id=1448):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000500)=ANY=[@ANYBLOB='b *:* r'], 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$cgroup_devices(r0, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
io_setup(0x8, 0x0)
write$cgroup_devices(r5, &(0x7f0000000280)={'b', ' *:* ', 'rm\x00'}, 0x9)

1.36674609s ago: executing program 6 (id=1449):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x12, 0x8, 0x4, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1d}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000100)={0x7, 0x32315659, 0x2, @stepwise={0x0, 0x2, 0x7, 0x0, 0x40000000, 0x5}})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r6=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0xffffffe3, '\x00', r6, 0xffffffffffffffff, 0x2}, 0x50)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x102000, 0x1})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

655.884652ms ago: executing program 5 (id=1450):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x6e)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r4 = accept4$alg(r3, 0x0, 0x0, 0x80000)
io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r4, 0x0}])
sendmmsg$alg(r4, &(0x7f0000001c00)=[{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000840)="1bb1b293e5a644eed79d79f02308ff67a9", 0x11}], 0x1, 0x0, 0x0, 0x4001}], 0x1, 0x80)

614.397564ms ago: executing program 7 (id=1451):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
setfsgid(0xee00)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x3ff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)

449.292454ms ago: executing program 1 (id=1452):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x6dba, 0x4)
pipe2$9p(0x0, 0x184800)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x800, @local}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)

706.14µs ago: executing program 6 (id=1453):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000001000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r3 = io_uring_setup(0x46eb, &(0x7f0000000100)={0x0, 0x1f8a, 0x0, 0x3, 0x28c})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)

0s ago: executing program 5 (id=1454):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r4, 0x0, 0x6}, 0xc)

0s ago: executing program 7 (id=1455):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x80000000, 0x3, 0x20000000, 0x6, 0x6}, 0x7b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
close(r3)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000314000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0xa888}], 0x2}, 0x4005)

kernel console output (not intermixed with test programs):

y present!
[   71.232965][ T4601] Cannot create hsr debugfs directory
[   71.270607][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   71.277341][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   71.429235][ T4626] loop4: detected capacity change from 0 to 32768
[   71.827756][ T4601] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   71.890146][ T4601] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   71.985176][ T4601] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   72.002999][ T1109] Bluetooth: hci4: command 0x0409 tx timeout
[   72.023832][ T4601] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   72.402227][ T4601] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.455910][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   72.476378][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   72.530195][ T4601] 8021q: adding VLAN 0 to HW filter on device team0
[   72.693829][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.711171][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   72.743436][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.750535][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.759021][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.771520][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   72.788526][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.795672][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.808686][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   72.846417][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   72.855601][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   72.882459][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   72.904251][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   72.936039][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   72.971802][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   72.993864][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   73.009448][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   73.020225][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.032456][ T4601] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.045319][ T4601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   73.063038][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   73.071553][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.247551][ T4657] chnl_net:caif_netlink_parms(): no params data found
[   73.378674][ T4657] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.386466][ T4657] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.395066][ T4657] device bridge_slave_0 entered promiscuous mode
[   73.408007][ T4657] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.421579][ T4657] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.431687][ T4657] device bridge_slave_1 entered promiscuous mode
[   73.439649][ T4663] loop1: detected capacity change from 0 to 40427
[   73.520473][ T4663] F2FS-fs (loop1): build fault injection attr: rate: 19, type: 0x1ffff
[   73.532861][ T4657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.598061][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.671993][ T4601] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.692510][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   73.708077][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   73.719443][ T4657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.845830][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.881381][ T4657] team0: Port device team_slave_0 added
[   73.905009][ T4657] team0: Port device team_slave_1 added
[   73.955303][ T4687] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.036084][ T4692] xt_SECMARK: invalid mode: 2
[   74.059725][ T4687] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.072960][ T4267] Bluetooth: hci4: command 0x041b tx timeout
[   74.122506][ T4687] bond1: (slave batadv_slave_1): Enslaving as a backup interface with an up link
[   74.176404][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.311660][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.328639][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.382217][ T4657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.459282][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.472051][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.498430][    C0] vkms_vblank_simulate: vblank timer overrun
[   74.522736][ T4657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.661799][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.689094][ T4657] device hsr_slave_0 entered promiscuous mode
[   74.707962][ T4657] device hsr_slave_1 entered promiscuous mode
[   74.728690][ T4657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.741451][ T4702] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   74.743135][ T4657] Cannot create hsr debugfs directory
[   74.783287][ T4248] Bluetooth: hci2: command 0x0409 tx timeout
[   74.857001][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   74.866916][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   74.886570][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   74.899575][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   74.950063][ T4601] device veth0_vlan entered promiscuous mode
[   74.999017][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   75.008113][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   75.036835][ T4601] device veth1_vlan entered promiscuous mode
[   75.234340][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   75.282551][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   75.325142][ T4711] loop4: detected capacity change from 0 to 40427
[   75.335440][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   75.348352][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   75.379922][ T4711] F2FS-fs (loop4): invalid crc value
[   75.398872][ T4711] F2FS-fs (loop4): Found nat_bits in checkpoint
[   75.444028][ T4711] F2FS-fs (loop4): Start checkpoint disabled!
[   75.469500][ T4711] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   75.481141][ T4601] device veth0_macvtap entered promiscuous mode
[   75.523445][ T4601] device veth1_macvtap entered promiscuous mode
[   75.859696][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   75.895637][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   75.939442][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   76.145163][ T4248] Bluetooth: hci4: command 0x040f tx timeout
[   76.150051][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.202894][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.219749][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.230750][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.240709][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.262948][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.282892][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.300597][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.301905][ T4735] kvm: pic: non byte write
[   76.324466][ T4601] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.349320][ T4308] attempt to access beyond end of device
[   76.349320][ T4308] loop4: rw=2049, want=40984, limit=40427
[   76.382093][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   76.392523][ T1324] cfg80211: failed to load regulatory.db
[   76.409438][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.445694][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.482839][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.492703][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.503587][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.513899][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.524812][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.535212][ T4601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.546235][ T4601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.557867][ T4601] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.602103][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.614768][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   76.640284][ T4601] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.650092][ T4601] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.666959][ T4601] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.679472][ T4601] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.790680][ T4657] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   76.840926][ T4657] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   76.863786][ T4248] Bluetooth: hci2: command 0x041b tx timeout
[   76.868640][ T4750] loop4: detected capacity change from 0 to 8
[   76.909431][ T4657] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   76.946223][ T4657] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   77.007826][ T4382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.023081][ T4382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.060416][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.141192][ T4308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.176187][ T4308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.215757][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.467274][ T4771] netlink: 28 bytes leftover after parsing attributes in process `syz.5.106'.
[   77.551307][ T4657] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.635625][ T1449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   77.692110][ T1449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.732391][ T4657] 8021q: adding VLAN 0 to HW filter on device team0
[   77.825652][    T9] device hsr_slave_0 left promiscuous mode
[   77.863633][    T9] device hsr_slave_1 left promiscuous mode
[   77.873350][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.893438][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.915224][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.933967][ T1324] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   77.942915][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.961990][    T9] device bridge_slave_1 left promiscuous mode
[   77.970498][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.990085][    T9] device bridge_slave_0 left promiscuous mode
[   77.996761][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.032404][    T9] device veth1_macvtap left promiscuous mode
[   78.039231][    T9] device veth0_macvtap left promiscuous mode
[   78.046569][    T9] device veth1_vlan left promiscuous mode
[   78.052711][    T9] device veth0_vlan left promiscuous mode
[   78.183113][ T1324] usb 6-1: Using ep0 maxpacket: 32
[   78.223749][ T4267] Bluetooth: hci4: command 0x0419 tx timeout
[   78.283796][ T4784] loop1: detected capacity change from 0 to 128
[   78.303700][ T1324] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[   78.311812][ T4782] tipc: Failed to remove unknown binding: 66,0,0/0:2168351451/2168351452
[   78.319244][ T1324] usb 6-1: config 0 has no interface number 0
[   78.327254][ T1324] usb 6-1: config 0 interface 184 has no altsetting 0
[   78.334152][ T4782] tipc: Failed to remove unknown binding: 66,0,0/0:2168351451/2168351452
[   78.426874][ T4784] EXT4-fs (loop1): Ignoring removed orlov option
[   78.491081][ T4784] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,,errors=continue. Quota mode: none.
[   78.503298][ T1324] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   78.522672][ T1324] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.523937][ T4784] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   78.536179][ T1324] usb 6-1: Product: syz
[   78.567379][ T1324] usb 6-1: Manufacturer: syz
[   78.572039][ T1324] usb 6-1: SerialNumber: syz
[   78.582909][    T9] team0 (unregistering): Port device team_slave_1 removed
[   78.602018][ T1324] usb 6-1: config 0 descriptor??
[   78.607799][    T9] team0 (unregistering): Port device team_slave_0 removed
[   78.645625][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   78.672980][ T1324] smsc75xx v1.0.0
[   78.678842][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   78.837401][    T9] bond0 (unregistering): Released all slaves
[   78.945126][ T4248] Bluetooth: hci2: command 0x040f tx timeout
[   78.951504][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   78.971006][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.996628][ T4308] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.003911][ T4308] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.026216][ T4802] input: syz1 as /devices/virtual/input/input5
[   79.055945][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   79.074329][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.088829][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.097653][ T4308] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.104773][ T4308] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.113583][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.122743][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.154972][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   79.201408][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.223542][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   79.232441][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.252102][ T4657] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   79.268681][ T4657] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   79.290792][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   79.300611][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   79.316724][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.328690][ T4267] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   79.342009][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.351858][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.379962][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   79.531044][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   79.546746][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   79.567240][ T4657] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.773301][ T1324] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   79.789781][ T1324] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   79.959958][ T4267] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   79.976287][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   79.979422][ T4267] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.000919][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.010429][ T4267] usb 5-1: Product: syz
[   80.039703][ T4267] usb 5-1: Manufacturer: syz
[   80.047457][ T4267] usb 5-1: SerialNumber: syz
[   80.064626][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   80.074242][ T4267] usb 5-1: config 0 descriptor??
[   80.087749][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.097297][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.116981][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.153645][ T4657] device veth0_vlan entered promiscuous mode
[   80.186352][ T4657] device veth1_vlan entered promiscuous mode
[   80.230912][ T4657] device veth0_macvtap entered promiscuous mode
[   80.245338][ T4657] device veth1_macvtap entered promiscuous mode
[   80.281225][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   80.330911][ T4846] loop1: detected capacity change from 0 to 256
[   80.338058][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   80.345997][ T4267] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   80.373562][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   80.437275][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.447676][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   80.459295][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   80.469904][ T4846] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[   80.488856][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.534228][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.554348][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.567777][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.579387][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.603442][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.634937][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.647538][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.661107][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.700194][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   80.713189][ T1324] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[   80.728629][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.755104][ T1324] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[   80.778808][ T1324] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   80.780839][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.809622][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.813628][ T1324] smsc75xx: probe of 6-1:0.184 failed with error -71
[   80.820466][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.837159][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.849029][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.860875][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.874123][ T1324] usb 6-1: USB disconnect, device number 2
[   80.891474][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.928041][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.951469][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.978071][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   80.999509][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   81.033796][ T1109] Bluetooth: hci2: command 0x0419 tx timeout
[   81.040472][ T4657] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.052204][ T4657] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.068274][ T4657] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.078329][ T4657] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.224209][ T1449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.232372][ T1449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.267878][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   81.323781][ T1449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.331993][ T1449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.396289][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   82.173040][ T4883] loop5: detected capacity change from 0 to 32768
[   82.203054][ T4267] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[   82.233828][ T4883] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.162 (4883)
[   82.269464][ T4267] usb 5-1: USB disconnect, device number 4
[   82.298518][ T4883] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[   82.308373][ T4883] BTRFS info (device loop5): using free space tree
[   82.316143][ T4883] BTRFS info (device loop5): has skinny extents
[   82.340113][ T4865] loop6: detected capacity change from 0 to 32768
[   82.478467][ T4865] XFS (loop6): Mounting V5 Filesystem
[   82.501432][ T4883] BTRFS info (device loop5): enabling ssd optimizations
[   82.761100][ T4865] XFS (loop6): Ending clean mount
[   82.778677][ T4883] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8)
[   82.826200][ T4865] XFS (loop6): Quotacheck needed: Please wait.
[   83.010824][ T4865] XFS (loop6): Quotacheck: Done.
[   83.652977][ T4962] loop4: detected capacity change from 0 to 8
[   83.877283][ T4657] XFS (loop6): Unmounting Filesystem
[   84.088666][ T4978] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc
[   84.090705][ T4980] netlink: 'syz.5.174': attribute type 10 has an invalid length.
[   84.130474][ T4980] device syz_tun entered promiscuous mode
[   84.217564][ T4980] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   84.364035][ T4983] loop5: detected capacity change from 0 to 4096
[   84.410799][ T4983] ntfs3: loop5: Different NTFS' sector size (2048) and media sector size (512)
[   84.506129][ T4995] 9pnet: p9_errstr2errno: server reported unknown error cnux
[   84.677471][ T5004] device syz_tun entered promiscuous mode
[   84.723836][ T5004] team0: Port device syz_tun added
[   85.002949][ T4953] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[   85.435182][ T4953] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[   85.452335][ T4953] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   85.463505][ T4953] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.546557][ T4953] usb 7-1: config 0 descriptor??
[   85.588426][ T5007] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   86.146286][ T5037] loop4: detected capacity change from 0 to 8192
[   86.191259][ T5037] FAT-fs (loop4): Unrecognized mount option "msdos" or missing value
[   86.283241][ T4953] usbhid 7-1:0.0: can't add hid device: -71
[   86.289357][ T4953] usbhid: probe of 7-1:0.0 failed with error -71
[   86.318124][ T4953] usb 7-1: USB disconnect, device number 2
[   86.919620][ T5075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.194'.
[   86.971110][ T5076] netlink: 'syz.6.195': attribute type 10 has an invalid length.
[   87.087030][ T5076] team0: Device veth1_vlan failed to register rx_handler
[   87.387481][ T5087] loop5: detected capacity change from 0 to 256
[   87.442393][ T5087] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[   87.546253][ T5087] fuse: Bad value for 'group_id'
[   87.695873][ T5076] syz.6.195 (5076) used greatest stack depth: 19032 bytes left
[   87.814705][ T5089] chnl_net:caif_netlink_parms(): no params data found
[   88.054716][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.062021][ T5089] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.070781][ T5089] device bridge_slave_0 entered promiscuous mode
[   88.080940][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.088776][ T5089] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.101602][ T5089] device bridge_slave_1 entered promiscuous mode
[   88.130104][ T5089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.142230][ T5089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.174619][ T5089] team0: Port device team_slave_0 added
[   88.184139][ T5089] team0: Port device team_slave_1 added
[   88.201463][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.211275][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.237922][ T5089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.254362][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.261332][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.287554][ T5089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.323096][ T5089] device hsr_slave_0 entered promiscuous mode
[   88.329791][ T5089] device hsr_slave_1 entered promiscuous mode
[   88.336799][ T5089] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.344634][ T5089] Cannot create hsr debugfs directory
[   88.449905][ T5089] netdevsim netdevsim7 netdevsim0: renamed from eth0
[   88.460576][ T5089] netdevsim netdevsim7 netdevsim1: renamed from eth1
[   88.470239][ T5089] netdevsim netdevsim7 netdevsim2: renamed from eth2
[   88.479141][ T5089] netdevsim netdevsim7 netdevsim3: renamed from eth3
[   88.506097][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.513586][ T5089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.522994][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.530099][ T5089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.586092][ T5089] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.601135][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   88.610671][ T1195] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.619438][ T1195] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.629041][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   88.643996][ T5089] 8021q: adding VLAN 0 to HW filter on device team0
[   88.658662][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.667925][ T4333] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.675055][ T4333] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.700316][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.711456][ T1195] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.718671][ T1195] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.748327][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.779390][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.802015][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.813941][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.847253][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.858041][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   89.176467][ T5089] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.195314][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   89.216162][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   89.240739][ T5128] loop6: detected capacity change from 0 to 4096
[   89.408467][ T5135] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   89.671372][ T4952] Bluetooth: hci5: command 0x0409 tx timeout
[   89.888336][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!!
[   90.301531][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   90.314463][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   90.605162][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   90.809930][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   90.931696][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   90.974219][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.010545][ T5089] device veth0_vlan entered promiscuous mode
[   91.042557][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.061326][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.098303][ T5089] device veth1_vlan entered promiscuous mode
[   91.200552][ T5157] orangefs_mount: mount request failed with -4
[   91.223531][ T5166] netlink: 24 bytes leftover after parsing attributes in process `syz.5.213'.
[   91.297075][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.323370][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.364941][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   91.464410][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.598055][ T5209] futex_wake_op: syz.4.215 tries to shift op by -1; fix this program
[   91.641535][ T5089] device veth0_macvtap entered promiscuous mode
[   91.740411][ T5089] device veth1_macvtap entered promiscuous mode
[   91.778043][ T4956] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   91.808247][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.823404][ T4948] Bluetooth: hci5: command 0x041b tx timeout
[   91.829532][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.862751][ T4956] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   91.870689][ T5220] loop5: detected capacity change from 0 to 2048
[   91.882510][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.911118][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.951478][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.970534][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.003158][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.025410][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.051654][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.071083][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.104591][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.122660][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.165414][ T5220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   92.170784][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.255439][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.306911][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.333835][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.348037][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.368315][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.407959][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.425473][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.440740][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.459913][ T4249] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   92.485869][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.644105][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.694283][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.703614][ T4249] usb 5-1: Using ep0 maxpacket: 16
[   92.720465][ T5243] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   92.834337][ T4249] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.845604][ T4249] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.855920][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   92.866535][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   92.887297][ T4249] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   92.903483][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   92.911696][ T4249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.933135][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   92.941971][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   92.989276][ T5229] netlink: 'syz.1.217': attribute type 16 has an invalid length.
[   93.001358][ T5229] netlink: 'syz.1.217': attribute type 17 has an invalid length.
[   93.071934][ T5229] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   93.219767][ T5089] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.239714][ T5089] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.248750][ T5089] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.257935][ T5089] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.429393][ T4249] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[   93.460248][ T5195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.487963][ T5195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.536862][ T4306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.546776][ T1449] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   93.571768][ T4306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.619152][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   93.676699][ T4249] usb 5-1: USB disconnect, device number 5
[   93.908094][ T4952] Bluetooth: hci5: command 0x040f tx timeout
[   93.964673][ T5279] netlink: 'syz.5.230': attribute type 4 has an invalid length.
[   94.016243][ T5285] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[   94.023109][ T5285] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   94.039310][ T5285] vhci_hcd vhci_hcd.0: Device attached
[   94.323072][ T4954] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[   94.352886][ T4956] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   94.445310][ T5303] loop5: detected capacity change from 0 to 1024
[   94.773172][ T4956] usb 8-1: config 0 has no interfaces?
[   94.780129][ T4956] usb 8-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice=f0.b2
[   94.977664][ T4956] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.162595][ T5303] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback.
[   95.170096][ T4956] usb 8-1: config 0 descriptor??
[   95.325895][   T26] audit: type=1804 audit(1769702626.302:2): pid=5303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.238" name="/newroot/21/file0/bus" dev="loop5" ino=18 res=1 errno=0
[   95.510844][ T4249] usb 8-1: USB disconnect, device number 2
[   95.512855][ T5286] vhci_hcd: connection closed
[   95.528788][ T4306] vhci_hcd: stop threads
[   95.550670][ T4306] vhci_hcd: release socket
[   95.604105][ T4306] vhci_hcd: disconnect device
[   96.013858][ T4952] Bluetooth: hci5: command 0x0419 tx timeout
[   96.680063][ T5353] netlink: 'syz.6.251': attribute type 10 has an invalid length.
[   97.961319][ T4601] bond0: (slave syz_tun): Releasing backup interface
[   98.099609][ T5156] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.222392][ T5156] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.368188][ T5156] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.486434][ T5156] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.071010][ T5377] chnl_net:caif_netlink_parms(): no params data found
[   99.205754][ T5390] loop4: detected capacity change from 0 to 256
[   99.298984][ T5377] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.307441][ T5377] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.321337][ T5377] device bridge_slave_0 entered promiscuous mode
[   99.329528][ T5390] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001207b, chksum : 0x1e8dde4d, utbl_chksum : 0xe619d30d)
[   99.331177][ T5377] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.357112][ T5377] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.367513][ T5377] device bridge_slave_1 entered promiscuous mode
[   99.497517][ T5377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.546768][ T5377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.871493][ T5377] team0: Port device team_slave_0 added
[   99.880352][ T5377] team0: Port device team_slave_1 added
[   99.922018][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.939980][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.017668][ T5377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.053579][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.062364][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.251112][ T5377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.547615][ T4233] Bluetooth: hci4: command 0x0409 tx timeout
[  100.740309][ T5377] device hsr_slave_0 entered promiscuous mode
[  100.795330][ T5377] device hsr_slave_1 entered promiscuous mode
[  100.820681][ T5377] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.844219][ T5377] Cannot create hsr debugfs directory
[  101.067443][ T5442] tipc: Started in network mode
[  101.082996][ T5442] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  101.107170][ T5442] tipc: Enabled bearer <eth:ipvlan1>, priority 0
[  101.196103][ T5445] netlink: 4 bytes leftover after parsing attributes in process `syz.7.271'.
[  101.329734][ T5156] device hsr_slave_0 left promiscuous mode
[  101.366851][ T5156] device hsr_slave_1 left promiscuous mode
[  101.387692][ T5156] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.432395][ T5156] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.682084][ T5156] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.826683][ T5156] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.954473][ T5156] device bridge_slave_1 left promiscuous mode
[  102.019877][ T5156] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.090299][ T5156] device bridge_slave_0 left promiscuous mode
[  102.097416][ T5156] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.114182][ T5156] device veth1_macvtap left promiscuous mode
[  102.120415][ T5156] device veth0_macvtap left promiscuous mode
[  102.124614][ T5464] 
[  102.143887][ T5156] device veth1_vlan left promiscuous mode
[  102.154014][ T5156] device veth0_vlan left promiscuous mode
[  102.460820][ T5478] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  102.627495][ T4233] Bluetooth: hci4: command 0x041b tx timeout
[  102.791957][ T5156] team0 (unregistering): Port device team_slave_1 removed
[  102.821336][ T5156] team0 (unregistering): Port device team_slave_0 removed
[  102.848903][ T5156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.890633][ T5156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.054244][ T5156] bond0 (unregistering): Released all slaves
[  103.126624][ T4954] tipc: Node number set to 10136234
[  103.562027][ T5512] 8021q: VLANs not supported on pimreg
[  103.632752][ T5515] netlink: 4 bytes leftover after parsing attributes in process `syz.7.287'.
[  103.698511][ T5517] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  103.817841][ T5521] IPVS: lblcr: FWM 3 0x00000003 - no destination available
[  103.843633][    C0] IPVS: lblcr: FWM 3 0x00000003 - no destination available
[  103.853127][    C0] IPVS: lblcr: FWM 3 0x00000003 - no destination available
[  104.067987][ T5527] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2139632632 (8558530528 ns) > initial count (4400489236 ns). Using initial count to start timer.
[  104.277265][ T5377] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  104.288353][ T5541] af_packet: tpacket_rcv: packet too big, clamped from 4087 to 4294967272. macoff=96
[  104.325616][ T5377] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  104.384155][ T5377] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  104.430424][ T5377] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  104.702946][ T4233] Bluetooth: hci4: command 0x040f tx timeout
[  104.767227][ T5377] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.840118][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.895516][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.916739][ T5570] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  104.924042][ T5377] 8021q: adding VLAN 0 to HW filter on device team0
[  104.938957][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.962267][ T5570] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  104.978615][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.006479][ T5195] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.013655][ T5195] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.076777][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.094709][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.123526][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.152502][ T5195] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.159670][ T5195] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.195307][ T5545] loop6: detected capacity change from 0 to 32768
[  105.208064][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  105.250606][ T5545] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 scanned by syz.6.295 (5545)
[  105.281924][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  105.319759][ T5590] netlink: 'syz.7.307': attribute type 10 has an invalid length.
[  105.362450][ T5545] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  105.428555][ T5545] BTRFS info (device loop6): force zlib compression, level 3
[  105.442756][ T5590] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  105.450819][ T5545] BTRFS info (device loop6): turning on flush-on-commit
[  105.502979][ T5545] BTRFS info (device loop6): max_inline at 4096
[  105.511185][ T5545] BTRFS info (device loop6): using free space tree
[  105.555078][ T5596] loop4: detected capacity change from 0 to 64
[  105.596802][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  105.601419][ T5589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  105.643375][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!!
[  105.670889][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10!!!
[  105.681700][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10!!!
[  105.735991][ T5545] BTRFS info (device loop6): has skinny extents
[  105.863713][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[  105.886975][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.904839][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10!!!
[  105.914082][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!!
[  106.094547][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  106.319254][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  106.462261][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  106.471675][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  106.480585][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  106.489304][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  106.502340][ T5377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.599984][ T5545] BTRFS info (device loop6): enabling ssd optimizations
[  106.614644][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  106.837976][    T7] Bluetooth: hci4: command 0x0419 tx timeout
[  106.954070][ T5545] BTRFS info (device loop6): balance: start -d -m -s
[  106.992058][ T5545] BTRFS info (device loop6): relocating block group 6881280 flags data|metadata
[  107.101658][ T5625] team0 (unregistering): Port device team_slave_0 removed
[  107.120138][ T5195] BTRFS info (device loop6): space_info 5 has 606208 free, is not full
[  107.130545][ T5195] BTRFS info (device loop6): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=978944, readonly=1622016 zone_unusable=0
[  107.146143][ T5195] BTRFS info (device loop6): global_block_rsv: size 851968 reserved 851968
[  107.155911][ T5195] BTRFS info (device loop6): trans_block_rsv: size 0 reserved 0
[  107.164573][ T5195] BTRFS info (device loop6): chunk_block_rsv: size 0 reserved 0
[  107.172396][ T5195] BTRFS info (device loop6): delayed_block_rsv: size 0 reserved 0
[  107.180758][ T5195] BTRFS info (device loop6): delayed_refs_rsv: size 262144 reserved 126976
[  107.242315][ T5625] team0 (unregistering): Port device team_slave_1 removed
[  107.494421][ T4233] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  107.575317][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.593620][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.616364][ T5377] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.695981][ T5646] loop7: detected capacity change from 0 to 512
[  107.752714][ T5646] EXT4-fs (loop7): Ignoring removed orlov option
[  107.814413][ T5646] EXT4-fs error (device loop7): ext4_iget_extra_inode:4566: inode #15: comm syz.7.314: corrupted in-inode xattr
[  107.866209][ T5646] EXT4-fs (loop7): Remounting filesystem read-only
[  107.875676][ T5646] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.314: couldn't read orphan inode 15 (err -117)
[  107.883134][ T4233] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  107.893252][ T5646] EXT4-fs (loop7): Remounting filesystem read-only
[  107.905809][ T5646] EXT4-fs (loop7): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000004000000,orlov,noload,delalloc,errors=remount-ro,commit=0x0000000000000000,noblock_validity,nogrpid,init_itable=0x0000000000000fff,. Quota mode: none.
[  107.912210][ T5545] BTRFS info (device loop6): relocating block group 5242880 flags data|metadata
[  107.989774][ T4233] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  108.016354][ T5646] EXT4-fs error (device loop7): ext4_append:79: inode #2: comm syz.7.314: Logical block already allocated
[  108.102934][ T5646] EXT4-fs (loop7): Remounting filesystem read-only
[  108.103095][ T4233] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  108.133742][ T5646] netlink: 12 bytes leftover after parsing attributes in process `syz.7.314'.
[  108.159413][ T4233] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  108.200750][ T4233] usb 5-1: SerialNumber: syz
[  108.449366][ T5545] BTRFS info (device loop6): balance: canceled
[  108.467636][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  108.505401][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  108.616055][ T4233] usb 5-1: 0:2 : does not exist
[  108.646867][ T4233] usb 5-1: USB disconnect, device number 6
[  108.714276][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  108.725485][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.777194][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.785524][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.807185][ T5377] device veth0_vlan entered promiscuous mode
[  108.840541][ T5377] device veth1_vlan entered promiscuous mode
[  108.876701][ T4850] udevd[4850]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.932394][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.979348][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  109.026507][ T5377] device veth0_macvtap entered promiscuous mode
[  109.044658][ T5377] device veth1_macvtap entered promiscuous mode
[  109.069057][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.084084][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.094309][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.112419][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.124619][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.135411][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.145686][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.156284][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.166396][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.177291][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.188940][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.230206][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  109.261681][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  109.324012][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  109.337874][ T5695] loop4: detected capacity change from 0 to 64
[  109.363642][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  109.412351][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.444877][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.482871][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.542838][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.577736][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.641203][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.663320][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.703144][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.733023][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.746397][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.793506][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.820673][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  109.924623][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  110.026380][ T5377] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.063251][ T5377] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.073475][ T5377] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.086004][ T5377] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.106699][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  110.142026][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  110.182472][ T5713] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  110.244814][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  110.271958][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  110.274591][ T5718] loop7: detected capacity change from 0 to 512
[  110.294911][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  110.330443][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  110.371438][ T5718] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  110.379186][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  110.446401][ T5711] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  110.501489][ T5718] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.668288][ T4332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.685517][ T5089] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5854: Out of memory
[  110.696904][ T4332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.738189][ T5089] EXT4-fs error (device loop7): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error
[  110.769113][ T5089] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5854: Out of memory
[  110.773119][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  110.801209][ T4332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.812987][ T5089] EXT4-fs error (device loop7): ext4_quota_off:6540: inode #4: comm syz-executor: mark_inode_dirty error
[  110.826811][ T4332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.852385][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  111.064903][ T5733] loop5: detected capacity change from 0 to 1764
[  111.207333][ T5733] input: syz0 as /devices/virtual/input/input6
[  111.548686][ T5754] device syzkaller0 entered promiscuous mode
[  111.573854][ T5759] netlink: 4 bytes leftover after parsing attributes in process `syz.7.333'.
[  112.160286][ T5768] netlink: 4 bytes leftover after parsing attributes in process `syz.1.338'.
[  112.243130][ T5768] bond0: (slave bond_slave_1): Releasing backup interface
[  113.384746][ T5785] loop6: detected capacity change from 0 to 64
[  113.666778][ T5790] loop5: detected capacity change from 0 to 64
[  114.254344][ T1106] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  114.484903][ T1106] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  114.585479][ T5794] netlink: 'syz.4.348': attribute type 10 has an invalid length.
[  114.740576][ T5794] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  114.798669][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  114.849966][ T5792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.893904][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  115.013366][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  115.036662][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  115.113296][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  115.119093][ T5800] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  115.142548][ T5800] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  115.155085][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  115.213794][ T5796] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  115.851507][ T5826] loop5: detected capacity change from 0 to 512
[  115.915632][ T5826] EXT4-fs (loop5): Ignoring removed nobh option
[  116.012447][ T5826] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.359: invalid indirect mapped block 256 (level 2)
[  116.103772][ T5826] EXT4-fs (loop5): Remounting filesystem read-only
[  116.110761][ T5826] EXT4-fs (loop5): 2 truncates cleaned up
[  116.116953][ T5826] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobh,auto_da_alloc,errors=remount-ro,. Quota mode: writeback.
[  116.604425][ T5848] loop7: detected capacity change from 0 to 64
[  117.620775][ T5852] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  117.650160][ T5856] netlink: 'syz.5.363': attribute type 10 has an invalid length.
[  117.692959][ T5852] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  117.747566][ T5856] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  117.822239][ T5862] IPVS: lblcr: FWM 3 0x00000003 - no destination available
[  117.860315][ T5855] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.873335][    C1] IPVS: lblcr: FWM 3 0x00000003 - no destination available
[  118.199844][ T1324] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  118.233528][ T1324] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  119.666197][ T5911] loop5: detected capacity change from 0 to 256
[  119.693217][ T5906] loop7: detected capacity change from 0 to 32768
[  119.776472][ T5906] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 scanned by syz.7.385 (5906)
[  119.818581][ T5906] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  119.827499][ T5906] BTRFS info (device loop7): using free space tree
[  119.834248][ T5906] BTRFS info (device loop7): has skinny extents
[  120.097503][ T5906] BTRFS info (device loop7): enabling ssd optimizations
[  120.134945][ T5906] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_LZO (0x8)
[  120.272498][ T5929] loop5: detected capacity change from 0 to 32768
[  120.443491][ T5929] XFS (loop5): Mounting V5 Filesystem
[  120.636819][ T5929] XFS (loop5): Ending clean mount
[  120.655357][ T5929] XFS (loop5): Quotacheck needed: Please wait.
[  120.760431][ T5929] XFS (loop5): Quotacheck: Done.
[  121.027080][ T5377] XFS (loop5): Unmounting Filesystem
[  121.967499][ T5956] netlink: 'syz.6.393': attribute type 10 has an invalid length.
[  122.005322][ T5956] device syz_tun entered promiscuous mode
[  122.058657][ T5956] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  122.178984][ T5963] loop6: detected capacity change from 0 to 4096
[  122.230735][ T5963] ntfs3: loop6: Different NTFS' sector size (2048) and media sector size (512)
[  122.276613][ T5965] loop5: detected capacity change from 0 to 8192
[  122.352482][ T4176]  loop5: p1 < > p2 p3 < p5 p6 > p4
[  122.391170][ T4176] loop5: partition table partially beyond EOD, truncated
[  122.447759][ T4176] loop5: p1 start 100663296 is beyond EOD, truncated
[  122.474389][ T4176] loop5: p2 size 134217732 extends beyond EOD, truncated
[  122.503307][ T4176] loop5: p4 size 14876672 extends beyond EOD, truncated
[  122.528161][ T4176] loop5: p5 size 134217732 extends beyond EOD, truncated
[  122.573626][ T4176] loop5: p6 size 14876672 extends beyond EOD, truncated
[  122.621149][ T5965]  loop5: p1 < > p2 p3 < p5 p6 > p4
[  122.632960][ T5965] loop5: partition table partially beyond EOD, truncated
[  122.652729][ T5965] loop5: p1 start 100663296 is beyond EOD, truncated
[  122.668107][ T5965] loop5: p2 size 134217732 extends beyond EOD, truncated
[  122.687068][ T5965] loop5: p4 size 14876672 extends beyond EOD, truncated
[  122.706897][ T5965] loop5: p5 size 134217732 extends beyond EOD, truncated
[  122.730470][ T5965] loop5: p6 size 14876672 extends beyond EOD, truncated
[  123.063787][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  123.072578][ T4178] udevd[4178]: inotify_add_watch(7, /dev/loop5p6, 10) failed: No such file or directory
[  123.080997][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  123.086653][ T4484] udevd[4484]: inotify_add_watch(7, /dev/loop5p5, 10) failed: No such file or directory
[  123.132315][ T4850] udevd[4850]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  123.210846][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  123.224278][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  123.228389][ T4850] udevd[4850]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  123.237664][ T4484] udevd[4484]: inotify_add_watch(7, /dev/loop5p5, 10) failed: No such file or directory
[  123.257308][ T4178] udevd[4178]: inotify_add_watch(7, /dev/loop5p6, 10) failed: No such file or directory
[  123.429973][ T5982] netlink: 4 bytes leftover after parsing attributes in process `syz.5.400'.
[  124.214595][ T5990] loop4: detected capacity change from 0 to 4096
[  124.282059][ T5992] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.323087][ T4248] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  125.513820][ T4248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.736390][ T4248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.977150][ T4248] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  126.180867][ T4248] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  126.190646][ T4248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.209728][ T4248] usb 7-1: config 0 descriptor??
[  126.410109][ T6013] loop7: detected capacity change from 0 to 8192
[  126.484240][ T6013]  loop7: p1 < > p2 p3 < p5 p6 > p4
[  126.489491][ T4234] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  126.499129][ T6013] loop7: partition table partially beyond EOD, truncated
[  126.512743][ T6013] loop7: p1 start 100663296 is beyond EOD, truncated
[  126.521351][ T6013] loop7: p2 size 134217732 extends beyond EOD, truncated
[  126.539649][ T6013] loop7: p4 size 14876672 extends beyond EOD, truncated
[  126.552172][ T6013] loop7: p5 size 134217732 extends beyond EOD, truncated
[  126.571913][ T6013] loop7: p6 size 14876672 extends beyond EOD, truncated
[  126.685521][ T4248] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  126.789920][ T4248] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  126.903036][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.941896][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.973638][ T4234] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  127.043406][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.086275][ T6031] loop7: detected capacity change from 0 to 4096
[  127.110206][ T4234] usb 5-1: config 0 descriptor??
[  127.270242][ T6035] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.390170][ T4234] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0
[  128.443316][ T4267] usb 7-1: reset high-speed USB device number 3 using dummy_hcd
[  128.681532][ T4234] cp2112 0003:10C4:EA90.0007: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  128.788537][ T4267] usb 7-1: device descriptor read/64, error -32
[  129.242183][ T6051] device syzkaller0 entered promiscuous mode
[  129.643783][ T4234] cp2112 0003:10C4:EA90.0007: Part Number: 0x82 Device Version: 0xFE
[  129.746351][ T4234] cp2112 0003:10C4:EA90.0007: error requesting SMBus config
[  129.760270][ T4234] cp2112: probe of 0003:10C4:EA90.0007 failed with error -71
[  129.776155][ T4234] usb 5-1: USB disconnect, device number 7
[  129.823848][ T6062] netlink: 4 bytes leftover after parsing attributes in process `syz.6.424'.
[  129.846965][ T6061] fido_id[6061]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  130.207197][ T6068] loop4: detected capacity change from 0 to 8192
[  130.326413][ T4850]  loop4: p1 < > p2 p3 < p5 p6 > p4
[  130.331757][ T4850] loop4: partition table partially beyond EOD, truncated
[  130.401729][ T4850] loop4: p1 start 100663296 is beyond EOD, truncated
[  130.442214][ T4850] loop4: p2 size 134217732 extends beyond EOD, truncated
[  130.673984][ T4850] loop4: p4 size 14876672 extends beyond EOD, truncated
[  130.774362][ T4850] loop4: p5 size 134217732 extends beyond EOD, truncated
[  130.947255][ T4248] usb 7-1: USB disconnect, device number 3
[  131.086768][ T4850] loop4: p6 size 14876672 extends beyond EOD, truncated
[  131.152159][ T6068]  loop4: p1 < > p2 p3 < p5 p6 > p4
[  131.156314][ T6078] loop6: detected capacity change from 0 to 1764
[  131.162205][ T6068] loop4: partition table partially beyond EOD, truncated
[  131.197243][ T6068] loop4: p1 start 100663296 is beyond EOD, truncated
[  131.210154][ T6068] loop4: p2 size 134217732 extends beyond EOD, truncated
[  131.253741][ T6078] input: syz0 as /devices/virtual/input/input7
[  131.253858][ T6068] loop4: p4 size 14876672 extends beyond EOD, truncated
[  131.293635][ T6068] loop4: p5 size 134217732 extends beyond EOD, truncated
[  131.311422][ T6068] loop4: p6 size 14876672 extends beyond EOD, truncated
[  131.543082][ T4234] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  132.441541][ T4484] udevd[4484]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  132.441625][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  132.464418][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  132.475377][ T4178] udevd[4178]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory
[  132.503519][ T4850] udevd[4850]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  132.573906][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  132.587063][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  132.600049][ T4178] udevd[4178]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory
[  132.620985][ T4484] udevd[4484]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  132.655220][ T6096] loop4: detected capacity change from 0 to 8
[  132.666074][ T4850] udevd[4850]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  132.702014][ T6096] SQUASHFS error: lzo decompression failed, data probably corrupt
[  132.714265][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  132.720599][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  132.894306][ T6096] SQUASHFS error: Failed to read block 0x91: -5
[  132.914829][ T6096] SQUASHFS error: Unable to read metadata cache entry [8f]
[  133.004784][ T6096] SQUASHFS error: Unable to read inode 0x11f
[  133.260100][ T6096] netlink: 'syz.4.440': attribute type 4 has an invalid length.
[  133.411629][ T4234] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.424943][ T4234] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.434969][ T4234] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  133.451856][ T4234] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  133.464344][ T4234] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.483973][ T4234] usb 8-1: config 0 descriptor??
[  133.703763][ T6103] netlink: 'syz.4.440': attribute type 4 has an invalid length.
[  134.764203][ T6118] device syzkaller0 entered promiscuous mode
[  134.773349][ T6107] device syzkaller0 entered promiscuous mode
[  134.810221][ T6118] netlink: 'syz.7.443': attribute type 10 has an invalid length.
[  134.862974][ T4234] usbhid 8-1:0.0: can't add hid device: -71
[  134.869016][ T4234] usbhid: probe of 8-1:0.0 failed with error -71
[  134.880535][ T4234] usb 8-1: USB disconnect, device number 3
[  135.842038][ T6125] ODEBUG: Out of memory. ODEBUG disabled
[  135.957026][ T6133] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  137.190400][ T6153] kvm: pic: non byte write
[  138.697058][ T6166] loop5: detected capacity change from 0 to 8
[  138.790124][ T6166] SQUASHFS error: lzo decompression failed, data probably corrupt
[  138.823006][ T6166] SQUASHFS error: Failed to read block 0x91: -5
[  138.829346][ T6166] SQUASHFS error: Unable to read metadata cache entry [8f]
[  138.853138][ T6166] SQUASHFS error: Unable to read inode 0x11f
[  139.011945][ T6166] netlink: 'syz.5.456': attribute type 4 has an invalid length.
[  139.148837][ T6175] netlink: 'syz.5.456': attribute type 4 has an invalid length.
[  140.199170][ T6182] device syzkaller0 entered promiscuous mode
[  140.560505][ T6194] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.585797][ T6194] device batadv_slave_0 entered promiscuous mode
[  141.049763][ T6203] Bluetooth: hci0: service_discovery: too big uuid_count value 63764
[  141.091441][ T6204] kvm: pic: non byte write
[  141.163035][ T1106] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  141.457874][ T4234] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  141.577980][ T6125] Set syz1 is full, maxelem 65536 reached
[  141.720614][ T4234] usb 7-1: Using ep0 maxpacket: 32
[  141.853417][ T4234] usb 7-1: config 2 has an invalid interface number: 194 but max is 0
[  141.888891][ T4234] usb 7-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  142.022080][ T4234] usb 7-1: config 2 has no interface number 0
[  142.100619][ T4234] usb 7-1: config 2 interface 194 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  142.243107][ T4234] usb 7-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  142.307758][ T4234] usb 7-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[  142.348949][ T4234] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.436951][ T6224] netlink: 'syz.4.474': attribute type 1 has an invalid length.
[  142.539918][ T1106] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  142.562994][ T4233] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  142.577807][ T1106] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.590700][ T1106] usb 6-1: Product: syz
[  142.600210][ T1106] usb 6-1: Manufacturer: syz
[  142.607446][ T1106] usb 6-1: SerialNumber: syz
[  142.619616][ T1106] usb 6-1: config 0 descriptor??
[  142.826186][ T4233] usb 8-1: Using ep0 maxpacket: 16
[  142.883163][ T1106] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  142.953372][ T4233] usb 8-1: config 0 has an invalid descriptor of length 11, skipping remainder of the config
[  142.976076][ T4233] usb 8-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  142.999713][ T4233] usb 8-1: config 0 interface 0 has no altsetting 0
[  143.019733][ T4233] usb 8-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  143.023792][ T4234] usb 7-1: string descriptor 0 read error: -71
[  143.029287][ T4233] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.053887][ T4233] usb 8-1: config 0 descriptor??
[  143.062226][ T6236] netlink: 'syz.1.476': attribute type 4 has an invalid length.
[  143.086259][ T6233] netlink: 'syz.1.476': attribute type 4 has an invalid length.
[  143.113816][ T4233] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  143.164064][ T4234] usb 7-1: USB disconnect, device number 4
[  143.326016][ T1109] usb 8-1: USB disconnect, device number 4
[  143.445878][ T4485] udevd[4485]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:2.194/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  143.619260][ T6243] loop6: detected capacity change from 0 to 256
[  143.710849][ T6243] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  144.562967][ T4248] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  144.723065][ T1106] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -71
[  144.749757][ T1106] usb 6-1: USB disconnect, device number 3
[  144.850050][ T4248] usb 5-1: Using ep0 maxpacket: 16
[  144.910649][ T6269] loop7: detected capacity change from 0 to 8
[  145.042280][ T6269] SQUASHFS error: lzo decompression failed, data probably corrupt
[  145.081308][ T6269] SQUASHFS error: Failed to read block 0x91: -5
[  145.103226][ T6269] SQUASHFS error: Unable to read metadata cache entry [8f]
[  145.133054][ T6269] SQUASHFS error: Unable to read inode 0x11f
[  145.183134][ T4248] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  145.203023][ T4248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.221493][ T4248] usb 5-1: Product: syz
[  145.232861][ T4248] usb 5-1: Manufacturer: syz
[  145.237498][ T4248] usb 5-1: SerialNumber: syz
[  145.262993][ T4248] usb 5-1: config 0 descriptor??
[  145.294261][ T6269] netlink: 'syz.7.493': attribute type 4 has an invalid length.
[  145.406227][ T6281] netlink: 'syz.7.493': attribute type 4 has an invalid length.
[  145.562062][ T6282] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  145.632584][ T6282] device batadv_slave_0 entered promiscuous mode
[  145.753086][ T4248] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  145.776354][ T4248] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  145.854499][ T4248] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  145.884422][ T4248] usb 5-1: media controller created
[  145.959724][ T4248] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  146.253206][ T4248] zl10353_read_register: readreg error (reg=127, ret==0)
[  146.266505][ T4248] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  146.289678][ T4248] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  146.359452][ T4248] usb 5-1: USB disconnect, device number 8
[  146.464546][ T4248] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  148.764094][ T6338] loop5: detected capacity change from 0 to 256
[  148.852347][ T6338] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001207b, chksum : 0x1e8dde4d, utbl_chksum : 0xe619d30d)
[  148.893177][ T4248] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  148.928790][ T4248] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  149.024674][ T6351] loop7: detected capacity change from 0 to 2048
[  149.169932][ T6351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  149.180215][ T6360] loop5: detected capacity change from 0 to 1024
[  149.248773][ T6360] EXT4-fs (loop5): Ignoring removed orlov option
[  149.435609][ T6360] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,usrjquota=,,errors=continue. Quota mode: none.
[  149.496301][   T26] audit: type=1800 audit(1769702680.472:3): pid=6360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.515" name="bus" dev="loop5" ino=18 res=0 errno=0
[  149.547380][ T6360] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3887: comm syz.5.515: Allocating blocks 385-513 which overlap fs metadata
[  149.651296][ T6360] EXT4-fs (loop5): pa ffff8880751cfa80: logic 16, phys. 129, len 24
[  149.660249][ T6360] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 8
[  149.763066][ T1324] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  149.780466][ T5195] Trying to write to read-only block-device loop5
[  149.800777][ T5377] Trying to write to read-only block-device loop5
[  149.815510][ T5195] Trying to write to read-only block-device loop5
[  149.822113][ T5195] Trying to write to read-only block-device loop5
[  149.828260][ T5377] Trying to write to read-only block-device loop5
[  149.856027][ T5377] Trying to write to read-only block-device loop5
[  149.878371][ T5377] Trying to write to read-only block-device loop5
[  149.914965][ T5377] Trying to write to read-only block-device loop5
[  149.941978][ T5377] Trying to write to read-only block-device loop5
[  149.963017][ T5377] Trying to write to read-only block-device loop5
[  150.002883][ T1324] usb 8-1: Using ep0 maxpacket: 16
[  150.303265][ T1324] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  151.890230][ T1324] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  151.903815][ T1324] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.929799][ T1324] usb 8-1: config 0 descriptor??
[  151.980116][ T1324] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input8
[  152.160220][ T6411] x_tables: ip_tables: osf match: only valid for protocol 6
[  152.189196][ T6379] input: syz0 as /devices/virtual/input/input9
[  152.224098][ T6411] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  152.263491][ T4234] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  152.300005][ T4234] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  152.313624][ T6415] loop4: detected capacity change from 0 to 2048
[  152.392892][ T6415] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  152.977334][ T6447] tipc: Started in network mode
[  152.982226][ T6447] tipc: Node identity 080211000001, cluster identity 4711
[  153.009372][ T6447] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  153.232830][ T6460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  153.423480][ T3546] bcm5974 8-1:0.0: could not read from device
[  153.452165][ T1324] usb 8-1: USB disconnect, device number 5
[  153.475046][ T3546] bcm5974 8-1:0.0: could not read from device
[  153.551775][ T3546] bcm5974 8-1:0.0: could not read from device
[  153.608682][ T3546] bcm5974 8-1:0.0: could not read from device
[  154.013202][ T4234] tipc: Node number set to 134418688
[  155.558066][ T6505] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.565663][ T6505] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.697605][ T6520] netlink: 'syz.1.571': attribute type 1 has an invalid length.
[  155.766858][ T6520] bond2: (slave gretap1): making interface the new active one
[  155.784521][ T6520] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  155.809850][ T6529] netlink: 4 bytes leftover after parsing attributes in process `syz.5.572'.
[  155.826238][ T6529] netlink: 12 bytes leftover after parsing attributes in process `syz.5.572'.
[  156.090256][ T6542] loop2: detected capacity change from 0 to 7
[  156.111448][ T4850]  loop2:
[  156.114945][ T4850] loop2: partition table partially beyond EOD, truncated
[  156.126819][ T6542]  loop2:
[  156.262953][ T6542] loop2: partition table partially beyond EOD, truncated
[  156.513713][   T26] audit: type=1800 audit(1769702687.482:4): pid=6524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.569" name="/" dev="fuse" ino=4 res=0 errno=0
[  156.842424][ T6549] overlayfs: failed to get index nlink (file1/file0, err=-61)
[  157.026129][   T26] audit: type=1326 audit(1769702688.002:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.118978][   T26] audit: type=1326 audit(1769702688.032:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.234361][ T6562] futex_wake_op: syz.6.582 tries to shift op by 144; fix this program
[  157.265247][   T26] audit: type=1326 audit(1769702688.032:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.303768][ T6566] loop7: detected capacity change from 0 to 16384
[  157.315094][   T26] audit: type=1326 audit(1769702688.032:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.367981][   T26] audit: type=1326 audit(1769702688.042:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.501203][   T26] audit: type=1326 audit(1769702688.042:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.633203][   T26] audit: type=1326 audit(1769702688.042:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.645013][ T6570] loop_set_status: loop7 () has still dirty pages (nrpages=352)
[  157.670178][   T26] audit: type=1326 audit(1769702688.042:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7d575e778e code=0x7ffc0000
[  157.703569][   T26] audit: type=1326 audit(1769702688.042:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d57626eb9 code=0x7ffc0000
[  157.767248][ T6581] overlayfs: failed to clone upperpath
[  158.137522][ T6595] kvm: pic: non byte write
[  158.386438][ T6600] loop5: detected capacity change from 0 to 1024
[  158.446577][ T6602] netlink: 'syz.4.598': attribute type 4 has an invalid length.
[  158.527150][ T6603] netlink: 'syz.4.598': attribute type 4 has an invalid length.
[  160.637650][ T6634] pit: kvm: requested 137447 ns i8254 timer period limited to 200000 ns
[  162.924867][ T6687] team0: Port device team_slave_0 removed
[  163.146619][ T6708] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[  163.177042][ T4233] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  163.279160][ T6713] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  163.427239][ T4185] team0: Port device syz_tun removed
[  163.433105][ T4233] usb 6-1: Using ep0 maxpacket: 8
[  163.553584][ T4233] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  163.576768][ T4233] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.875733][ T4233] pvrusb2: Hardware description: Terratec Grabster AV400
[  163.974019][ T4233] pvrusb2: **********
[  164.027637][ T4233] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  164.049507][ T4233] pvrusb2: Important functionality might not be entirely working.
[  164.061425][ T4233] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  164.130812][ T4233] pvrusb2: **********
[  164.185336][ T2422] pvrusb2: Invalid write control endpoint
[  164.231338][ T2422] pvrusb2: Invalid write control endpoint
[  164.238470][ T2422] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  164.248714][ T2422] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  164.257675][ T2422] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  164.268355][ T2422] pvrusb2: Device being rendered inoperable
[  164.280933][ T2422] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  164.288682][ T2422] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  164.301729][ T2422] pvrusb2: Attached sub-driver cx25840
[  164.307698][ T2422] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  164.317839][ T2422] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  164.357858][ T6695] pvrusb2: Attempted to execute control transfer when device not ok
[  164.402417][ T4953] usb 6-1: USB disconnect, device number 4
[  164.641257][ T6744] netlink: 28 bytes leftover after parsing attributes in process `syz.1.644'.
[  164.656123][ T6744] netlink: 28 bytes leftover after parsing attributes in process `syz.1.644'.
[  164.669246][ T6738] chnl_net:caif_netlink_parms(): no params data found
[  164.723065][ T4233] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  164.752589][ T6738] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.759856][ T6738] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.768019][ T6738] device bridge_slave_0 entered promiscuous mode
[  164.776924][ T6738] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.784839][ T6738] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.792627][ T6738] device bridge_slave_1 entered promiscuous mode
[  164.817414][ T6738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.828969][ T6738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.859926][ T6738] team0: Port device team_slave_0 added
[  164.867961][ T6738] team0: Port device team_slave_1 added
[  164.890182][ T6738] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.913189][ T6738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.944912][ T6738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.973216][ T4233] usb 8-1: Using ep0 maxpacket: 32
[  164.980692][ T6738] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.999781][ T6738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.029945][ T6738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.120525][ T6738] device hsr_slave_0 entered promiscuous mode
[  165.128227][ T6738] device hsr_slave_1 entered promiscuous mode
[  165.132323][ T6767] fuse: Bad value for 'fd'
[  165.139071][ T4233] usb 8-1: unable to get BOS descriptor or descriptor too short
[  165.139112][ T6738] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.167429][ T6738] Cannot create hsr debugfs directory
[  165.361535][ T6738] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  165.373202][ T6738] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  165.380193][ T4233] usb 8-1: config 3 has an invalid interface number: 217 but max is 0
[  165.396200][ T4233] usb 8-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[  166.546159][ T4233] usb 8-1: config 3 has no interface number 0
[  166.552765][ T4233] usb 8-1: config 3 interface 217 altsetting 9 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  166.563929][ T4233] usb 8-1: config 3 interface 217 altsetting 9 has an invalid endpoint with address 0x0, skipping
[  166.577652][ T4233] usb 8-1: config 3 interface 217 altsetting 9 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  166.588726][ T4233] usb 8-1: config 3 interface 217 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[  166.600180][ T4233] usb 8-1: config 3 interface 217 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  166.611085][ T4233] usb 8-1: config 3 interface 217 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[  166.622398][ T4233] usb 8-1: config 3 interface 217 altsetting 9 has an invalid endpoint with address 0x0, skipping
[  166.634189][ T4233] usb 8-1: config 3 interface 217 has no altsetting 0
[  166.643251][ T1106] Bluetooth: hci1: command 0x0409 tx timeout
[  166.660761][ T6738] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  166.670737][ T6738] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  167.422992][ T4233] usb 8-1: string descriptor 0 read error: -71
[  167.430538][ T4233] usb 8-1: New USB device found, idVendor=bb56, idProduct=d636, bcdDevice=b4.60
[  167.467844][ T4233] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.547669][ T4233] usb 8-1: can't set config #3, error -71
[  167.626327][ T4233] usb 8-1: USB disconnect, device number 6
[  167.802194][ T6738] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.809800][ T6811] netlink: 24 bytes leftover after parsing attributes in process `syz.7.665'.
[  167.872687][ T6813] Illegal XDP return value 4294967294, expect packet loss!
[  167.897571][ T6738] 8021q: adding VLAN 0 to HW filter on device team0
[  167.921557][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  168.008368][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  168.062364][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  168.085912][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  168.094442][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.101514][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.288999][ T6819] binder: BINDER_SET_CONTEXT_MGR already set
[  168.422522][ T6819] binder: 6818:6819 ioctl 4018620d 200000000040 returned -16
[  168.527395][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  168.703995][ T1106] Bluetooth: hci1: command 0x041b tx timeout
[  168.739900][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  168.861152][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.868518][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.905251][ T4267] kernel write not supported for file /register (pid: 4267 comm: kworker/1:6)
[  168.954642][   T26] kauditd_printk_skb: 7 callbacks suppressed
[  168.954655][   T26] audit: type=1326 audit(1769702699.932:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.6.673" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdddfe9ceb9 code=0x0
[  169.000806][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  169.019999][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  169.052616][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  169.074264][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  169.108748][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  169.145105][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  169.157234][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  169.175826][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  169.203107][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  169.236516][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  169.267130][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  169.284708][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  169.313998][ T6738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  169.490949][ T6861] mmap: syz.7.678 (6861) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  169.591402][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  169.603667][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  169.637532][ T6738] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.868823][ T6870] netlink: 'syz.7.680': attribute type 1 has an invalid length.
[  169.915460][ T6870] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  169.928628][ T6870] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  169.942234][ T6870] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  170.193696][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  170.247592][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  170.291013][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  170.301710][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  170.319821][ T6738] device veth0_vlan entered promiscuous mode
[  170.342930][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  170.361627][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  170.380485][ T6738] device veth1_vlan entered promiscuous mode
[  170.518314][ T6738] device veth0_macvtap entered promiscuous mode
[  170.880490][ T4233] Bluetooth: hci1: command 0x040f tx timeout
[  171.199559][ T6738] device veth1_macvtap entered promiscuous mode
[  171.258021][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  171.266904][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  171.275653][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  171.304496][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  171.415854][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  171.425082][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  171.450730][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  171.472734][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.493800][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  171.514476][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.534876][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  171.552921][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.572158][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  171.583133][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.615899][ T6738] batman_adv: batadv0: Interface activated: batadv_slave_0
[  171.659796][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  171.681008][ T6922] input: syz1 as /devices/virtual/input/input10
[  171.686304][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  172.469383][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.506749][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.541660][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.592878][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.612857][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.628289][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.662952][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.682671][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.699975][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.711158][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.734972][ T6738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.751627][ T6738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.786432][ T6738] batman_adv: batadv0: Interface activated: batadv_slave_1
[  172.814052][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  172.847804][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  172.918979][ T6738] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.940423][ T6738] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  172.960822][ T6738] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.010835][ T6738] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.054968][ T6951] device ipip0 entered promiscuous mode
[  173.072978][ T4250] Bluetooth: hci1: command 0x0419 tx timeout
[  173.787183][ T4308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.813263][ T4308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.840881][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  173.861567][ T6967] netlink: 4 bytes leftover after parsing attributes in process `syz.5.710'.
[  173.896535][ T6967] bond0: (slave bond_slave_1): Releasing backup interface
[  173.917621][ T4332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.926729][ T4332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.940423][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  174.046139][    T7] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  174.136803][ T6972] team0: Port device team_slave_0 removed
[  174.423604][    T7] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.538869][    T7] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  174.633783][    T7] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.785672][ T6984] loop5: detected capacity change from 0 to 512
[  174.787794][    T7] usb 8-1: config 0 descriptor??
[  174.885018][    T7] pwc: Askey VC010 type 2 USB webcam detected.
[  174.987663][ T6995] netlink: 'syz.5.717': attribute type 1 has an invalid length.
[  175.043148][ T6995] 8021q: adding VLAN 0 to HW filter on device bond1
[  175.143251][ T7002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.719'.
[  175.182395][ T6995] bond1: (slave gretap1): making interface the new active one
[  175.199291][ T6995] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  175.213099][ T5195] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  175.228871][ T7007] 9pnet: Insufficient options for proto=fd
[  175.265829][ T7011] netlink: 4 bytes leftover after parsing attributes in process `syz.8.723'.
[  175.303046][    T7] pwc: recv_control_msg error -32 req 02 val 2b00
[  175.497696][    T7] pwc: recv_control_msg error -32 req 02 val 2700
[  175.509005][ T7011] bond0: (slave bond_slave_1): Releasing backup interface
[  175.542997][    T7] pwc: recv_control_msg error -32 req 02 val 2c00
[  176.488831][ T4250] Bluetooth: hci3: command 0x0406 tx timeout
[  176.495028][ T4250] Bluetooth: hci0: command 0x0406 tx timeout
[  176.542978][    T7] pwc: recv_control_msg error -32 req 04 val 1000
[  176.633098][    T7] pwc: recv_control_msg error -32 req 04 val 1300
[  176.707950][ T7031] team0: Port device team_slave_0 removed
[  177.365051][    T7] pwc: recv_control_msg error -32 req 02 val 2000
[  177.483004][    T7] pwc: recv_control_msg error -32 req 02 val 2100
[  177.505374][ T7042] loop8: detected capacity change from 0 to 4096
[  177.533366][    T7] pwc: recv_control_msg error -32 req 04 val 1500
[  177.736742][ T7042] ntfs3: loop8: ntfs_set_state r=3 failed, -22.
[  177.884916][    T7] pwc: recv_control_msg error -71 req 02 val 2400
[  178.082957][    T7] pwc: recv_control_msg error -71 req 02 val 2600
[  178.102999][    T7] pwc: recv_control_msg error -71 req 02 val 2900
[  178.151440][ T4308] ntfs3: loop8: ntfs3_write_inode r=3 failed, -22.
[  178.160157][    T7] pwc: recv_control_msg error -71 req 02 val 2800
[  178.176353][ T6738] ntfs3: loop8: ntfs_set_state r=3 failed, -22.
[  178.185034][ T6738] ntfs3: loop8: Mark volume as dirty due to NTFS errors
[  178.202956][    T7] pwc: recv_control_msg error -71 req 04 val 1100
[  178.213134][ T6738] ntfs3: loop8: ntfs_set_state r=3 failed, -22.
[  178.232967][    T7] pwc: recv_control_msg error -71 req 04 val 1200
[  178.237991][ T5156] ntfs3: loop8: ntfs3_write_inode r=3 failed, -22.
[  178.248377][ T6738] ntfs3: loop8: ntfs_evict_inode r=3 failed, -22.
[  178.273277][    T7] pwc: Registered as video103.
[  178.281752][    T7] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input11
[  178.423441][    T7] usb 8-1: USB disconnect, device number 7
[  178.658707][ T7072] team0: Port device team_slave_0 removed
[  178.799588][ T7078] kvm: emulating exchange as write
[  180.170612][ T7112] syz.7.758 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  181.343765][   T26] audit: type=1326 audit(1769702712.322:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.8.774" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fade9cd3eb9 code=0x0
[  181.408381][ T7153] team0: Port device team_slave_0 removed
[  182.662703][ T7181] loop7: detected capacity change from 0 to 512
[  182.755444][ T7186] loop8: detected capacity change from 0 to 512
[  182.780606][ T7181] EXT4-fs (loop7): Test dummy encryption mode enabled
[  182.790752][ T7181] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended
[  182.832634][ T7181] EXT4-fs (loop7): Errors on filesystem, clearing orphan list.
[  182.841915][ T7181] EXT4-fs (loop7): mounted filesystem without journal. Opts: jqfmt=vfsold,errors=continue,delalloc,prjquota,barrier=0x0000000000000001,resuid=0x0000000000000000,usrjquota=min_batch_time=0x00000000fffffffc,nodiscard,test_dummy_encryption,,errors=continue. Quota mode: writeback.
[  182.893732][ T7186] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  182.913829][ T7186] EXT4-fs (loop8): orphan cleanup on readonly fs
[  182.956574][ T7186] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 49 vs 41 free clusters
[  183.103119][ T7186] EXT4-fs (loop8): Remounting filesystem read-only
[  183.138478][ T7186] Quota error (device loop8): write_blk: dquota write failed
[  183.179446][ T7186] Quota error (device loop8): qtree_write_dquot: Error -28 occurred while creating quota
[  183.241785][ T7186] EXT4-fs error (device loop8): ext4_acquire_dquot:6234: comm syz.8.787: Failed to acquire dquot type 0
[  183.305485][ T7186] EXT4-fs (loop8): Remounting filesystem read-only
[  183.319025][ T7186] EXT4-fs (loop8): 1 truncate cleaned up
[  183.355044][ T7186] EXT4-fs (loop8): mounted filesystem without journal. Opts: max_dir_size_kb=0x000000000000000d,noblock_validity,noquota,nolazytime,nogrpid,errors=continue,errors=remount-ro,i_version,resuid=0x00000000000000002. Quota mode: writeback.
[  183.511965][ T7202] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  184.422794][    C0] sched: RT throttling activated
[  184.431234][ T7186] EXT4-fs error (device loop8): ext4_lookup:1858: inode #15: comm syz.8.787: iget: bad i_size value: 360287970189639690
[  184.860984][ T7220] netlink: 12 bytes leftover after parsing attributes in process `syz.7.799'.
[  185.116015][ T7225] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  186.119855][ T7241] orangefs_mount: mount request failed with -4
[  186.446173][ T7245] netlink: 24 bytes leftover after parsing attributes in process `syz.5.806'.
[  187.492977][ T7266] netlink: 'syz.6.812': attribute type 10 has an invalid length.
[  187.545492][ T7266] device bridge_slave_1 left promiscuous mode
[  187.572173][ T7266] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.633954][ T7266] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  188.799135][ T4248] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  189.092917][ T4248] usb 9-1: Using ep0 maxpacket: 8
[  189.256414][ T4248] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  189.271878][ T4248] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.884179][ T4248] usb 9-1: can't set config #252, error -71
[  190.891359][ T4248] usb 9-1: USB disconnect, device number 2
[  192.831441][ T7331] loop7: detected capacity change from 0 to 256
[  192.888184][ T7331] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  193.156685][ T7312] overlayfs: failed to clone upperpath
[  194.148419][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  195.154765][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  196.801188][ T7368] smb3: Unknown parameter 'rdmale0'
[  197.186349][ T4249] Bluetooth: hci2: command 0x0406 tx timeout
[  197.604225][ T7405] overlayfs: failed to clone upperpath
[  198.219455][ T7423] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  199.091342][ T7424] device syz_tun left promiscuous mode
[  200.608231][ T7446] netlink: 12 bytes leftover after parsing attributes in process `syz.8.873'.
[  200.644243][ T7446] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.656838][ T7446] netlink: 8 bytes leftover after parsing attributes in process `syz.8.873'.
[  200.784933][ T7446] device macvlan2 entered promiscuous mode
[  200.803411][ T7450] netlink: 8 bytes leftover after parsing attributes in process `syz.8.873'.
[  201.808162][ T7474] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  203.280892][ T7489] orangefs_mount: mount request failed with -4
[  204.634944][ T7505] No such timeout policy "syz1"
[  206.332809][ T7529] orangefs_mount: mount request failed with -4
[  206.424991][ T7533] netlink: 24 bytes leftover after parsing attributes in process `syz.8.902'.
[  207.639156][ T7558] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  207.705691][ T7560] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  207.812083][ T7563] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  208.521145][ T7568] tipc: Started in network mode
[  208.557083][ T7568] tipc: Node identity bee124bb9dbc, cluster identity 4711
[  208.574396][ T7568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  208.690050][ T7575] device syzkaller0 entered promiscuous mode
[  208.769341][ T7565] tipc: Resetting bearer <eth:syzkaller0>
[  209.085235][ T7565] tipc: Disabling bearer <eth:syzkaller0>
[  209.776353][ T7619] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  211.711607][ T7645] netlink: 'syz.8.936': attribute type 4 has an invalid length.
[  211.743033][ T4953] Bluetooth: hci5: command 0x0406 tx timeout
[  213.843511][ T7685] MPTCP: kernel_bind error, err=-98
[  215.677679][ T7725] loop8: detected capacity change from 0 to 512
[  217.809527][ T7763] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.816957][ T7763] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.155413][ T7772] blk_update_request: I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  218.167286][ T7772] F2FS-fs (loop13): Unable to read 1th superblock
[  218.174679][ T7772] blk_update_request: I/O error, dev loop13, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  218.186014][ T7772] F2FS-fs (loop13): Unable to read 2th superblock
[  220.682309][ T7800] 8021q: VLANs not supported on gre0
[  222.653513][ T4248] Bluetooth: hci4: command 0x0406 tx timeout
[  222.691783][ T7829] netlink: 'syz.7.988': attribute type 1 has an invalid length.
[  222.806660][ T7829] 8021q: adding VLAN 0 to HW filter on device bond2
[  222.954581][ T7831] bond2: (slave vlan2): making interface the new active one
[  222.965267][ T7831] bond2: (slave vlan2): Enslaving as an active interface with an up link
[  222.973996][ T5211] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  223.734826][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.997'.
[  223.775653][ T7851] device macvlan2 entered promiscuous mode
[  223.783506][ T7851] device vlan1 entered promiscuous mode
[  223.847769][ T7851] bond3: (slave macvlan2): Enslaving as an active interface with an up link
[  223.864889][ T7858] loop8: detected capacity change from 0 to 128
[  223.875553][ T7854] netlink: 'syz.5.996': attribute type 4 has an invalid length.
[  224.165746][ T7858] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  224.190956][ T7858] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  224.247934][ T7869] overlayfs: failed to clone upperpath
[  224.321470][ T7871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.819647][ T7858] fscrypt (loop8, inode 12): Missing crypto API support for AES-128-CTS-CBC (API name: "cts(cbc(aes))")
[  225.159532][ T7893] binder: 7892:7893 ioctl c018620c 0 returned -14
[  225.242135][ T7895] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  225.242135][ T7895]    program syz.8.1007 not setting count and/or reply_len properly
[  226.323498][ T7910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1015'.
[  226.354727][ T7908] overlayfs: failed to get index nlink (file1/file0, err=-61)
[  227.984584][ T7934] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.991828][ T7934] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.068323][ T7959] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  235.540726][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1042'.
[  236.049026][ T8040] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1054'.
[  236.076327][ T8040] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1054'.
[  236.208920][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1051'.
[  239.230943][ T8084] overlayfs: failed to clone upperpath
[  239.685195][ T8094] loop8: detected capacity change from 0 to 128
[  240.075849][ T8094] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  240.093046][ T8094] ext4 filesystem being mounted at /59/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  243.490372][ T8159] batman_adv: batadv0: Removing interface: batadv_slave_0
[  243.542599][ T8161] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1093'.
[  245.135314][ T8178] loop5: detected capacity change from 0 to 7
[  245.182984][ T8010]  loop5:
[  245.186013][ T8010] loop5: partition table partially beyond EOD, truncated
[  245.217352][ T8178]  loop5:
[  245.221237][ T8178] loop5: partition table partially beyond EOD, truncated
[  245.310472][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1100'.
[  245.390447][ T8185] netlink: 'syz.7.1101': attribute type 1 has an invalid length.
[  245.454044][ T8185] 8021q: adding VLAN 0 to HW filter on device bond3
[  245.544331][ T8189] bond3: (slave geneve2): making interface the new active one
[  245.585863][ T8189] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  245.606397][ T5156] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  245.668819][ T8189] syz.7.1101 (8189) used greatest stack depth: 18320 bytes left
[  247.356209][ T8230] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1110'.
[  247.554509][ T8232] No such timeout policy "syz1"
[  249.570047][ T8261] loop8: detected capacity change from 0 to 128
[  249.847546][ T8274] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  250.793097][ T8284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  255.278502][ T8319] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1146'.
[  255.586301][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  255.592715][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  256.038626][ T8337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.594331][ T8319] device vlan2 entered promiscuous mode
[  256.600678][ T8319] device team0 entered promiscuous mode
[  256.674059][ T8319] device team_slave_1 entered promiscuous mode
[  256.898497][ T8339] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1151'.
[  256.909497][ T8339] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1151'.
[  261.484138][ T8392] sctp: [Deprecated]: syz.7.1166 (pid 8392) Use of int in max_burst socket option.
[  261.484138][ T8392] Use struct sctp_assoc_value instead
[  261.966170][ T8409] device syzkaller0 entered promiscuous mode
[  262.010323][ T8416] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  262.659833][ T8442] xt_TPROXY: Can be used only with -p tcp or -p udp
[  266.282211][ T8488] netlink: 496 bytes leftover after parsing attributes in process `syz.6.1193'.
[  269.219341][ T8522] netlink: 'syz.5.1204': attribute type 10 has an invalid length.
[  269.254125][ T8522] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1204'.
[  269.336343][ T8522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.397864][ T8522] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  269.433631][ T8522] bond0 (unregistering): Released all slaves
[  269.491857][   T26] audit: type=1326 audit(2000000064.639:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.546495][   T26] audit: type=1326 audit(2000000064.669:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.581747][   T26] audit: type=1326 audit(2000000064.679:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.604897][   T26] audit: type=1326 audit(2000000064.679:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.628657][   T26] audit: type=1326 audit(2000000064.679:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.642443][ T8539] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  269.659297][   T26] audit: type=1326 audit(2000000064.679:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  269.687308][   T26] audit: type=1326 audit(2000000064.679:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  270.485567][   T26] audit: type=1326 audit(2000000064.679:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  270.531072][   T26] audit: type=1326 audit(2000000064.679:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  270.553968][   T26] audit: type=1326 audit(2000000064.699:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8526 comm="syz.8.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade9cd3eb9 code=0x7ffc0000
[  270.642053][ T8553] netlink: 'syz.6.1212': attribute type 10 has an invalid length.
[  270.669155][ T8553] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1212'.
[  270.711389][ T8553] device geneve0 entered promiscuous mode
[  270.728678][ T8553] team0: Port device geneve0 added
[  271.473646][ T8565] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1215'.
[  271.487878][ T8565] device vlan3 entered promiscuous mode
[  271.494903][ T8565] device team0 entered promiscuous mode
[  271.501203][ T8565] device team_slave_1 entered promiscuous mode
[  272.799782][ T8574] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1217'.
[  274.807207][ T8620] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1232'.
[  277.164020][ T8659] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1243'.
[  280.493266][ T8711] netlink: 'syz.8.1258': attribute type 10 has an invalid length.
[  280.541447][ T8711] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  280.546142][ T8717] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1258'.
[  280.808030][ T8720] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1262'.
[  283.728309][ T8743] loop8: detected capacity change from 0 to 1024
[  283.790660][ T8743] hfsplus: unable to parse mount options
[  283.865658][ T8743] input: syz0 as /devices/virtual/input/input12
[  283.888827][ T8745] device vlan2 entered promiscuous mode
[  283.914309][ T8743] netlink: 'syz.8.1268': attribute type 4 has an invalid length.
[  283.938800][ T8745] device syz_tun entered promiscuous mode
[  283.962205][ T8743] netlink: 128124 bytes leftover after parsing attributes in process `syz.8.1268'.
[  289.456605][ T4234] Bluetooth: hci1: command 0x0406 tx timeout
[  291.353840][ T8823] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[  292.653414][ T8844] bond1: option mode: unable to set because the bond device has slaves
[  292.695676][ T8844] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  292.712280][ T8846] device syzkaller0 entered promiscuous mode
[  295.389442][ T8877] loop8: detected capacity change from 0 to 128
[  295.866404][ T8887] netlink: 'syz.7.1312': attribute type 1 has an invalid length.
[  295.942340][ T8887] device bond4 entered promiscuous mode
[  295.964733][ T8887] 8021q: adding VLAN 0 to HW filter on device bond4
[  296.011784][ T8893] bond4: (slave veth7): Enslaving as an active interface with a down link
[  296.760238][ T8877] attempt to access beyond end of device
[  296.760238][ T8877] loop8: rw=2049, want=154, limit=128
[  296.857051][ T8891] attempt to access beyond end of device
[  296.857051][ T8891] loop8: rw=2049, want=178, limit=128
[  297.012707][ T8912] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1314'.
[  301.556203][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1345'.
[  309.396276][ T9100] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1366'.
[  310.484166][ T9135] netlink: 'syz.6.1376': attribute type 1 has an invalid length.
[  310.506462][ T9135] 8021q: adding VLAN 0 to HW filter on device bond1
[  310.676760][ T9135] bond1: (slave vlan3): Enslaving as an active interface with a down link
[  314.464253][ T9164] overlayfs: failed to clone upperpath
[  317.041053][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  317.048747][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  317.145092][ T9149] 8021q: adding VLAN 0 to HW filter on device bond5
[  317.209515][ T9153] bond5: (slave ip6gretap1): making interface the new active one
[  317.399366][ T9153] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link
[  317.403696][ T9174] capability: warning: `syz.8.1386' uses 32-bit capabilities (legacy support in use)
[  317.422522][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[  317.895721][ T4333] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.362212][ T4333] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  322.060368][ T4333] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.678161][ T4333] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.599617][ T9285] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  328.499420][ T9308] syz.6.1417 (9308) used greatest stack depth: 17112 bytes left
[  329.964449][ T4333] tipc: Disabling bearer <eth:ipvlan1>
[  329.975558][ T4333] tipc: Left network mode
[  330.274463][ T9333] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  336.430787][ T4333] bond0: (slave wlan1): Releasing backup interface
[  338.850267][ T9472] ==================================================================
[  338.859154][ T9472] BUG: KASAN: use-after-free in ieee80211_monitor_select_queue+0x23a/0x240
[  338.867800][ T9472] Read of size 2 at addr ffff8880622dc9fb by task syz.7.1455/9472
[  338.875629][ T9472] 
[  338.878000][ T9472] CPU: 1 PID: 9472 Comm: syz.7.1455 Not tainted syzkaller #0
[  338.885394][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  338.895484][ T9472] Call Trace:
[  338.898789][ T9472]  <TASK>
[  338.901736][ T9472]  dump_stack_lvl+0x188/0x250
[  338.906450][ T9472]  ? show_regs_print_info+0x20/0x20
[  338.911712][ T9472]  ? load_image+0x400/0x400
[  338.916243][ T9472]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  338.921736][ T9472]  ? ieee80211_tx+0x460/0x460
[  338.926451][ T9472]  print_address_description+0x60/0x2d0
[  338.932041][ T9472]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  338.938308][ T9472]  kasan_report+0xdf/0x130
[  338.942764][ T9472]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  338.949124][ T9472]  ieee80211_monitor_select_queue+0x23a/0x240
[  338.955258][ T9472]  ? ieee80211_recalc_smps_work+0x20/0x20
[  338.961017][ T9472]  netdev_core_pick_tx+0x118/0x2e0
[  338.966252][ T9472]  __dev_queue_xmit+0x756/0x2fd0
[  338.971260][ T9472]  ? __might_fault+0xb7/0x110
[  338.975975][ T9472]  ? dev_queue_xmit+0x20/0x20
[  338.980676][ T9472]  ? virtio_net_hdr_to_skb+0xa6b/0x11f0
[  338.986647][ T9472]  ? packet_cached_dev_get+0x270/0x270
[  338.992139][ T9472]  ? skb_copy_datagram_from_iter+0x5e3/0x6a0
[  338.998159][ T9472]  packet_sendmsg+0x3dba/0x5060
[  339.003075][ T9472]  ? __might_sleep+0xf0/0xf0
[  339.007705][ T9472]  ? aa_sk_perm+0x7dc/0x910
[  339.012232][ T9472]  ? packet_getsockopt+0x9a0/0x9a0
[  339.017382][ T9472]  ? aa_sock_msg_perm+0x94/0x150
[  339.022347][ T9472]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  339.027654][ T9472]  ? security_socket_sendmsg+0x7c/0xa0
[  339.033141][ T9472]  ? packet_getsockopt+0x9a0/0x9a0
[  339.038271][ T9472]  ____sys_sendmsg+0x5b7/0x8f0
[  339.043068][ T9472]  ? __sys_sendmsg_sock+0x30/0x30
[  339.048122][ T9472]  ? import_iovec+0x6f/0xa0
[  339.052655][ T9472]  ___sys_sendmsg+0x236/0x2e0
[  339.057368][ T9472]  ? __sys_sendmsg+0x2a0/0x2a0
[  339.062182][ T9472]  __se_sys_sendmsg+0x1af/0x290
[  339.067169][ T9472]  ? __x64_sys_sendmsg+0x80/0x80
[  339.072133][ T9472]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  339.078147][ T9472]  ? lockdep_hardirqs_on+0x94/0x140
[  339.083365][ T9472]  do_syscall_64+0x4c/0xa0
[  339.087795][ T9472]  ? clear_bhb_loop+0x30/0x80
[  339.092483][ T9472]  ? clear_bhb_loop+0x30/0x80
[  339.097180][ T9472]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  339.103105][ T9472] RIP: 0033:0x7f3e84681eb9
[  339.107531][ T9472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  339.127149][ T9472] RSP: 002b:00007f3e828dd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.135589][ T9472] RAX: ffffffffffffffda RBX: 00007f3e848fcfa0 RCX: 00007f3e84681eb9
[  339.143580][ T9472] RDX: 0000000000004005 RSI: 0000200000000280 RDI: 0000000000000004
[  339.151564][ T9472] RBP: 00007f3e846efc1f R08: 0000000000000000 R09: 0000000000000000
[  339.159550][ T9472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.167542][ T9472] R13: 00007f3e848fd038 R14: 00007f3e848fcfa0 R15: 00007fffe6c2da98
[  339.175636][ T9472]  </TASK>
[  339.178670][ T9472] 
[  339.180996][ T9472] Allocated by task 9090:
[  339.185320][ T9472]  __kasan_kmalloc+0xb5/0xf0
[  339.189923][ T9472]  __alloc_skb+0x22c/0x750
[  339.194361][ T9472]  netlink_ack+0x372/0xb50
[  339.198788][ T9472]  netlink_rcv_skb+0x27a/0x440
[  339.203559][ T9472]  netlink_unicast+0x774/0x920
[  339.208338][ T9472]  netlink_sendmsg+0x8ba/0xbe0
[  339.213111][ T9472]  ____sys_sendmsg+0x5b7/0x8f0
[  339.217921][ T9472]  ___sys_sendmsg+0x236/0x2e0
[  339.222617][ T9472]  __se_sys_sendmsg+0x1af/0x290
[  339.227487][ T9472]  do_syscall_64+0x4c/0xa0
[  339.231915][ T9472]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  339.237833][ T9472] 
[  339.240161][ T9472] Freed by task 6738:
[  339.244141][ T9472]  kasan_set_track+0x4b/0x70
[  339.248736][ T9472]  kasan_set_free_info+0x1f/0x40
[  339.253681][ T9472]  ____kasan_slab_free+0xd5/0x110
[  339.258718][ T9472]  slab_free_freelist_hook+0xea/0x170
[  339.264092][ T9472]  kfree+0xef/0x2a0
[  339.267907][ T9472]  skb_release_data+0x6b8/0x800
[  339.272861][ T9472]  skb_queue_purge+0x1bd/0x290
[  339.277636][ T9472]  netlink_sock_destruct+0x24/0x190
[  339.282844][ T9472]  __sk_destruct+0x50/0x840
[  339.287373][ T9472]  rcu_core+0x9d2/0x1670
[  339.291632][ T9472]  handle_softirqs+0x339/0x830
[  339.296411][ T9472]  __irq_exit_rcu+0x13b/0x230
[  339.301106][ T9472]  irq_exit_rcu+0x5/0x20
[  339.305367][ T9472]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  339.311026][ T9472]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  339.317025][ T9472] 
[  339.319354][ T9472] The buggy address belongs to the object at ffff8880622dc800
[  339.319354][ T9472]  which belongs to the cache kmalloc-512 of size 512
[  339.333417][ T9472] The buggy address is located 507 bytes inside of
[  339.333417][ T9472]  512-byte region [ffff8880622dc800, ffff8880622dca00)
[  339.346728][ T9472] The buggy address belongs to the page:
[  339.352382][ T9472] page:ffffea000188b700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x622dc
[  339.362564][ T9472] head:ffffea000188b700 order:2 compound_mapcount:0 compound_pincount:0
[  339.370989][ T9472] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  339.379112][ T9472] raw: 00fff00000010200 0000000000000000 0000000a00000001 ffff888016c41c80
[  339.387716][ T9472] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  339.396346][ T9472] page dumped because: kasan: bad access detected
[  339.402797][ T9472] page_owner tracks the page as allocated
[  339.408734][ T9472] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4188, ts 51266483402, free_ts 51265402018
[  339.427876][ T9472]  get_page_from_freelist+0x1bbd/0x1ca0
[  339.433452][ T9472]  __alloc_pages+0x1ee/0x480
[  339.438069][ T9472]  new_slab+0xc0/0x4b0
[  339.442158][ T9472]  ___slab_alloc+0x80a/0xdd0
[  339.446762][ T9472]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  339.452151][ T9472]  rtnl_newlink+0x183/0x1a50
[  339.456761][ T9472]  rtnetlink_rcv_msg+0x844/0xf30
[  339.461714][ T9472]  netlink_rcv_skb+0x1f5/0x440
[  339.466489][ T9472]  netlink_unicast+0x774/0x920
[  339.471276][ T9472]  netlink_sendmsg+0x8ba/0xbe0
[  339.476058][ T9472]  __sys_sendto+0x46d/0x620
[  339.480575][ T9472]  __x64_sys_sendto+0xda/0xf0
[  339.485262][ T9472]  do_syscall_64+0x4c/0xa0
[  339.489684][ T9472]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  339.495590][ T9472] page last free stack trace:
[  339.500393][ T9472]  free_unref_page_prepare+0x637/0x6c0
[  339.505874][ T9472]  free_unref_page+0x8f/0x2a0
[  339.510567][ T9472]  stack_depot_save+0x418/0x440
[  339.515545][ T9472]  __kasan_kmalloc+0xcc/0xf0
[  339.520146][ T9472]  __alloc_skb+0x22c/0x750
[  339.524575][ T9472]  inet_netconf_notify_devconf+0x16f/0x230
[  339.530475][ T9472]  __devinet_sysctl_register+0x32a/0x3a0
[  339.536124][ T9472]  devinet_sysctl_register+0x17c/0x1f0
[  339.541596][ T9472]  inetdev_init+0x28c/0x4d0
[  339.546108][ T9472]  inetdev_event+0x26f/0x1370
[  339.550797][ T9472]  raw_notifier_call_chain+0xcb/0x160
[  339.556186][ T9472]  register_netdevice+0x129d/0x16f0
[  339.561397][ T9472]  rtnl_newlink+0x1597/0x1a50
[  339.566087][ T9472]  rtnetlink_rcv_msg+0x844/0xf30
[  339.571039][ T9472]  netlink_rcv_skb+0x1f5/0x440
[  339.575811][ T9472]  netlink_unicast+0x774/0x920
[  339.580588][ T9472] 
[  339.582914][ T9472] Memory state around the buggy address:
[  339.588547][ T9472]  ffff8880622dc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  339.596621][ T9472]  ffff8880622dc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  339.604794][ T9472] >ffff8880622dc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  339.612868][ T9472]                                                                 ^
[  339.620862][ T9472]  ffff8880622dca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  339.628941][ T9472]  ffff8880622dca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  339.637018][ T9472] ==================================================================
[  339.645095][ T9472] Disabling lock debugging due to kernel taint
[  339.651375][ T9472] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  339.658577][ T9472] CPU: 1 PID: 9472 Comm: syz.7.1455 Tainted: G    B             syzkaller #0
[  339.667341][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  339.677407][ T9472] Call Trace:
[  339.680692][ T9472]  <TASK>
[  339.683631][ T9472]  dump_stack_lvl+0x188/0x250
[  339.688314][ T9472]  ? show_regs_print_info+0x20/0x20
[  339.693517][ T9472]  ? load_image+0x400/0x400
[  339.698035][ T9472]  panic+0x2e5/0x810
[  339.701940][ T9472]  ? bpf_jit_dump+0xd0/0xd0
[  339.706448][ T9472]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  339.712345][ T9472]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  339.718245][ T9472]  ? _raw_spin_unlock+0x40/0x40
[  339.723104][ T9472]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  339.729349][ T9472]  check_panic_on_warn+0x80/0xa0
[  339.734297][ T9472]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  339.740546][ T9472]  end_report+0x6d/0xf0
[  339.744804][ T9472]  kasan_report+0x102/0x130
[  339.749319][ T9472]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  339.755583][ T9472]  ieee80211_monitor_select_queue+0x23a/0x240
[  339.761668][ T9472]  ? ieee80211_recalc_smps_work+0x20/0x20
[  339.767401][ T9472]  netdev_core_pick_tx+0x118/0x2e0
[  339.772530][ T9472]  __dev_queue_xmit+0x756/0x2fd0
[  339.777482][ T9472]  ? __might_fault+0xb7/0x110
[  339.782257][ T9472]  ? dev_queue_xmit+0x20/0x20
[  339.786937][ T9472]  ? virtio_net_hdr_to_skb+0xa6b/0x11f0
[  339.792493][ T9472]  ? packet_cached_dev_get+0x270/0x270
[  339.797960][ T9472]  ? skb_copy_datagram_from_iter+0x5e3/0x6a0
[  339.803953][ T9472]  packet_sendmsg+0x3dba/0x5060
[  339.808827][ T9472]  ? __might_sleep+0xf0/0xf0
[  339.813432][ T9472]  ? aa_sk_perm+0x7dc/0x910
[  339.817960][ T9472]  ? packet_getsockopt+0x9a0/0x9a0
[  339.823100][ T9472]  ? aa_sock_msg_perm+0x94/0x150
[  339.828057][ T9472]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  339.833354][ T9472]  ? security_socket_sendmsg+0x7c/0xa0
[  339.838821][ T9472]  ? packet_getsockopt+0x9a0/0x9a0
[  339.843937][ T9472]  ____sys_sendmsg+0x5b7/0x8f0
[  339.848814][ T9472]  ? __sys_sendmsg_sock+0x30/0x30
[  339.853849][ T9472]  ? import_iovec+0x6f/0xa0
[  339.858358][ T9472]  ___sys_sendmsg+0x236/0x2e0
[  339.863045][ T9472]  ? __sys_sendmsg+0x2a0/0x2a0
[  339.867845][ T9472]  __se_sys_sendmsg+0x1af/0x290
[  339.872712][ T9472]  ? __x64_sys_sendmsg+0x80/0x80
[  339.877664][ T9472]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  339.883664][ T9472]  ? lockdep_hardirqs_on+0x94/0x140
[  339.888878][ T9472]  do_syscall_64+0x4c/0xa0
[  339.893305][ T9472]  ? clear_bhb_loop+0x30/0x80
[  339.898013][ T9472]  ? clear_bhb_loop+0x30/0x80
[  339.902702][ T9472]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  339.908601][ T9472] RIP: 0033:0x7f3e84681eb9
[  339.913016][ T9472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  339.932629][ T9472] RSP: 002b:00007f3e828dd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.941063][ T9472] RAX: ffffffffffffffda RBX: 00007f3e848fcfa0 RCX: 00007f3e84681eb9
[  339.949044][ T9472] RDX: 0000000000004005 RSI: 0000200000000280 RDI: 0000000000000004
[  339.957026][ T9472] RBP: 00007f3e846efc1f R08: 0000000000000000 R09: 0000000000000000
[  339.965003][ T9472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.972984][ T9472] R13: 00007f3e848fd038 R14: 00007f3e848fcfa0 R15: 00007fffe6c2da98
[  339.980970][ T9472]  </TASK>
[  339.984324][ T9472] Kernel Offset: disabled
[  339.988661][ T9472] Rebooting in 86400 seconds..