last executing test programs:

57.71527225s ago: executing program 2 (id=2394):
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1, 0x0, 0xc00}, 0x80)
r1 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef)

57.578771675s ago: executing program 2 (id=2396):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000d8425bd7000fcdbff2500000000", @ANYRES32=0x0], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

54.4915683s ago: executing program 2 (id=2405):
r0 = socket$packet(0x11, 0x2, 0x300)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4044094)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xfd01}, 0x8)

54.326522366s ago: executing program 2 (id=2406):
socket$packet(0x11, 0xa, 0x300)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200454, &(0x7f0000000040)={[{@user_xattr}, {@nodelalloc}]}, 0x1, 0x244, &(0x7f0000000540)="$eJzs3DFoFXccB/Df3XuvadJHSdulUGgLpZQ2ENKt0CVdWgiUEEoptIWUIi5KIsQEt8TJxUFnlUwuQdyMjpIluCiCU9QMcRE0OCQ46PDk3iUSzQsKl7wT7/OBS+7e+//v9z/uff/3hncXQGX1R8RwRNQiYiAiGhGR7Gzwdb70b23O9y6PR7RafzxJ2u3y7dx2v48iYi4ifoqIpTSJI/WImcV/1p6u/Pbd6enGtxcX/+7t6kFuWV9b/X3zwuipKyM/zty682g0ieFovnJc+y/p8Fo9ifj0IIq9I5J62SPgbYyduHw3y/1nEfFNO/+NSCM/eWemPlhqxA/n9+p79vHtL7o5VmD/tVqN7Bo41wIqJ42IZiTpYETk62k6OJh/h79X60uPTk4dHzg8OT1xqOyZCtgvzYjVX6/1XN14Lf8Pa3n+gfdXlv8/xxbuZ+ubtbJHA3RTlv+B/2a/D/mHypF/qC75h+qSf6gu+Yfqkn+orj3yv/0z/7SscQEHz/Ufqkv+obrkH6prZ/4BgGpp9ZR9BzJQlrLnHwAAAAAAAAAAAAAAAAAAYLf53uXx7aVbNW+ci1j/JSLqnerXth5C/GH7b99GkjV7Kcm7FfLvVwV3UNClku++/vhBufVvfllu/dmJiLmTETFUr+/+/CWFH4L9yRveb/xfsEBBP/9Vbv3nC+XWH1mJuJ7NP0Od5p80Pm//7zz/NLPzV7D+sWcFdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDXvAgAAP//DkFuIw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000240)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
write$FUSE_GETXATTR(r0, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x0, {0x2}}, 0x18)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x8480, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)

52.519299777s ago: executing program 2 (id=2411):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4}, {0x0, [0x61, 0x5f]}}, 0x0, 0x1c}, 0x28)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000840)='E', 0x2, 0x0, 0x200000}, 0x50)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40000)

51.791545293s ago: executing program 2 (id=2415):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000002240)="2d12376647d788ad2cdbd0e68c140c7f72d35ae5869c470a1f53ea73c32220190e02cb0b770bb154d1d5d1b343cb1feadca1752e4397955e1a151721f1b28b9e32b7966f9ddd7ad3822c5ff3dc03786c1c86c2a6f7c271710c573396ca95e95a524201b0bf0539042ae14072693f9734306f7a21f92421e8e0ea335d07d1f2839c4c195930cd35c65dfc527de84f2cab4f0c78474734d7c5cba0c70ee0fd10ad5ed3f4b70308c29000e8cd98d57c90c7d9298ee4a2c41b141614627880ace9cfde45a0ae5f6f5cf3eb31254454e92eacdab64eb048b144e4fcc16afe59e7d7dad7696df64aa223d14d69bbe8ee2f76e1d4a32477a7cf108fea86a7e085c1575f683857cff342574109f74cf05e3f63f328f46735ba0578d84b4978ce545621b1666ca7da451d40e961a037822eebcbba9bf9e92af7281442efcaa8e0d3ecd6111d8fc1c742d0e7efe8e51a1c5e6ea04fec02a986cba677d9dc642d110df6f55c786c73f7ce4ebf9415bdb2680d0ff4597006d96e3c164114a4effae84380e492822c002b2e96f160a0784fd0ebe448eddaa801921576287f61a15be332a94eea951c0826874d105173a6b3f2a6e420ed5ef00b1f699b74c524a1859cb7d6dfb7257b6f0b92e17ce21237da0ec892735601b29693dce455876447f76df303a8cb34bd9c9241da9904c1c17d416753c71aeed9cc07d26b4a438df4e302cf120cda73c04d5a1b7295f1cb7ff88084211adde5fdf991f97cb522b56c561ad1119a4675fbf566b77660dfd457467652d23c739cc9ba93bbd5b464c46e46187ce71d7aab533e670c861b227454d7c21f9f16000eee0c1772a152c26acd2744c5553ace622369f15d5354a3b5ac4bb9261a766830d351fa931558dee7ff30768b2e29025c3b115179ed6a12ea76a23db3626bc033f85a43c3c3f50b75b89a418277837ba571189e708f4aaaacc19537e7aa156b7058c200e8f9be1da8a63c7e878f3e733060a1cb24a2a09ea76413efdc4e0b1027a09c6830b4ca5ccd4695e2e0bb1610a21b0cc66012aab283b6c5dfbd20aef8d7ad04e4c618a065a588d05e3f780126eee290cf0f94fb4a2c5a8cb97f60d9e50301a4f01f3787ab052ef8782d6ef0f92385ab59015670a054dab1ab0400be74fdc4ac3d18fb5b5da13e55a05e29ad14dd0abf0435dea601ce80573548f3c8f21ecfcbe5361d1505a91c355d8477fe7e3866be005acae25cbab7bd8684294963c3c95924f7d62ca0ed2d7aa01048cbdcd4d7ae9717d4feb97e1e825f6156e9c5fc456509798d2f5adc9356752a8974894ff5bf9d14aab3ddf18fd4f9af23c66f7e4ef7e345e769260fd9d2a22ddd078dd7e44f904ea78dd3db5b0f4a8d7ce9ae7909cedde165b7458da24d576fc0e18d3c27cccaff21146ad51c1681c629a8f0b8a4ae213c88910c54de9af7890b0a4414e0d38c31d76a130b587b764260655f17f901f96b835a1fecb1f7438f5e18ff60720d37d19b1a9ae3e03dc10aa1c4f2abb918883d56ddd4e74b48a4aeadccf2329956ed18b2001d1e1e80bdf325449beda911916f802234f5b182264754cd3bb26b2ae658cc0ee185a19cba7f9e54e47c32f8b87d0fed97c911d28f971e70be5fb830109a57b600f734a4cc734cbb67a58e6a696ccb39c328c537fe467fd194183aad728f95b0a4afb4557615408a83785c0d313e666d1dab18d49a4feaf12993e73f5537998a1ed25b93f9bca346376129dee3a5a78675d30bd19a78b77f45ea8b5b48cb4c78a1bc30df00badb811585966b8f8ef42d89236f5e99f849a44d62d1431eb187333dcde91582a29e777b9cd6e1bc86eff512ba48d6030681d395bfb8c5259b0c22028400a1d3929a6e3fa0fcda3deb9cf8e7e079c21d7c20b1670eb880789ae809608b", 0x549, 0x4004085, 0x0, 0x0)

51.290702729s ago: executing program 32 (id=2415):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000002240)="2d12376647d788ad2cdbd0e68c140c7f72d35ae5869c470a1f53ea73c32220190e02cb0b770bb154d1d5d1b343cb1feadca1752e4397955e1a151721f1b28b9e32b7966f9ddd7ad3822c5ff3dc03786c1c86c2a6f7c271710c573396ca95e95a524201b0bf0539042ae14072693f9734306f7a21f92421e8e0ea335d07d1f2839c4c195930cd35c65dfc527de84f2cab4f0c78474734d7c5cba0c70ee0fd10ad5ed3f4b70308c29000e8cd98d57c90c7d9298ee4a2c41b141614627880ace9cfde45a0ae5f6f5cf3eb31254454e92eacdab64eb048b144e4fcc16afe59e7d7dad7696df64aa223d14d69bbe8ee2f76e1d4a32477a7cf108fea86a7e085c1575f683857cff342574109f74cf05e3f63f328f46735ba0578d84b4978ce545621b1666ca7da451d40e961a037822eebcbba9bf9e92af7281442efcaa8e0d3ecd6111d8fc1c742d0e7efe8e51a1c5e6ea04fec02a986cba677d9dc642d110df6f55c786c73f7ce4ebf9415bdb2680d0ff4597006d96e3c164114a4effae84380e492822c002b2e96f160a0784fd0ebe448eddaa801921576287f61a15be332a94eea951c0826874d105173a6b3f2a6e420ed5ef00b1f699b74c524a1859cb7d6dfb7257b6f0b92e17ce21237da0ec892735601b29693dce455876447f76df303a8cb34bd9c9241da9904c1c17d416753c71aeed9cc07d26b4a438df4e302cf120cda73c04d5a1b7295f1cb7ff88084211adde5fdf991f97cb522b56c561ad1119a4675fbf566b77660dfd457467652d23c739cc9ba93bbd5b464c46e46187ce71d7aab533e670c861b227454d7c21f9f16000eee0c1772a152c26acd2744c5553ace622369f15d5354a3b5ac4bb9261a766830d351fa931558dee7ff30768b2e29025c3b115179ed6a12ea76a23db3626bc033f85a43c3c3f50b75b89a418277837ba571189e708f4aaaacc19537e7aa156b7058c200e8f9be1da8a63c7e878f3e733060a1cb24a2a09ea76413efdc4e0b1027a09c6830b4ca5ccd4695e2e0bb1610a21b0cc66012aab283b6c5dfbd20aef8d7ad04e4c618a065a588d05e3f780126eee290cf0f94fb4a2c5a8cb97f60d9e50301a4f01f3787ab052ef8782d6ef0f92385ab59015670a054dab1ab0400be74fdc4ac3d18fb5b5da13e55a05e29ad14dd0abf0435dea601ce80573548f3c8f21ecfcbe5361d1505a91c355d8477fe7e3866be005acae25cbab7bd8684294963c3c95924f7d62ca0ed2d7aa01048cbdcd4d7ae9717d4feb97e1e825f6156e9c5fc456509798d2f5adc9356752a8974894ff5bf9d14aab3ddf18fd4f9af23c66f7e4ef7e345e769260fd9d2a22ddd078dd7e44f904ea78dd3db5b0f4a8d7ce9ae7909cedde165b7458da24d576fc0e18d3c27cccaff21146ad51c1681c629a8f0b8a4ae213c88910c54de9af7890b0a4414e0d38c31d76a130b587b764260655f17f901f96b835a1fecb1f7438f5e18ff60720d37d19b1a9ae3e03dc10aa1c4f2abb918883d56ddd4e74b48a4aeadccf2329956ed18b2001d1e1e80bdf325449beda911916f802234f5b182264754cd3bb26b2ae658cc0ee185a19cba7f9e54e47c32f8b87d0fed97c911d28f971e70be5fb830109a57b600f734a4cc734cbb67a58e6a696ccb39c328c537fe467fd194183aad728f95b0a4afb4557615408a83785c0d313e666d1dab18d49a4feaf12993e73f5537998a1ed25b93f9bca346376129dee3a5a78675d30bd19a78b77f45ea8b5b48cb4c78a1bc30df00badb811585966b8f8ef42d89236f5e99f849a44d62d1431eb187333dcde91582a29e777b9cd6e1bc86eff512ba48d6030681d395bfb8c5259b0c22028400a1d3929a6e3fa0fcda3deb9cf8e7e079c21d7c20b1670eb880789ae809608b", 0x549, 0x4004085, 0x0, 0x0)

5.755470664s ago: executing program 4 (id=2628):
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

5.506052052s ago: executing program 4 (id=2631):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x8000})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

5.084532287s ago: executing program 4 (id=2633):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='cmdline\x00')
preadv(r0, &(0x7f0000000800)=[{&(0x7f0000000300)=""/77, 0x4d}], 0x1, 0x4d1, 0x7)

5.010653619s ago: executing program 0 (id=2634):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)

4.811340426s ago: executing program 0 (id=2636):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x80000000, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
syz_clone(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_clone3(&(0x7f0000000300)={0x43807000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

4.811220056s ago: executing program 4 (id=2637):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

3.548211919s ago: executing program 0 (id=2641):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_SET_TSC(0x1a, 0x1)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0)

3.254781759s ago: executing program 4 (id=2644):
r0 = syz_io_uring_setup(0x386f, &(0x7f0000000300)={0x0, 0x2bf7, 0x40, 0x3, 0xd1}, &(0x7f0000000000), &(0x7f0000000440), &(0x7f0000000000))
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x305180)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f00000000c0)=[r1], 0x1)

3.007608857s ago: executing program 4 (id=2645):
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000a380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x80}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000004900)="fac4e7c21565f79b73d8d7dcc36944c7d36505ed55b2c535ba5bc78cc94f55e518d13a9f4dd794ecf1b09fe12f2893933931db285710f8c78793ddf30ff7dd86203ab0177f8aa062d6fe9529d65fab047ca34c6840b505eee9082e8ccf311bfb84ee46c0d0dd466b0000000000000000fc309ddd9fcdd816ded9830e41f8cce8d3bc31a817f29e3ecdd0329aadc8b022c55c70eff8905b9bf223ea44cbb290ffe098bb78fcc9e39f16f4f0e8d60e440abc192d530e146bdb59e9e522668bebec672a965ee7bdb300ab4314235dc0e62e94e398742cfeee3b92ce29e1a62fd8375d95ef502ebc1f04959d83a15ee9496198f0b3440b80cb9950324c9d4dfa69381c5c0920e307ab1528efe02739c2a49fc4cf09ff76c165d5005234b8f9378c74040d212eed9e7485cdd758bf4d34c2cf52b278eb3114b13b43214814ba2e2a357c028c737892d0e8ab1f1d009a00ad0dcdb9ffd0f4fa0b03d3b006fd66e8faa4fd44b64dcb92cbb5e9da64165ef01602538708e5dad3c0986a2b03d4d4276c9268af76d300b01ceef84e2a501e2c3d04e31875d1e81270409516d4272d73e9899c5a939c03be73352b61cf32ea1f6cc2d31847703843cd2e54de294b1c957ae618dddd7fdb018908dd7be379fb3db575b0859d9f2a190d8f7abc8400bbcfc866c8f8454102a5b0c215f140cb17677556241e33443aacb35073752aa65f450b2d03750ebbc07ed809f97b5a55a4f11b920cc9bf0a1db7fce63718f85c3326120c8b774ec22ff9c1b7e9114c0b931b6805fa672b53a6a617881fd73dc1b79fbeade0120e08c7abbba9bed82e9700bbf779328ce0a73f7e60459ecfc3f0daf26da8d1b57c1536ec967fdcab8cca66aab0ce0a02320c0090c78511b1672d65b3d62ed38e2655bc6ebfb2480a0c33fc68bba5c444d8cde3f977a382d6413947fcb25e3e9330f45b8874463e2a3fab87d877652de9c2d35208ad5d3e59ee9e63061af0b119d8174e7eaf71551b1f3551d0247717b5bb7d4db41767e2608a2472c7258932e22eb591c957da5fad5732c86cf18ec338e83ed25e41a2e500360c7ea86755efe0962f0d1d4cc945645e01b5a34fc74630c91cd02c5932f2df9ec1e090dd83bda328a7c8d1b8a8294c3c551c1954a7f024eb7ac01e35538612f2f23a6c52c59beab75910c5abad25a3789baa0001569e93561a8992450bdb0a757b916af413d63badc4aeeb9489357ff7fdb27e913278dbb5f2d69bc196d110638601f31fb4db2b301faa7516955d6971b562288328e14c7957696eaa03d3911ec661279e37a850b7515fb4e122c39fd6dc3af40980173e6324ee678b47f74428a593827d75aae3368e661dbe9738a2704d8f7a086e77b9ffb3eb0e16199c58eff45dbe628d268e88bb2d69a310b60db0a850afcb08a2a7b316c70209ecf034d484a6b1f68de857d4ebfd45936c04b532202bea6b3a6d3751cf73db4ca0a76faf7a972f8a68a523b0a51d593436aed65999fe96058e085b4352c0d5603365ae4cf724e5801da03665ee2071e04b45c6de0a59afc376e3ce2ef206c3161f235049d7e0b52e04ccac4f1699629b3f8736601a6dadfd00dd9545cb7cabd1cba12ddb2a23c58b1da9c69ee4ec9853aaa81e1cf7a169f91a1c077fd6c5c2fd366c9a2a285420d5633bf0544003251768db01281f8259a0d0c489f7f7cfc0fa7ff2878fb0cea89ddb3593539a1184e667f3840e8e5043508777dcef371e2ea3cf489fcfd60066a8dcfc9d0fbc21aac05f24a88ceb5c186326d1fe5b6cb4a40d25e6f847f7a4030d0a9cd29b0f9e3b49471730df5c5d1e172376ab2a27f3aaa3d1c5f354952745db1c54464e9f4d224ca1bcc7a4004bbba7a21d60a1fd5a35c1179738fbcb61241f38703610d51b18afc0e0bce11564167344568875374c6114c64b7cd25cb3c005b2577afe3c0f528d5c838152fe7b307d743596c91f43f3958e1f25f741aa4b30baa4063d0d9c3453fa18de83f744786c7b4294415e0222ecd9bd9a115663f32e9505d3618f9c716f23d9e536d429557774f7910aded24931f373507dba89766d760b714da6e264492ffee985422e60da15b7ea862935d21bb878560b0f8270f82cb3a8fc99ac35c30038b95532fe848f8a2876f5782acbad93f1426fee13fa4f0b778950bb2096c7d1c5bdd481ecae83254800f78a762983418c3fd673deda93c206ad399144b141db743640e3102fb453d553f939ad643ce9faabbb01bfad49cd30a61cce67fd46782447e14c7b2d2dc1df244cd7d72404a0f5b54187c75aa45b9b2a73727de0ce187b7e9cfd471efb73e9a84971185cf335cb33fce92e06992398e53be779782a436579bef6d7b0d93915e758fde3fd67b9a964d5a8ddc5950cb2a78262d0e36d329f9ba56b06266a126334c56852b290937423bc178a575a442046a8a4406e88b829d36bea6786774b0c513dc951b330eb5dd914a907b97e83db55cf73c2897dc3d6944dac797b8b1434327fc15caa6b309b62e1aa52d4e8ca7a7db6f99e423489951961f147b3cb14956e801f7b1a15b959546ea229898ab9b99c9a080f5d9176c59ace26b72e620b9ff6e558bfe7808a7b430c414ab90cb0f1e4101be46dc360928797171922d41bcc8c12d17375222c706b3f864f8937ca947b33eb13216b1cd1d4119fa6de7e1a07c652671d20b1930ccf14c443223a4fb93848969465feaffc703347a5d5a9b68339e3951d3b8fc17c6045201af7e84a7026bc741592bd47768a793abe5009eb9427dfcfc4e4a9b9ae71f8582b0cd9c28c6270d5bbdf0f1415c722384808cc8fdaea65eb97d5fda8dd2014163598411c51495fd9fea5ae48c9e0d158217335c0181db4d196af623b5de7ebb1a0a71090e896c11b33cccd4515d1370b00ca48df5b855b8942cf35a8da12d4eb68b52ad786e2146383c54a13a3de979d03039e42a440c6d0db2a1509ccd1aa5097af5b15b49b90928d82e7b944d0750ac6d9433526e65d3ae79201b4a20175aa12692e4ba41c4733673a47e8ea44ed2b34d3ae80ca8b05aa159662f75ba748ef793aa184c8405796185ffb25ca4cb324f4f77610a3b372f5fad04ef85ab771f2f5efa3d95ca0074b9363b3b4095dacc04d48b9c86ebdfd94981a33b2fdb712409462aca416079a5daf92fd24374b6f3f76277fc36bd6d38832ae14db4711b0503fe12b647516d1df64c11962219c17ecc60fd25704a94742d6655e57ac9f89ae1db77fe8679b7f84b403e101d70352f1d80bba74c4aefe14cec35f4168d2e9c2625a0e692504299cf8ca875e7b45fd3c71df003628c3ac6616b3b1a8edb7879e5781877a9873b3885958edec9d1a7d24cc22c49047335dec3cf9b2821c267ac8dfaea3bdb3dde0fc7d1c1c96ce04f3bd5ddd7ec3ba253cc34e7df4a03d58e716b5bf8d681c65931407a60c28922aceff1edb45417bae99167d99e97669d68efddd00a867f5b3ce5763be30e07ff2cf8b15c90a6f656f717bc1b590231f48e3fc4a85124d43a1a811b6043604870e56b81f127db36a686eb77d612609f44b0fb262b17739fbb36c67ed305e114b7b595626e897af9d59acee1af38295c366bc32e3af59427dc11d5cd594add4e226d947ff26a2140f476a43695ebc8f73cf5b7efeb2ce46d63484b9f3ded774088a0a31cb2eeae9538bf0c071f572657f905b33d4b3fb5280879cab0bc5fc7a89be10a9118c419f974c454a37bb934bd488cb1ecbdcb2ac26094f90b8093fc75454317b92278eff430f6622cbb2c4f6a8a2ef5c7388b504a6cf89bf889990977fd4f5ea1a530131a8e2356e3f1db0d9f93d7a65af79f1fadc0b40279965522d47dfe154d62036ce4e53eeb6e96473d3e2f59ce1f54414af8bada3d9b6089e7a670c7418d0f906ddd8494bbea718fb91acd0fdd0f2c19746f4c1ff87167987f056a86f03aad8c11aec6ea967383c29b9c8bc6d4f46c9c2f44fa5a43f52cda78cf36f270a7a9c77c7007a55b6770847aa8cf4676ea9abcbb91ca9a41ad56682f3dae20ed1a67d75391caabdb66808b91e86b9db4a13f7935fff256b54818a589402967c2242a70afffbc7ca73116a1c4d18bd6a4e277aa42a8551765b241d1e54174ba7993d1694d5a191b3036cab5eed5311403ba6de613b73beddc753359f7339417e4f07724c6ba1ce99a55c6b8ec72c0a4df4776146877309382d3af87c204ce86f54c2a7c1027adee9ab2e4f6bd205fb41d7d6b2fabf7308ced5c870f156aaa9dbd24f232ad85d6123426c5e5264b4418ebc7acf1cac380212f48dd87c2000f0f0c7e4a504523fb7cebbc50c26691ca8ab9748831851392864c02166f5e2f0c7d5d76b71908de9ba69a88b0bbaad0dcfb9e3ad8680275e35218a60227bfb6f773fea9570831db671ec8912abe6c6190499e0100232aba631b9ab148547041f1bfabec860d19ce987c019249f07bf3effcff35a6c5402a584f0a55a3a580aa8303aa9a67856f8cc27abdfde11fd2b8c5432a46fe2c3c08ae53ff42d1c545fb890d097d9b31437c53f6563fe416570b4cb3d5fb084d9ad4165e6eaa6a24a5b77dfd6c0962d233a2030427dcab08660143dc3853d3ae8907a21f812501b1e96fca4e4c73226827477ae9e5e87f88be74228afc7393d7ed98f090577db9d70158e3acc36e07f959d32de1e34b471e2732e38d0a9397c6d3a218d0abd71af71993cff9e47793dc72d00c5d5079ad76e935c58d349f03c6a976abd04b4663321b63fba9fb7b4a048186d53f72012779b02ecc61faeed40494538a2df95f14be70f80e2c1072f56ccf59ff5d75dea6652ef90138b22c943fd4863e90216cf9ba84e69cbf43661031720bbc22e94bf2fa1dbfe8313487b4cf6cb31e9d26995471ab64a120e0eef82d95620890aaa48afa7acf4ba274dba1b5a1e37c1062fd70fab8218ceddaa8d10154e567c7cb8e5f4bb07c6c6065164c0b374b17c555f9c1ec8d108ae7ada1913db7a447e8ea3713d6e2fd6384ac3286d9941523e01d3fefb32cd65922f2113a5de4c7334657106a2c97a6282b22d7d67f39fd6601916b0d5bdcbe382fa786a3cf74b24cdbb5a2843b56ddb14d5514139b1cffcd68d45f9f082186e2ea8f774c899cbbaac2e6207cbe86645fb346fd360d94a2b61e0cf9d33778cf3b3aac5fbf29288fc065ea5a218b404b82c79098b48a8051d03b6f8c4df4843b665eaf6935ad0e703cd928d228a48b51d23afa1bde22b7655dd4d8fb73b2b10533d6da9b9fe6aac3d9e73e5157c0e33bae4f31f10212d7f87d9341e3090b3c7c8ef79efae8bb744a5f8db2bcedeceea81e8c23716e113bbd24722d6f33dfe6438006fadc9bab9809c5c5b3371994a55263a52e9bcdcd3665f8472bbc0c59d27c0a7d023763ca55f80b7a20014636be698a2f1e0a5ed5320b1591e0c1350fe41593942495ba1a214cf18dee3c73635d208a60737b253cc716d1cdf0c7546dab111bfdc0701c4ae297e9a35153e84d7c5411df5e134f2a128d5c0240aff77e076a1113214ee68fe0c294996944180a7a5c4c35ce341682cb31607c3cf5514b1f1035673f3475376a8cbf20b50cf3272a49c8aafda33fef13aa90781f9c14741886fbdda634205fa98c94dfe5f06533d17d772ec5be90243a24f1db46530fc8b8e167cec2276dc16cd755e371f85827f44da53114333abd41b2ea70faac6762d38b5751e243b2e01ce7d00dce1069419fde74c49ebfabf86eb696fc6f07a8b4f95683449416c9633f3ef6a2eba6a687291e2e7f48a3fd15bdd2187e7790fbfe684b5764d7ef0bb3ba99c2e120300cf58c408608ba6090e15539024787a0290083d808380214a8ecd11effcc05149e476b1ea5b82047411050068806e331171513c57713f0987133e155d3b312aadc9f243f8533fb07ce208d46c42604669ff4b8a28be3bc71f38b45081d262ec130a818d05d8a8b52cf923727f59380441524be1d3448223a2cccaabe7d86a88c4a9ad8683a42cadc41b4f26faa91d9c927edf30cb8137e74d7c8b40a9adc2567de40144ba8f86776a1ee234d02c56fbfecdc636aac44aa59d0392d8e8c13531350f2c4b5b6417db0667a557acca8f931d31a56c3b55f603e9646cc409dd54db6d89be0a7a5b5459639915bacc24885e4a1e2f3a805cd7a315f71601d5ad646003770df1be040641ff3391c4770e5461c38eb2b0eb58e9134de52e78d36c3dfd1ef42d9561b78116e70b3658ba7ff9411a7085b80a8082977d57e9df4851e5f7da33f06f7c47447bab0b4c7d3b9c9a511ff6d8ed4a26287d9ed154302ff6ed1aecaa226d60ded733eebc924ce2df1f7ada22a10db46e768918178cffc926b61544f59f6b0be26900a5204e97b6b91b16c227796f903e5e1d3924a4f3286579507a30a1486d7d186a2fd5059b2e83cecae0c7ae26dc7c262e717263c1599e7da38f3e3ce06abaf77876979c0835c859e101ff6fa4ab2a96e65a497cdf27b1df052d07bbe1bd4284d8f817d586667dca367a668a1904430ee1ca62098d919f0a4eea1244a8e4a7792c86165fdd8b9be99262d2f40ecda00a9a5afc1bde0e630814e8aef82176dcd37463e34e63c115d9d33012e497c41c22e98978ee1e4d44becb9df7920d9f8490427d020d602cc741a03284d01e81804714d46f13ac08e2a6a8677286fd66c528b985dc51d7b150417ce8fe991e2db228bca99fa6eecfe654307fda8a227ce880e7da556ffd3ed3adca545953da9c369033f2e819a1d66636fd1e9794bbd0d7a75e68c44c632eef85b205cab173aa5a9023ecbcdbdd43e4afc7aeff000000000000795245a8437d41496d3a25144af27fa026fc1b4135e28c753127fa19c147bc14c68b15fe170fff5b916eb069a414c069da3dd2640ddde8e819ae37b670ff42dca8010cced7373d0ee0c2fb05de16dc8959d172c4f467a25038b97fbf9e60bd3c40c73871d4114d6d81acb7d57552495c336e5da9b71b7872e9ebdf082023674118c3f94af6f05ab5e19ecd8ec055dd6eece56f850e902745173f758e2387c1464866348bbb5d436937192371564fd9769eb4542444ef4e60701594fbd6afc80fc7e0f7616ec8286fa1059395a2ff7ffd3fc434b84f23ca88fe44c8cf21e1b13b3f3f66543e71b855f3f785dfe1f954462fbcf57b591c0a725d27381251828d7fdf7e09bdbd625e89e98f61fb76d56ad69106510ecefa93853f0da630f7b4f324c17494d1fa51f94e9daa978b572065f6396a7f3d649060798b32b61ee7bc7ff03fdfd800e8dba8c9b0c8d51433972db34e0cc2666d54dacc4c1da366bfd58f5321f6daa88d4e49a450a75e2ae935471886bda66022b4167a743d8e7518fa2b427408f5c3278152f3d97404e34c2e0531a322518bea013e44c82546422e2e221c43634442eec3712c172f3b9a4e29c43d59ed1715391dc27f7254ac5918f9985288b5ff44a52c93c5663312331a3341fdff4d24607f91c4fc0cce634a4f69f686ab52ec6e36e41a1fc87af4eba40ab2da228194a6cc9b98f271f74666c47a3e371e866dd8a41293dd6474b2dde3f6bc452b010490e17cc4e7df92e7436788e7e60dda166a38314f18e631656862ff7ecdbb85cdad2dea4365443da5617877df6bad1abc1be597a2961df6cf34f5f110a60694b406e4ae9e48077132ed583f76b54f3c37108b19c47acc4bc02072a64a0da39bbbbd6f2110a8e925a63389d963057f466d02a10f6a6ba2112b74e28e0aae33b0f028c2270f1f07c42b25c812c3dc34f811b862c3485b4396cceca3ec6f62e47bd519533c30f3d9cf05b0ec9886f8abb796ce31b290ab6b515dcc7d7f3ab11582fff535ffe2746333c1d288f7a22ee36ed232f1a7d6dc3c825d86d211af3eecdfdea7cb7a4e5139ebec4a3b7e81518e76a6d8951bfb090705f21d158d89061815e7dba1cc8134e2f80955dc63f3fc0a5fb953b4ab05c22ca761092418c32725732e54dcf086430f6b114761b745ae8ab00127ca375ca08d7c4ff7e306f7bfeab6d87a7e43218c267ef14509ffc7a1ad58a283007734de55aea229a24c63372ae40e32618468612464d61840d79d837722d8204ed09b9bda9f438df009c9a2e4584755dd4ad91a3378255e0b104258baf6175e7d9df45c3caa2aebfb5866e4d20fa09e06ab689903a1c1b622ea04f1208adbf7cd6ab7a53068441eab17dafb00a07bbd5083a6691f6f34a9fa82b1ded4660deaf67343ab9aaae5f70c0b5a287ba669f32a1431ede98ac58bb4f42ef2a23122cd6a3da7658174853a7400bbda3ea58ce0f5589a6d5eb45e0a17aedf12bb175a8d083492e768f52b23881e61f3492fc039e478a712918ff2b1721b9e6e7911e16539f6104fbd0457b5521391672f1e57cdc2632ace97d4e21372213d1546578f7c8c12218600d85bd53cc6a5f2a2b1e88400c55f13703df10ab28a327112404f4663b19c4e938acd3917bfa5580845d0060a9136dfd88000bc05d07476bda0742ced80e1f61103ac1a501cb648ec6ffcfb0c1ce6fcce6e97832a720eb621091f2bb8ca2535e4c4c2335d6cf8a88cdc484b19dd12a0cad69bcef70f1c5a416ea21ccdbaef497a4ae417370531e48fc48fd01106934b6fc6cfae0acfe78f208d5ecbb773707484b57768781f57126d774a75099b308035862572d3fbf86692d474bd92850405bfbb80dc8a525ff594bb0d908ceaa9f51b2ac7b41a2b4c45621b62b1e1ba55e394ee15c4c222598b4e58b8addf87474a3aa94e9233d36520ded5f6ede8be6c32d38af2f8a0fb27562b2e3330490d46047e0a2d383830c2b0525c049d3005888bbbd247162275b157e440942b37eaf4abb9a4d22ef15d6d3009096d9b3d6732c35c2878e4c2fc905f2d961bf3700f0c08740249b57a18be63a18ff2fd7340fa3baa719839cf8eaa389a2f3b81af202c4a9abbdd030bfaef70cb65fc961bb579ed400e648cd8c1b100b289c38067a6d422c1a0a9f027795eecdaa7230d6e0662d0f59ab1cb0671b3b99ec12b65771f0c7416456b99537d10779d496f17e0c04160e879a5d089adf6f8060d92c44039ef2475f4647b5f3b30335ba2a50403d09644a00122d3bf7553c8eccb0e8dc612a83e6e5a7acab9f014fbbc712623ea86edc9bec0e4c392efaea3c56bb5ec45832ccbe6329509a6800ee36e85bb3b65dcf5aff9aa2db6569a230cdf1296e815d717191bad83ba31c1e42b69c6a5cd214739b1af105a244283c59c4f60d730fe6835ca983f3bea050012d6b6bc13a70591950de0d0d8857c200b61158a13f2c2d2536a799b7b4ac302ffbc78e9769e324c6ebfd567f5f4c2b053f7b59b6b07285194526d40ca6a5c4c376fa127b6b100489ce5266ebafa0cdec24b5bd7a22f295402303f8d1ddc3d1427d4c3beece3309d55f138d878c8054b259c53e59489f5f3610b3784489cdfa6083867a92a5f7e30826a6f590b9c809020c0f8eb73b70a971c050a70af2ca3a70573554b97c60037872df3e5c3f2e91103827306e72fbf1b072250e432b7bf8a5540783a2848724989eb86670e1f5b0675a39f7b1548260fd211d9c05e48e1a3df852842c477a36bbbac07317246dc8b4c3383227485556992735bfea38ef7a8a3a372464dc0ee6b9a09548a37dce62d563d04eaec5cb54c9614170e0811b53fd05dbd192744f74b5e0e3cc1b29dc0755ae4fc0c14ae8927f72864a796e65130e05d012336a96e5b15f17ae6258c67ecab6505bc1a26c00d5010e86f243412ca4264da4ed41670238faca1d7c7ed6ae74cc104ff3f9c045ce7efad15db83c3f5bbf001507caf3e6ee0a11a9c10205d91a7bbc12b2a91065352440a18493315df7dfa671bf8e1bd6d67119fbc3bb69d5661a43481b00ee60dab9d725f7f166ff989a0cbe21ec7f0007bf09cf5b5bc65b5835c4d0bfe6981616dffe0eae36d5b8c39d14645801919bc537212fb941ebe346bcb5037cf8b894ca92a0682fb2b37f08609a4a9465f0c423250343fc2367da64b690e273293431a36813cea94de5cf411c5c3c0265239aafb8fbe45c55fabd94baf7053023d1b0f647abcc07be35fa5a0c3aba2da35f6c2d8a739beccd96916cd30bdd8533411a425ae30b5d02b8d79c3622118641fb8551a31e1c1f4a0551d2b57eeee4097e9c48e09481c228bef6aa3c4aa7b9e72e8731cbc57a20a9e3417ec718c6d57a401d3c04ee2e4066d6d950149e277dc2bdaa23879b2c5135611d82ad8d20a4b2235c09da69fbd9878cbc52b25622165e0ab3bffe476eb2884629596dc865f6b13ba510cb375e59195636deeeb06786a7c9904ccdc58eb8664fe7b4d32bcb9fc8ab135c25ee2c22837c6c3a8c116e8fdcfc310799d0fc974e43d3a73fa0f8bd9057a1465823567f681c1d2e6c4a33770a4dccd06bce94b0af0e4d198b040d8094d610bbbd4501d8da6028b5e73f135cba6a8d7bb6cab2f06576eacd823e520282f9f883634a6dd4cc4810cba3f760b9842a0acae7a396892b658e3b6c84d0e75196b4e6a3240e9d2aadf257ae970153238e347d3cbcbfabae300494ea0d1bf292799e09b8064ed885cce1574ee94c216c50017c43b3407716e5919fa0706ea739c382bb321e8d6fa2520543d0427a620bb45c56d3f7e66aa025f17863024a2bd693d932bacfa516fec791e86982d020faa819bf2264f8606ef260a29af16300971d0ec49d6f5a21f9c437b75b44eb59bbaf71947621a1e78c68e2767dd42c7f6e3dd6faeebfc8fdfe4dec6db3fdd2d53c906f6040278ea235b37442f34cfa1a1f1064acce6a7cdb9657c1ea2def6c1f2220ab57ececfe53b4bdb6e57afaac1c055f25202c1efa65b3e48f5b57dcd2b7f3572d1d96a736813ca6acc75c967a89edc5dd62eea64cd46eeab6aa879887360aec466dd287705497e832bd4eb3d73524e4847c18f8b46de1a88a00dfa43acf51fe97288d53e30c6f2739b4532c6e8f7286a25c5f5f10532fee71d7c1c1f6a1c56f2535d94e2dd774f424cab2bf3673e097fd3cfb55ba1f29a6d03dc31abc214a6dc5950824f05f0a3036690120684a7117d42e9d40b56f3738428540c27f25ce4130966fc9b08f831756d5448be9ad7d07b95bfe61fb396438bba4ccaffa7a8a21edc5324d72514427a75a3619e48400e1b13a97ae7097f87c9253035ac3a1e3bf6d22725d22e31b7e0c9515f98f34ba357cc136190f81c010f83306d97a89184656bef128a648b9878bbefc508a631f949d8540ed16aead49d51911901d74d7aa9649317356ebd2ac0441be95291c1c2ba803b2e4604ac4b09e29fc6200819fb2603b46dbe929e4cc661c4f31a6cdc94a81fa62eb28bf447fe2ddbbb3d5f2b97d4189ffe5d83bc8be19ee5c92b958488a55c859d7eb5885674bd351c4125a02151529e9ab01685f2e4bba3aef0d5e9ad8678dab470d761beb8785424d51c4aa728417d1edc7cc44d8c7f2f5a09c68f940fc72a4ed2952e1985b2727befdf551d95e8d43e4dcab6f65b12ea706cbc10e5354a894e7646118e6000", 0x2000, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(r2, 0x0, 0x2)

2.431133657s ago: executing program 3 (id=2647):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="1000000000000000240012800b00010062726964676500001400028008000200060000000800030017"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

2.270799612s ago: executing program 3 (id=2648):
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r0, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x0)

2.265167663s ago: executing program 1 (id=2649):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x123900, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f0000000300), 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x80203, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x9, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x5, 0x7d, 0x0, 0x0, 0x2, 0x5, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.075173969s ago: executing program 3 (id=2650):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000680)={r4, 0x10000201, 0x7, 0x81, 0x3, [<r5=>0x0, 0x0, 0x0, <r6=>0x0], [0x3fd86826, 0xfffffffd], [0x0, 0x7, 0x9], [0x0, 0x0, 0xfffffffffefffffc, 0x9]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r5, 0x0, 0x0, r6], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000500)={&(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})

1.903532115s ago: executing program 3 (id=2651):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0x40, 0x7fff0000}]})
syncfs(r0)

1.894356725s ago: executing program 1 (id=2652):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
shmat(0x0, &(0x7f0000f62000/0x1000)=nil, 0x7000)

1.695183772s ago: executing program 3 (id=2653):
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[0x800000000009, 0x7, 0x1, 0x839, 0xce, 0x5, 0xfffffffffffff235, 0x1, 0x4000000000008, 0x8, 0xed05, 0x1000000000005, 0x3c8, 0x5, 0x5, 0x8], 0x80f2000, 0x222})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"5fbcdbfb555ab7b6da2c492fe4db90aeaf8e5347c79716e75fe060d73e9de531ef8085f88b3a09f05bf084c593b4dab8756600000000077eebf9940a0b60f02d333a2c2aa407522edaabb8cfccecb9d7e0cfd915c17f32bc1ac7e430af977b671ede8605c7c72a5d1397639fd21bf848190fbdbfaeb7e166205def53caa18404ba077c2b5713acbc3d125aea78dfd962dd250511376c3a3b5732114cc92d27be04c7c146cedcc9081a8435f9c67a0c5174df503a84dc11d1d98a2473fbd39de5d9c56ffa28098914b4d47ea99e8134deb75f944afd0df95136c08e057e4d839936c0755318e58ae63dd46f7009df574d263f87508d7e496efb29de0496d4018e8d6c6f7d016752a1d10bb1df8b406bb488dbb43ffd11eb1eb9b36d57cee3b9e4e2e72e97a8059bb8e8120bf04b1d0b929692cc3e5508293bb205beba29259f18213a602dde8a8a19dd2a16b26476ca4f24e86b84ee76d86aacc862c59e154e6bec6ec6e86eb3d9dd50c4ecf6de82c2419674da3b885ac6abaea4765d256727d8560fb55d0bee0c11b1e8a05d4b932254673e8f67abfca2f184a23839164b15e021bff742605fbeb628ab93803e90954074762487b0afc90eec0e31e75dda865693dd655a190f16dbdf7ce7693d27aaf31758d97e25ab40fc44dbc911639d99b592dd0c660b820a46b8374f7e8030031c39768fb9361164f5dad133cf0d5d66c617d3d62b1f0b80e9f88ffc872df05fb5822601dfe4b39179ace0a4f6808b39bad72a80a9a9bd579d0f9a104191ef6e708083218053d3daf8211dff0a87568b7c734ab79b26cf2a65d66b00f2c2f0d3ffd5fc35b58795406446275afb8df4247add7730331b045d384b0c9fa06284463eec7167512277a435ced48980aab83b37a85b7a33ce8fd8b2a543af82bd15955b12833a59645e1de6bd6ab86c4a046a0323415351e6ddb9bcb869d2e7d092b234bfa8c5be098abcd24d8b4a659b36d8af4f3136d23f9115ea6bdc62fb89e2de415e0f08bd6ec5cc53ee3a666049168a88191c6911ea5fe7972f5627923e8b5b9e7c5323da43d48b25caee3016f88c8178fb8ab1149547e33d7fff442fa3ab42408c87cdfe35a82034bd77399a0861ce16141670ffecde05c7393ae522430425707a4c7d988f34a494727e0b1920e93c95af07d3affe9d41bb82d59ff2149705bb782c9d85e53320268fb57096c6c47e616c457a371dda361170f706e53bf9a9ac5692b72d44072217ecb8646e841b6929251a080f56be308c47dac5d59db54bd1ca7499cf3bf7cb8bb763fed9a75d2eb69573b118e3ee78fb11d41c1ce314538fec8fc542c7bf4865841a2e71fc1efd9fa385903372e3670d96398128e75d786f242a6dbf2c053dc48ee2398763b1ba3550136c14ac7ad77d3c8e97b2f36b6af200"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.653159193s ago: executing program 0 (id=2654):
socket$unix(0x1, 0x5, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.47431281s ago: executing program 3 (id=2655):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000040)=@gcm_256={{0x304}, "57649599a740d789", "2050f27d0c51e0ff853764cd218531a107aae1f257099348ec606b0e02875919", "db96aa38", "d77d06158b441fc8"}, 0x38)
write$binfmt_elf64(r1, &(0x7f0000000740)=ANY=[], 0x4a2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)

827.182662ms ago: executing program 1 (id=2656):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="1000000000000000240012800b00010062726964676500001400028008000200060000000800030017"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

645.344398ms ago: executing program 1 (id=2657):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x674, 0x4080800)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

460.438304ms ago: executing program 0 (id=2658):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

207.090633ms ago: executing program 0 (id=2659):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x34080}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x804)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r5)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010003f6fdd140402090b975f6010203010902"], &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0})
sendto$packet(r4, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x40000, &(0x7f0000000180)={0x11, 0x18, r6, 0x1, 0x0, 0x6, @link_local}, 0x14)

76.394507ms ago: executing program 1 (id=2660):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
io_getevents(0x0, 0x360, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=2661):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x2, 0x25dfdbfe, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_LINK={0x8, 0x1, r2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

kernel console output (not intermixed with test programs):

Ignoring recovery information on journal
[  247.551691][ T7790] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  248.643014][ T5768] ocfs2: Unmounting device (7,1) on (node local)
[  248.816688][ T5758] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  249.010819][ T5758] usb 4-1: Using ep0 maxpacket: 16
[  249.024600][ T5758] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  249.040834][ T5758] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.060558][ T5758] usb 4-1: Product: syz
[  249.064774][ T5758] usb 4-1: Manufacturer: syz
[  249.089823][ T5758] usb 4-1: SerialNumber: syz
[  249.099336][ T7812] loop1: detected capacity change from 0 to 4096
[  249.105848][ T5758] r8152-cfgselector 4-1: config 0 descriptor??
[  249.117124][ T7812] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  249.552413][ T5758] r8152-cfgselector 4-1: Unknown version 0x0000
[  249.567445][ T5758] r8152-cfgselector 4-1: USB disconnect, device number 11
[  251.048256][ T7841] netlink: 28 bytes leftover after parsing attributes in process `syz.1.569'.
[  251.423703][ T7837] loop3: detected capacity change from 0 to 32768
[  251.482668][ T7837] JBD2: Ignoring recovery information on journal
[  251.566311][ T7837] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  251.806152][ T5773] ocfs2: Unmounting device (7,3) on (node local)
[  251.919386][ T7863] netlink: 28 bytes leftover after parsing attributes in process `syz.1.578'.
[  253.411274][ T7891] netlink: 28 bytes leftover after parsing attributes in process `syz.0.588'.
[  254.226604][ T7903] fuse: Bad value for 'fd'
[  254.780993][ T7911] fuse: Bad value for 'fd'
[  255.070762][ T7917] netlink: 28 bytes leftover after parsing attributes in process `syz.2.599'.
[  255.774229][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  255.781954][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  255.794525][ T7927] fuse: Bad value for 'fd'
[  255.851975][ T7929] fuse: Bad value for 'fd'
[  256.167770][ T7941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.609'.
[  256.185925][ T7941] bridge0: port 3(erspan0) entered disabled state
[  256.192866][ T7941] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.201014][ T7941] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.644925][ T7955] fuse: Bad value for 'fd'
[  257.710196][ T7973] bridge0: port 3(erspan0) entered blocking state
[  257.726482][ T7973] bridge0: port 3(erspan0) entered disabled state
[  257.762651][ T7973] erspan0: entered allmulticast mode
[  257.831555][ T7973] erspan0: entered promiscuous mode
[  257.837430][ T7973] bridge0: port 3(erspan0) entered blocking state
[  257.844039][ T7973] bridge0: port 3(erspan0) entered forwarding state
[  261.760030][ T8008] fuse: Bad value for 'fd'
[  261.977874][ T8013] netlink: 12 bytes leftover after parsing attributes in process `syz.1.636'.
[  263.456619][ T8031] fuse: Bad value for 'fd'
[  263.673438][ T8036] netlink: 12 bytes leftover after parsing attributes in process `syz.3.645'.
[  263.759854][ T8036] bridge0: port 3(erspan0) entered disabled state
[  263.766597][ T8036] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.774271][ T8036] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.033648][ T8062] fuse: Bad value for 'fd'
[  268.322836][ T8093] fuse: Bad value for 'fd'
[  276.907603][ T8220] warning: `syz.2.709' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  277.358057][ T8232] netlink: 68 bytes leftover after parsing attributes in process `syz.0.712'.
[  282.811360][ T8303] bridge0: port 3(erspan0) entered disabled state
[  282.818082][ T8303] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.825699][ T8303] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.642748][ T8357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.758'.
[  291.090934][ T8380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.769'.
[  291.105818][ T8381] netlink: set zone limit has 8 unknown bytes
[  293.819593][ T8401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'.
[  294.315399][ T8403] netlink: 'syz.1.779': attribute type 1 has an invalid length.
[  317.412320][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  317.418903][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  317.782199][ T8661] fuse: Bad value for 'fd'
[  318.201686][ T8669] overlayfs: failed to clone upperpath
[  322.181371][ T8721] netlink: 'syz.2.895': attribute type 39 has an invalid length.
[  324.963901][ T8763] netlink: 24 bytes leftover after parsing attributes in process `syz.1.909'.
[  325.577919][ T8771] tipc: Can't bind to reserved service type 2
[  328.713559][ T8801] netlink: 830 bytes leftover after parsing attributes in process `syz.1.925'.
[  328.993914][ T8807] netlink: 'syz.2.928': attribute type 15 has an invalid length.
[  329.882535][ T8812] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  342.231775][ T8974] 9pnet_fd: Insufficient options for proto=fd
[  348.504234][ T9077] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  350.927438][ T9101] ip6gretap0: entered promiscuous mode
[  350.934136][ T9100] ip6gretap0: left promiscuous mode
[  354.286351][ T9167] sctp: [Deprecated]: syz.0.1070 (pid 9167) Use of int in max_burst socket option.
[  354.286351][ T9167] Use struct sctp_assoc_value instead
[  356.544118][ T5779] Bluetooth: hci3: unexpected event for opcode 0x0401
[  360.396545][ T9265] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1112'.
[  360.571338][ T5779] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  360.580612][ T5779] Bluetooth: hci3: Injecting HCI hardware error event
[  360.589957][ T5779] Bluetooth: hci3: hardware error 0x00
[  362.660737][ T5779] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  366.749415][   T28] audit: type=1326 audit(1774804922.463:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.2.1148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f139479c819 code=0x0
[  368.137960][ T9379] netlink: 'syz.3.1154': attribute type 3 has an invalid length.
[  369.736457][ T5779] Bluetooth: hci0: unexpected event for opcode 0x040d
[  373.524815][ T9446] 9pnet_fd: Insufficient options for proto=fd
[  375.831091][ T9480] No such timeout policy "syz0"
[  375.841274][ T9480] syz.1.1186[9480] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.841513][ T9480] syz.1.1186[9480] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.187154][ T9492] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  378.029129][ T9504] pim6reg: entered allmulticast mode
[  378.654282][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  378.661743][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  379.007297][ T9528] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  380.452670][ T9547] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  380.823129][ T9558] PKCS8: Unsupported PKCS#8 version
[  381.228676][ T9565] team0 (unregistering): Port device team_slave_0 removed
[  381.275473][ T9565] team0 (unregistering): Port device team_slave_1 removed
[  381.478369][ T9576] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  383.701517][ T9614] (null): rxe_set_mtu: Set mtu to 256
[  383.715147][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  383.736215][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  383.771878][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  384.293585][ T9614] infiniband syz2: set active
[  384.298672][ T9614] infiniband syz2: added vxcan1
[  384.307452][ T9614] syz2: rxe_create_cq: returned err = -12
[  384.313852][ T9614] infiniband syz2: Couldn't create ib_mad CQ
[  384.320069][ T9614] infiniband syz2: Couldn't open port 1
[  384.359883][ T9614] RDS/IB: syz2: added
[  384.364776][ T9614] smc: adding ib device syz2 with port count 1
[  384.371303][ T9614] smc:    ib device syz2 port 1 has pnetid 
[  384.382895][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  384.578676][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  384.766570][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  384.957887][ T9614] vxcan1 speed is unknown, defaulting to 1000
[  385.290896][    T8] vxcan1 speed is unknown, defaulting to 1000
[  385.298272][    T8] vxcan1 speed is unknown, defaulting to 1000
[  385.514453][   T28] audit: type=1326 audit(1774804939.473:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.617677][   T28] audit: type=1326 audit(1774804939.473:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.642595][   T28] audit: type=1326 audit(1774804939.473:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.709632][   T28] audit: type=1326 audit(1774804939.473:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.740828][   T28] audit: type=1326 audit(1774804939.473:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.772262][   T28] audit: type=1326 audit(1774804939.473:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.806300][   T28] audit: type=1326 audit(1774804939.473:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.836783][ T9629] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  385.845398][   T28] audit: type=1326 audit(1774804939.473:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.871549][   T28] audit: type=1326 audit(1774804939.473:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  385.898877][   T28] audit: type=1326 audit(1774804939.473:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  390.709813][ T9679] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  391.196120][ T9684] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  391.216793][ T9684] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  391.225420][ T9684] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  391.233908][ T9684] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  392.644485][ T9693] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  397.808435][ T9725] bond1: entered promiscuous mode
[  397.831538][ T9725] bond1: entered allmulticast mode
[  397.851577][ T9725] 8021q: adding VLAN 0 to HW filter on device bond1
[  397.954749][ T9730] erspan1: entered allmulticast mode
[  398.030125][ T9730] erspan1: entered promiscuous mode
[  398.072859][ T9730] bond1: (slave erspan1): Enslaving as an active interface with an up link
[  398.100132][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'.
[  398.330795][ T9725] bond1 (unregistering): (slave erspan1): Releasing backup interface
[  398.343151][ T9725] erspan1: left promiscuous mode
[  398.358562][ T9725] bond1 (unregistering): Released all slaves
[  402.702776][ T9785] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  402.714387][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  405.899291][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1302'.
[  408.280576][ T9823] sctp: [Deprecated]: syz.3.1304 (pid 9823) Use of struct sctp_assoc_value in delayed_ack socket option.
[  408.280576][ T9823] Use struct sctp_sack_info instead
[  410.841981][ T9836] 9pnet_fd: Insufficient options for proto=fd
[  414.797883][ T9889] fuse: Bad value for 'fd'
[  415.839854][ T9900] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  415.866148][ T9900] CIFS mount error: No usable UNC path provided in device string!
[  415.866148][ T9900] 
[  415.876487][ T9900] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  418.057100][ T9922] batadv_slave_1: entered promiscuous mode
[  418.064622][ T9922] batadv_slave_1: left promiscuous mode
[  422.285529][ T9962] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1351'.
[  422.400650][ T9967] netlink: 'syz.2.1350': attribute type 12 has an invalid length.
[  423.397244][ T9973] netlink: 'syz.0.1354': attribute type 1 has an invalid length.
[  424.235782][ T9971] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  424.280536][ T9971] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  424.300973][ T9971] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  424.309809][ T9971] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  424.347975][ T9971] bond1: (slave geneve2): making interface the new active one
[  424.509375][ T9971] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  424.610740][ T9971] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1354'.
[  425.059238][ T9971] 8021q: adding VLAN 0 to HW filter on device bond1
[  427.767322][   T23] IPVS: starting estimator thread 0...
[  427.812323][T10007] vxcan1 speed is unknown, defaulting to 1000
[  427.911210][T10012] IPVS: using max 20 ests per chain, 48000 per kthread
[  431.073946][T10037] SET target dimension over the limit!
[  436.116952][T10066] overlayfs: failed to clone upperpath
[  438.909484][T10095] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1392'.
[  440.171454][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  440.177811][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  443.914461][T10171] dccp_invalid_packet: P.Data Offset(0) too small
[  444.361628][T10189] netlink: 'syz.0.1429': attribute type 7 has an invalid length.
[  444.380140][T10189] netlink: 'syz.0.1429': attribute type 8 has an invalid length.
[  444.399817][T10189] netlink: 'syz.0.1429': attribute type 9 has an invalid length.
[  448.751772][T10254] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1452'.
[  449.203489][T10270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1459'.
[  451.349222][T10292] ±ÿ: renamed from lo (while UP)
[  451.887116][T10311] netlink: 'syz.2.1475': attribute type 1 has an invalid length.
[  451.991207][T10311] 8021q: adding VLAN 0 to HW filter on device bond1
[  452.065986][T10314] bond1: (slave gretap1): making interface the new active one
[  452.126805][T10314] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  452.917013][T10329] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  454.377237][T10356] vxcan1 speed is unknown, defaulting to 1000
[  455.232357][T10368] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  455.857661][T10379] vcan0: tx address claim with dlc 0
[  456.058287][   T28] kauditd_printk_skb: 10 callbacks suppressed
[  456.058300][   T28] audit: type=1326 audit(1774805011.773:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  456.119117][   T28] audit: type=1326 audit(1774805011.773:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  456.306429][   T28] audit: type=1326 audit(1774805011.773:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  456.358726][   T28] audit: type=1326 audit(1774805011.773:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  456.640902][   T28] audit: type=1326 audit(1774805011.813:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.450844][   T28] audit: type=1326 audit(1774805013.143:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.510324][   T28] audit: type=1326 audit(1774805013.143:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.558541][   T28] audit: type=1326 audit(1774805013.213:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.582930][   T28] audit: type=1326 audit(1774805013.213:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.606117][   T28] audit: type=1326 audit(1774805013.213:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10380 comm="syz.1.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  457.633425][T10402] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  457.641306][T10402] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.652590][T10402] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  457.678515][T10402] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.827930][T10403] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1506'.
[  458.524062][T10415] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  461.864024][T10451] syz.2.1523 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  462.130317][T10459] netlink: 'syz.3.1526': attribute type 1 has an invalid length.
[  462.241688][T10459] 8021q: adding VLAN 0 to HW filter on device bond1
[  462.292803][T10461] bond1: (slave geneve2): making interface the new active one
[  462.307206][T10461] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  462.371871][T10461] syz.3.1526 (10461) used greatest stack depth: 16840 bytes left
[  464.088402][   T28] kauditd_printk_skb: 41 callbacks suppressed
[  464.088416][   T28] audit: type=1326 audit(1774805019.803:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  464.156230][   T28] audit: type=1326 audit(1774805019.803:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a0d9c819 code=0x7ffc0000
[  464.195868][   T28] audit: type=1326 audit(1774805019.803:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.227013][   T28] audit: type=1326 audit(1774805019.803:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.254890][   T28] audit: type=1326 audit(1774805019.803:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.281388][   T28] audit: type=1326 audit(1774805019.803:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.310081][   T28] audit: type=1326 audit(1774805019.803:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.343967][   T28] audit: type=1326 audit(1774805019.803:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.408396][   T28] audit: type=1326 audit(1774805019.803:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  464.440816][   T28] audit: type=1326 audit(1774805019.803:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.1.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a0d9c4ab code=0x7ffc0000
[  465.844608][T10503] vlan2: entered promiscuous mode
[  465.851648][T10503] bridge0: entered promiscuous mode
[  467.834126][T10535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1549'.
[  467.868654][T10535] erspan0: left allmulticast mode
[  467.874845][T10535] erspan0: left promiscuous mode
[  467.882692][T10535] bridge0: port 3(erspan0) entered disabled state
[  467.895824][T10535] bridge_slave_1: left allmulticast mode
[  467.906132][T10535] bridge_slave_1: left promiscuous mode
[  467.915432][T10535] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.929200][T10535] bridge_slave_0: left allmulticast mode
[  467.945354][T10535] bridge_slave_0: left promiscuous mode
[  467.955382][T10535] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.926325][T10624] vxcan1 speed is unknown, defaulting to 1000
[  474.027866][T10642] bridge0: port 4(syz_tun) entered blocking state
[  474.055173][T10642] bridge0: port 4(syz_tun) entered disabled state
[  474.128610][T10642] syz_tun: entered allmulticast mode
[  474.189994][T10642] syz_tun: entered promiscuous mode
[  475.713264][T10662] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  477.667747][T10676] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1592'.
[  478.067054][T10687] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  481.553810][T10729] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  481.803877][T10739] team0: entered promiscuous mode
[  481.815029][T10739] team_slave_0: entered promiscuous mode
[  481.831238][T10739] team_slave_1: entered promiscuous mode
[  481.860615][T10739] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  481.889828][T10739] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  483.935318][T10760] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  484.792002][T10772] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1626'.
[  485.992761][T10792] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  488.111484][T10829] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  488.767293][T10833] netlink: 'syz.2.1649': attribute type 1 has an invalid length.
[  488.775473][T10833] netlink: 'syz.2.1649': attribute type 4 has an invalid length.
[  490.491879][T10863] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  490.580452][T10865] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1661'.
[  490.590136][T10865] netem: unknown loss type 13
[  490.598063][T10865] netem: change failed
[  490.999072][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1663'.
[  491.008226][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1663'.
[  492.891221][T10888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1669'.
[  493.396730][T10898] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1671'.
[  493.950423][T10906] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  495.791536][   T28] kauditd_printk_skb: 26 callbacks suppressed
[  495.791550][   T28] audit: type=1326 audit(1774805051.513:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  495.834354][   T28] audit: type=1326 audit(1774805051.513:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  495.869421][   T28] audit: type=1326 audit(1774805051.543:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  495.910006][   T28] audit: type=1326 audit(1774805051.543:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  495.943838][   T28] audit: type=1326 audit(1774805051.543:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  495.966651][   T28] audit: type=1326 audit(1774805051.543:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  495.995573][   T28] audit: type=1326 audit(1774805051.543:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  496.023484][   T28] audit: type=1326 audit(1774805051.543:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  496.056516][   T28] audit: type=1326 audit(1774805051.543:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efef4d3db99 code=0x7ffc0000
[  496.098924][   T28] audit: type=1326 audit(1774805051.543:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10917 comm="syz.0.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  496.548099][T10941] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  498.216207][T10969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1696'.
[  498.875374][T10975] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  500.135909][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1704'.
[  501.541236][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  501.550927][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  501.745504][   T28] kauditd_printk_skb: 39 callbacks suppressed
[  501.745519][   T28] audit: type=1326 audit(1774805057.463:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  501.801566][   T28] audit: type=1326 audit(1774805057.463:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  501.854684][   T28] audit: type=1326 audit(1774805057.463:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.000767][   T28] audit: type=1326 audit(1774805057.463:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.060819][   T28] audit: type=1326 audit(1774805057.463:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.086267][   T28] audit: type=1326 audit(1774805057.463:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.116374][   T28] audit: type=1326 audit(1774805057.463:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.337915][   T28] audit: type=1326 audit(1774805057.463:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.392241][   T28] audit: type=1326 audit(1774805057.463:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.481038][   T28] audit: type=1326 audit(1774805057.463:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11016 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efef4d9c4ab code=0x7ffc0000
[  502.700058][ T5810] IPVS: starting estimator thread 0...
[  502.802865][T11028] IPVS: using max 27 ests per chain, 64800 per kthread
[  504.742321][T11060] tipc: Failed to remove unknown binding: 66,1,1/0:2618859865/2618859867
[  504.893699][   T35] wlan0: Trigger new scan to find an IBSS to join
[  507.597405][T11088] futex_wake_op: syz.1.1736 tries to shift op by 35; fix this program
[  509.147112][T11136] erspan0: left allmulticast mode
[  509.152521][T11136] erspan0: left promiscuous mode
[  509.157808][T11136] bridge0: port 3(erspan0) entered disabled state
[  509.172481][T11136] syz_tun: left allmulticast mode
[  509.177678][T11136] syz_tun: left promiscuous mode
[  509.184403][T11136] bridge0: port 4(syz_tun) entered disabled state
[  509.235083][T11136] infiniband syz2: set active
[  509.244350][T11136] bridge_slave_0: left allmulticast mode
[  509.340877][T11136] bridge_slave_0: left promiscuous mode
[  509.351187][T11136] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.365944][T11136] bridge_slave_1: left allmulticast mode
[  509.376564][T11136] bridge_slave_1: left promiscuous mode
[  509.388697][T11136] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.403471][T11136] bond0: (slave bond_slave_0): Releasing backup interface
[  509.430020][T11136] bond0: (slave bond_slave_1): Releasing backup interface
[  509.488979][T11136] team0: Port device team_slave_0 removed
[  509.509631][T11136] team0: Port device team_slave_1 removed
[  509.543130][T11136] bond1: (slave geneve2): Releasing active interface
[  509.560191][   T23] vxcan1 speed is unknown, defaulting to 1000
[  509.765743][T11149] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  509.775582][T11149] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  509.784808][T11149] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  509.794756][T11149] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  509.930893][   T70] wlan0: Trigger new scan to find an IBSS to join
[  510.369562][T11174] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  510.378740][T11174] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  510.387697][T11174] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  510.396464][T11174] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  510.945154][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  511.054078][T11187] fuse: Unknown parameter '0x0000000000000003'
[  512.679693][T11200] vxcan1 speed is unknown, defaulting to 1000
[  512.931620][T11217] process 'syz.1.1776' launched './file0' with NULL argv: empty string added
[  513.693933][T11207] process '/newroot/449/file0' started with executable stack
[  515.466549][T11241] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  515.475893][T11241] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  515.485280][T11241] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  515.494407][T11241] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  517.243273][T11290] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  517.252148][T11290] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  517.260968][T11290] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  517.270610][T11290] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  517.532289][T11306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1816'.
[  517.549407][T11306] netlink: 'syz.1.1816': attribute type 1 has an invalid length.
[  517.653378][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  517.653391][   T28] audit: type=1326 audit(1774805073.373:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11309 comm="syz.1.1818" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f80a0d9c819 code=0x0
[  518.050424][T11326] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[  523.802913][T11436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  523.836304][T11436] batman_adv: batadv0: Removing interface: batadv_slave_1
[  523.967381][T11437] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1860'.
[  526.315600][T11463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1871'.
[  527.148569][   T28] audit: type=1326 audit(1774805082.863:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.171287][   T28] audit: type=1326 audit(1774805082.863:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.194375][   T28] audit: type=1326 audit(1774805082.863:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.252187][   T28] audit: type=1326 audit(1774805082.863:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.284586][   T28] audit: type=1326 audit(1774805082.863:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.315932][   T28] audit: type=1326 audit(1774805082.863:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.341933][   T28] audit: type=1326 audit(1774805082.863:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.369646][   T28] audit: type=1326 audit(1774805082.863:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.395019][   T28] audit: type=1326 audit(1774805082.863:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.424023][   T28] audit: type=1326 audit(1774805082.863:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.0.1879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef4d9c819 code=0x7ffc0000
[  527.630205][T11490] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  527.642225][T11490] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  527.654323][T11490] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  527.969014][T11497] netlink: 'syz.1.1882': attribute type 12 has an invalid length.
[  527.979713][T11497] netlink: 'syz.1.1882': attribute type 29 has an invalid length.
[  527.987958][T11497] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1882'.
[  527.999934][T11497] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1882'.
[  532.454292][T11560] netlink: 'syz.3.1902': attribute type 10 has an invalid length.
[  532.635670][T11560] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  535.428871][T11585] vxcan1 speed is unknown, defaulting to 1000
[  537.711864][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1930'.
[  539.327724][T11687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1950'.
[  542.098543][T11724] netlink: 'syz.0.1963': attribute type 4 has an invalid length.
[  542.855741][T11743] bridge0: port 1(erspan0) entered blocking state
[  542.862436][T11743] bridge0: port 1(erspan0) entered disabled state
[  542.869530][T11743] erspan0: entered allmulticast mode
[  542.875888][T11743] erspan0: entered promiscuous mode
[  542.975824][   T28] kauditd_printk_skb: 8 callbacks suppressed
[  542.975835][   T28] audit: type=1326 audit(1774805098.693:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  543.041602][   T28] audit: type=1326 audit(1774805098.723:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.069818][   T28] audit: type=1326 audit(1774805098.723:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.094239][   T28] audit: type=1326 audit(1774805098.723:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.117425][   T28] audit: type=1326 audit(1774805098.723:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.140707][   T28] audit: type=1326 audit(1774805098.723:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.165366][   T28] audit: type=1326 audit(1774805098.723:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.191767][   T28] audit: type=1326 audit(1774805098.733:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.215439][   T28] audit: type=1326 audit(1774805098.733:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  543.238249][   T28] audit: type=1326 audit(1774805098.733:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11745 comm="syz.3.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  548.085952][T11828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1997'.
[  548.166785][T11831] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1999'.
[  549.751068][T11855] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2007'.
[  552.614187][T11888] syz_tun: entered promiscuous mode
[  552.630846][T11888] vlan2: entered promiscuous mode
[  555.934007][T11921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2030'.
[  555.943076][T11921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2030'.
[  558.437681][T11947] netlink: 'syz.1.2041': attribute type 4 has an invalid length.
[  558.535902][T11951] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2042'.
[  558.568560][T11952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2039'.
[  558.968280][T11964] bridge0: port 2(syz_tun) entered blocking state
[  558.975979][T11964] bridge0: port 2(syz_tun) entered disabled state
[  558.983393][T11964] syz_tun: entered allmulticast mode
[  559.376168][T11976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2052'.
[  559.385278][T11976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2052'.
[  561.243938][T12007] macsec1: entered promiscuous mode
[  561.249392][T12007] macvlan0: entered promiscuous mode
[  561.260086][T12007] macvlan0: left promiscuous mode
[  562.981126][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  562.987654][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  563.535359][   T35] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  564.451808][T12048] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2076'.
[  564.460960][T12048] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2076'.
[  567.378830][   T28] kauditd_printk_skb: 27 callbacks suppressed
[  567.378846][   T28] audit: type=1326 audit(1774805123.083:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6b99c819 code=0x7ffc0000
[  567.502391][T12088] fuse: Unknown parameter '0x0000000000000003'
[  567.510840][   T28] audit: type=1326 audit(1774805123.083:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.605759][   T28] audit: type=1326 audit(1774805123.083:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.658911][   T28] audit: type=1326 audit(1774805123.083:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.720146][   T28] audit: type=1326 audit(1774805123.083:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.758659][   T28] audit: type=1326 audit(1774805123.083:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.835217][   T28] audit: type=1326 audit(1774805123.083:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  567.930578][   T28] audit: type=1326 audit(1774805123.083:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  568.026455][   T28] audit: type=1326 audit(1774805123.093:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  568.111968][   T28] audit: type=1326 audit(1774805123.093:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12085 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6b99c4ab code=0x7ffc0000
[  568.925185][T12110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2100'.
[  568.934354][T12110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2100'.
[  570.235165][T12113] fuse: Bad value for 'fd'
[  571.324379][T12134] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  572.532801][T12165] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  572.635216][T12166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2122'.
[  572.644274][T12166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2122'.
[  573.948751][T12177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2127'.
[  573.986567][T12177] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2127'.
[  575.083618][T12194] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  575.516508][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2136'.
[  575.532162][T12201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2137'.
[  575.542836][T12199] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2136'.
[  575.757095][T12207] netlink: 'syz.0.2140': attribute type 10 has an invalid length.
[  575.768456][T12207] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2140'.
[  575.784135][T12207] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  576.359743][T12229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2145'.
[  576.369150][T12229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2145'.
[  577.254044][T12231] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  577.704196][T12248] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2158'.
[  577.724334][T12248] unsupported nlmsg_type 40
[  578.080987][T12261] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  581.932372][ T5779] Bluetooth: hci1: unexpected event for opcode 0x2062
[  582.204830][T12313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2180'.
[  582.214425][T12313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2180'.
[  583.011079][T12314] netlink: 'syz.3.2183': attribute type 10 has an invalid length.
[  585.465166][   T28] kauditd_printk_skb: 24 callbacks suppressed
[  585.465184][   T28] audit: type=1326 audit(1774805141.173:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12336 comm="syz.2.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f139479c819 code=0x7ffc0000
[  585.530581][   T28] audit: type=1326 audit(1774805141.173:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12336 comm="syz.2.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f139479c819 code=0x7ffc0000
[  585.573581][   T28] audit: type=1326 audit(1774805141.173:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12336 comm="syz.2.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f139479c819 code=0x7ffc0000
[  585.656647][   T28] audit: type=1326 audit(1774805141.173:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12336 comm="syz.2.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f139479c819 code=0x7ffc0000
[  585.956099][T12353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2198'.
[  585.965433][T12353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2198'.
[  588.888929][T12385] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2210'.
[  588.898228][T12385] tc_dump_action: action bad kind
[  589.331308][T12389] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2214'.
[  590.164836][T12393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2216'.
[  590.690825][T12405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2220'.
[  590.927361][T12405] team_slave_0 (unregistering): left promiscuous mode
[  590.946715][T12405] team0: Port device team_slave_0 removed
[  590.978236][T12412] netlink: 'syz.3.2223': attribute type 4 has an invalid length.
[  591.031196][T12413] fuse: Unknown parameter '0x0000000000000006'
[  591.206465][T12417] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2225'.
[  591.252838][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.270753][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.278477][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.307373][T12419] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  591.363121][T12419] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  591.419169][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.445782][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.462978][T12419] hsr0 speed is unknown, defaulting to 1000
[  591.482339][T12419] hsr0 speed is unknown, defaulting to 1000
[  592.003720][T12437] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  592.729422][T12447] netlink: 'syz.0.2236': attribute type 16 has an invalid length.
[  596.555701][ T1146] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  597.446120][T12547] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2275'.
[  597.455978][T12547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2275'.
[  597.645029][T12555] overlayfs: failed to clone lowerpath
[  597.694334][T12557] netlink: 'syz.3.2280': attribute type 3 has an invalid length.
[  597.871693][T12565] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2284'.
[  597.883283][T12565] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2284'.
[  598.059304][T12574] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2288'.
[  598.069663][T12574] netlink: 580 bytes leftover after parsing attributes in process `syz.2.2288'.
[  598.121359][T12576] netlink: 'syz.2.2289': attribute type 30 has an invalid length.
[  598.228317][T12576] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2289'.
[  598.424206][T12585] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2293'.
[  598.638010][T12590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2296'.
[  598.657300][T12590] erspan0: left allmulticast mode
[  598.667706][T12590] erspan0: left promiscuous mode
[  598.698120][T12590] bridge0: port 3(erspan0) entered disabled state
[  598.735774][T12590] bridge_slave_1: left allmulticast mode
[  598.751124][T12590] bridge_slave_1: left promiscuous mode
[  598.774285][T12590] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.828942][T12590] bridge_slave_0: left allmulticast mode
[  598.847572][T12590] bridge_slave_0: left promiscuous mode
[  598.868927][T12590] bridge0: port 1(bridge_slave_0) entered disabled state
[  599.157807][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  599.178769][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  599.193896][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  599.204489][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  599.216815][   T51] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  599.228639][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  599.451658][T12595] vxcan1 speed is unknown, defaulting to 1000
[  599.580943][T12613] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2305'.
[  599.747022][T12595] hsr0 speed is unknown, defaulting to 1000
[  600.053196][T12595] chnl_net:caif_netlink_parms(): no params data found
[  600.162557][T12595] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.169887][T12595] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.178015][T12595] bridge_slave_0: entered allmulticast mode
[  600.185601][T12595] bridge_slave_0: entered promiscuous mode
[  600.195885][T12595] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.203519][T12595] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.210852][T12595] bridge_slave_1: entered allmulticast mode
[  600.218421][T12595] bridge_slave_1: entered promiscuous mode
[  600.247358][T12595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  600.261129][T12595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  600.293064][T12595] team0: Port device team_slave_0 added
[  600.302322][T12595] team0: Port device team_slave_1 added
[  600.328871][T12595] batman_adv: batadv0: Adding interface: batadv_slave_0
[  600.336036][T12595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.362266][T12595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  600.380244][T12595] batman_adv: batadv0: Adding interface: batadv_slave_1
[  600.387462][T12595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.413677][T12595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  600.460285][T12595] hsr_slave_0: entered promiscuous mode
[  600.466748][T12595] hsr_slave_1: entered promiscuous mode
[  600.475403][T12595] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  600.483109][T12595] Cannot create hsr debugfs directory
[  600.637682][T12595] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.648395][T12595] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.784123][T12595] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.797912][T12595] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.825800][T12647] ip6gretap0: entered promiscuous mode
[  600.832931][T12647] syz_tun: entered promiscuous mode
[  600.928656][T12595] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.940216][T12595] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.038532][T12595] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  601.050006][T12595] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.244980][T12595] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  601.257759][T12595] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  601.274734][T12595] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  601.289849][T12595] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  601.293168][ T5779] Bluetooth: hci4: command tx timeout
[  601.487600][T12595] 8021q: adding VLAN 0 to HW filter on device bond0
[  601.566387][T12595] 8021q: adding VLAN 0 to HW filter on device team0
[  601.604109][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.611376][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  601.635265][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.642689][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.116839][T12595] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.223038][T12595] veth0_vlan: entered promiscuous mode
[  602.246719][T12595] veth1_vlan: entered promiscuous mode
[  602.309450][T12595] veth0_macvtap: entered promiscuous mode
[  602.338460][T12595] veth1_macvtap: entered promiscuous mode
[  602.366187][T12595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  602.378355][T12595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.388317][T12595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  602.402096][T12595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.416210][T12595] batman_adv: batadv0: Interface activated: batadv_slave_0
[  602.429459][T12595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  602.447495][T12595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.458466][T12595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  602.474589][T12595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.487606][T12595] batman_adv: batadv0: Interface activated: batadv_slave_1
[  602.515511][T12695] __nla_validate_parse: 13 callbacks suppressed
[  602.515527][T12695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2341'.
[  602.532880][T12695] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2341'.
[  602.550288][T12595] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  602.566558][T12595] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  602.579048][T12595] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  602.592069][T12595] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  602.757001][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.774582][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.810203][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.829328][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.069851][T12714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2350'.
[  603.090468][T12714] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2350'.
[  603.371156][ T5779] Bluetooth: hci4: command tx timeout
[  603.447910][T12722] loop2: detected capacity change from 0 to 1024
[  603.563128][T12722] syz.2.2355: attempt to access beyond end of device
[  603.563128][T12722] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  603.596072][T12722] Buffer I/O error on dev loop2, logical block 2889, async page read
[  603.621462][T12722] syz.2.2355: attempt to access beyond end of device
[  603.621462][T12722] loop2: rw=0, sector=393216, nr_sectors = 2 limit=1024
[  603.662758][T12722] Buffer I/O error on dev loop2, logical block 196608, async page read
[  603.692581][T12722] syz.2.2355: attempt to access beyond end of device
[  603.692581][T12722] loop2: rw=0, sector=393218, nr_sectors = 2 limit=1024
[  603.740503][T12722] Buffer I/O error on dev loop2, logical block 196609, async page read
[  603.748915][T12722] syz.2.2355: attempt to access beyond end of device
[  603.748915][T12722] loop2: rw=0, sector=393220, nr_sectors = 2 limit=1024
[  603.798056][T12722] Buffer I/O error on dev loop2, logical block 196610, async page read
[  603.821667][ T5779] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  603.831400][ T5779] CPU: 0 PID: 5779 Comm: kworker/u5:4 Not tainted syzkaller #0
[  603.838987][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  603.849067][ T5779] Workqueue: hci1 hci_rx_work
[  603.853815][ T5779] Call Trace:
[  603.857144][ T5779]  <TASK>
[  603.860098][ T5779]  dump_stack_lvl+0x18c/0x250
[  603.864841][ T5779]  ? show_regs_print_info+0x20/0x20
[  603.870084][ T5779]  ? load_image+0x400/0x400
[  603.874631][ T5779]  sysfs_create_dir_ns+0x26e/0x2a0
[  603.879777][ T5779]  ? sysfs_warn_dup+0xa0/0xa0
[  603.884488][ T5779]  ? do_raw_spin_unlock+0x121/0x230
[  603.889725][ T5779]  kobject_add_internal+0x61c/0xcc0
[  603.892749][T12722] syz.2.2355: attempt to access beyond end of device
[  603.892749][T12722] loop2: rw=0, sector=393222, nr_sectors = 2 limit=1024
[  603.894980][ T5779]  kobject_add+0x164/0x240
[  603.912896][ T5779]  ? __rwlock_init+0x150/0x150
[  603.917705][ T5779]  ? kobject_init+0x1e0/0x1e0
[  603.922402][ T5779]  ? _raw_spin_unlock+0x28/0x40
[  603.927275][ T5779]  ? get_device_parent+0x366/0x390
[  603.932415][ T5779]  device_add+0x408/0xc20
[  603.936779][ T5779]  hci_conn_add_sysfs+0xd5/0x1e0
[  603.941741][ T5779]  le_conn_complete_evt+0xf5d/0x1540
[  603.947079][ T5779]  ? hci_event_packet+0x4cb/0x1270
[  603.952232][ T5779]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  603.958492][ T5779]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  603.964142][ T5779]  ? skb_pull_data+0xfb/0x200
[  603.968837][ T5779]  hci_le_conn_complete_evt+0x187/0x440
[  603.974414][ T5779]  ? hci_remote_host_features_evt+0x150/0x150
[  603.980494][ T5779]  hci_event_packet+0x7ba/0x1270
[  603.985467][ T5779]  ? bis_list+0x290/0x290
[  603.989820][ T5779]  ? lockdep_hardirqs_on+0x98/0x150
[  603.995053][ T5779]  ? hci_send_to_monitor+0xd7/0x4f0
[  604.000276][ T5779]  hci_rx_work+0x43a/0xd60
[  604.004781][ T5779]  ? process_scheduled_works+0x96f/0x15d0
[  604.010532][ T5779]  process_scheduled_works+0xa5d/0x15d0
[  604.016126][ T5779]  ? worker_attach_to_pool+0x380/0x380
[  604.021614][ T5779]  ? assign_work+0x3d2/0x5d0
[  604.026227][ T5779]  worker_thread+0xa55/0xfc0
[  604.030857][ T5779]  kthread+0x2fa/0x390
[  604.034942][ T5779]  ? pr_cont_work+0x560/0x560
[  604.039640][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  604.044248][ T5779]  ret_from_fork+0x48/0x80
[  604.048682][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  604.053294][ T5779]  ret_from_fork_asm+0x11/0x20
[  604.058095][ T5779]  </TASK>
[  604.066576][ T5779] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  604.080768][ T5779] Bluetooth: hci1: failed to register connection device
[  604.119009][T12722] Buffer I/O error on dev loop2, logical block 196611, async page read
[  604.143045][T12733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2359'.
[  604.153733][ T5779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  604.164564][ T5779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  604.171566][T12733] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2359'.
[  604.181642][T12722] syz.2.2355: attempt to access beyond end of device
[  604.181642][T12722] loop2: rw=0, sector=393224, nr_sectors = 2 limit=1024
[  604.187176][ T5779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  604.207611][ T5779] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  604.220982][ T5779] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  604.228323][ T5779] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  604.236892][T12722] Buffer I/O error on dev loop2, logical block 196612, async page read
[  604.247774][T12722] syz.2.2355: attempt to access beyond end of device
[  604.247774][T12722] loop2: rw=0, sector=393226, nr_sectors = 2 limit=1024
[  604.271693][T12731] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2358'.
[  604.298120][T12722] Buffer I/O error on dev loop2, logical block 196613, async page read
[  604.306908][T12722] syz.2.2355: attempt to access beyond end of device
[  604.306908][T12722] loop2: rw=0, sector=393228, nr_sectors = 2 limit=1024
[  604.323813][T12722] Buffer I/O error on dev loop2, logical block 196614, async page read
[  604.341637][T12722] syz.2.2355: attempt to access beyond end of device
[  604.341637][T12722] loop2: rw=0, sector=393230, nr_sectors = 2 limit=1024
[  604.389346][T12722] Buffer I/O error on dev loop2, logical block 196615, async page read
[  604.406525][T12722] syz.2.2355: attempt to access beyond end of device
[  604.406525][T12722] loop2: rw=0, sector=393232, nr_sectors = 2 limit=1024
[  604.421922][T12722] Buffer I/O error on dev loop2, logical block 196616, async page read
[  605.520153][   T51] Bluetooth: hci4: command tx timeout
[  605.628475][T12734] vxcan1 speed is unknown, defaulting to 1000
[  605.759022][T12601] udevd[12601]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  605.890132][   T70] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.922748][   T70] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.032454][   T70] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  606.043123][   T70] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.085745][T12734] hsr0 speed is unknown, defaulting to 1000
[  606.137364][   T70] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  606.147823][   T70] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.261370][   T70] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  606.279099][   T70] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.331246][   T51] Bluetooth: hci3: command tx timeout
[  606.489616][T12734] chnl_net:caif_netlink_parms(): no params data found
[  607.273803][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2367'.
[  607.301052][T12781] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2367'.
[  607.540470][   T51] Bluetooth: hci4: command tx timeout
[  608.379703][T12734] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.440853][T12734] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.448250][T12734] bridge_slave_0: entered allmulticast mode
[  608.454781][   T51] Bluetooth: hci3: command tx timeout
[  608.461789][T12734] bridge_slave_0: entered promiscuous mode
[  608.690980][T12734] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.698163][T12734] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.740592][T12734] bridge_slave_1: entered allmulticast mode
[  608.749802][T12734] bridge_slave_1: entered promiscuous mode
[  608.819231][T12812] loop2: detected capacity change from 0 to 1024
[  608.938189][T12813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2378'.
[  608.957723][T12813] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2378'.
[  609.055410][T12734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.079600][T12812] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  609.095558][T12734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  609.457217][   T70] erspan0 (unregistering): left allmulticast mode
[  609.596617][   T70] erspan0 (unregistering): left promiscuous mode
[  609.746787][   T70] bridge0: port 3(erspan0) entered disabled state
[  609.907684][T12595] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  610.047896][T12734] team0: Port device team_slave_0 added
[  610.155119][T12734] team0: Port device team_slave_1 added
[  610.501491][   T51] Bluetooth: hci3: command tx timeout
[  610.525978][T12734] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.543035][T12734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.590501][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2388'.
[  610.599617][T12734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.640172][T12846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2387'.
[  610.663639][T12846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2387'.
[  610.703324][T12734] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.721929][T12734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.819266][T12734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  611.283198][T12734] hsr_slave_0: entered promiscuous mode
[  611.362838][T12734] hsr_slave_1: entered promiscuous mode
[  611.552290][T12734] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  611.664957][T12734] Cannot create hsr debugfs directory
[  612.012429][   T70] hsr_slave_0: left promiscuous mode
[  612.054913][   T70] hsr_slave_1: left promiscuous mode
[  612.081419][   T70] bridge_slave_1: left allmulticast mode
[  612.091741][   T70] bridge_slave_1: left promiscuous mode
[  612.098337][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.120460][   T70] bridge_slave_0: left allmulticast mode
[  612.126145][   T70] bridge_slave_0: left promiscuous mode
[  612.137298][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.192448][   T70] team0: left promiscuous mode
[  612.197882][   T70] team_slave_1: left promiscuous mode
[  612.241800][   T70] veth1_macvtap: left promiscuous mode
[  612.247942][   T70] veth0_macvtap: left promiscuous mode
[  612.255850][   T70] veth1_vlan: left promiscuous mode
[  612.267439][   T70] veth0_vlan: left promiscuous mode
[  612.450125][   T70] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  612.473708][   T70] pim6reg (unregistering): left allmulticast mode
[  612.580929][   T51] Bluetooth: hci3: command tx timeout
[  614.196587][   T70] team0 (unregistering): Port device team_slave_1 removed
[  614.544222][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  614.609382][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  615.040711][   T70] bond0 (unregistering): Released all slaves
[  615.196526][T12880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2396'.
[  615.212791][T12880] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2396'.
[  615.229244][T12902] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2404'.
[  615.248959][T12902] tc_dump_action: action bad kind
[  615.452556][   T51] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  615.463530][   T51] Bluetooth: hci4: Injecting HCI hardware error event
[  615.474503][ T5779] Bluetooth: hci4: hardware error 0x00
[  615.622934][T12909] loop2: detected capacity change from 0 to 128
[  615.666636][   T70] IPVS: stop unused estimator thread 0...
[  615.710717][T12909] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  615.796263][T12909] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  615.930639][T12909] loop2: detected capacity change from 128 to 0
[  615.952456][T12918] bio_check_eod: 2578 callbacks suppressed
[  615.952473][T12918] syz.2.2406: attempt to access beyond end of device
[  615.952473][T12918] loop2: rw=12288, sector=72, nr_sectors = 2 limit=0
[  615.991004][T12909] syz.2.2406: attempt to access beyond end of device
[  615.991004][T12909] loop2: rw=12288, sector=8, nr_sectors = 2 limit=0
[  616.028830][    C1] I/O error, dev loop2, sector 70 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  616.051278][T12909] EXT4-fs error (device loop2): __ext4_find_entry:1685: inode #2: comm syz.2.2406: reading directory lblock 0
[  616.058290][T12918] EXT4-fs error (device loop2): ext4_get_inode_loc:4627: inode #12: block 36: comm syz.2.2406: unable to read itable block
[  616.088775][T12909] syz.2.2406: attempt to access beyond end of device
[  616.088775][T12909] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0
[  616.105428][T12909] buffer_io_error: 2578 callbacks suppressed
[  616.105442][T12909] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  616.146050][T12909] EXT4-fs (loop2): I/O error while writing superblock
[  616.151197][T12918] EXT4-fs (loop2): previous I/O error to superblock detected
[  616.174132][T12918] syz.2.2406: attempt to access beyond end of device
[  616.174132][T12918] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0
[  616.361271][T12918] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  616.369578][T12918] EXT4-fs (loop2): I/O error while writing superblock
[  616.392499][T12918] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5920: IO failure
[  616.409692][T12918] syz.2.2406: attempt to access beyond end of device
[  616.409692][T12918] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0
[  616.656664][T12918] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  616.830579][T12918] EXT4-fs (loop2): I/O error while writing superblock
[  616.986428][T12918] EXT4-fs error (device loop2): ext4_dirty_inode:6124: inode #12: comm syz.2.2406: mark_inode_dirty error
[  617.035344][T12918] syz.2.2406: attempt to access beyond end of device
[  617.035344][T12918] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0
[  617.085792][T12918] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  617.123036][T12918] EXT4-fs (loop2): I/O error while writing superblock
[  617.195050][T12595] syz-executor: attempt to access beyond end of device
[  617.195050][T12595] loop2: rw=12288, sector=8, nr_sectors = 2 limit=0
[  617.225612][T12595] EXT4-fs warning (device loop2): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -5 reading directory block
[  617.249959][T12734] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  617.269947][T12734] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  617.286908][T12734] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  617.309033][T12734] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  617.322402][ T1127] kworker/u4:8: attempt to access beyond end of device
[  617.322402][ T1127] loop2: rw=524288, sector=70, nr_sectors = 2 limit=0
[  617.367312][ T1127] kworker/u4:8: attempt to access beyond end of device
[  617.367312][ T1127] loop2: rw=12288, sector=72, nr_sectors = 2 limit=0
[  617.419527][ T1127] EXT4-fs error (device loop2): __ext4_get_inode_loc_noinmem:4612: inode #12: block 36: comm kworker/u4:8: unable to read itable block
[  617.486494][ T1127] kworker/u4:8: attempt to access beyond end of device
[  617.486494][ T1127] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0
[  617.500666][ T1127] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  617.508965][ T1127] EXT4-fs (loop2): I/O error while writing superblock
[  617.545331][T12595] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  617.584656][T12595] Buffer I/O error on dev loop2, logical block 1, lost sync page write
[  617.610663][ T5779] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  617.620894][T12595] EXT4-fs (loop2): I/O error while writing superblock
[  617.680301][T12734] 8021q: adding VLAN 0 to HW filter on device bond0
[  617.801824][T12734] 8021q: adding VLAN 0 to HW filter on device team0
[  617.830204][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.837413][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  617.872824][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  617.879975][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  617.949653][T12734] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  618.156693][ T6779] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.454144][ T6779] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.563041][ T6779] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.689560][ T6779] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.765272][T12734] 8021q: adding VLAN 0 to HW filter on device batadv0
[  618.943627][T12734] veth0_vlan: entered promiscuous mode
[  618.977780][T12734] veth1_vlan: entered promiscuous mode
[  619.458382][T12734] veth0_macvtap: entered promiscuous mode
[  619.992663][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  620.014144][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  620.023380][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  620.034431][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  620.047423][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  620.055201][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  620.112630][T12734] veth1_macvtap: entered promiscuous mode
[  620.283740][T12986] vxcan1 speed is unknown, defaulting to 1000
[  620.387260][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.429639][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.459934][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.487968][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.512983][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.540427][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.562279][T12734] batman_adv: batadv0: Interface activated: batadv_slave_0
[  620.617279][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.638172][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.659042][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.672428][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.682879][T12734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.694492][T12734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.712165][T12734] batman_adv: batadv0: Interface activated: batadv_slave_1
[  620.736078][T12986] hsr0 speed is unknown, defaulting to 1000
[  620.813195][T12734] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  620.834238][T12734] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  620.860412][T12734] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  620.878677][T12734] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  621.162831][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  621.181165][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.282297][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  621.290168][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.431663][T12986] chnl_net:caif_netlink_parms(): no params data found
[  622.103902][ T5779] Bluetooth: hci0: command tx timeout
[  622.173399][T12986] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.212131][T12986] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.245637][T12986] bridge_slave_0: entered allmulticast mode
[  622.309648][T12986] bridge_slave_0: entered promiscuous mode
[  622.367155][T12986] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.399229][T12986] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.433972][T12986] bridge_slave_1: entered allmulticast mode
[  622.461828][T12986] bridge_slave_1: entered promiscuous mode
[  622.548301][ T6779] hsr_slave_0: left promiscuous mode
[  622.561544][ T6779] hsr_slave_1: left promiscuous mode
[  622.572466][ T6779] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  622.579989][ T6779] batman_adv: batadv0: Removing interface: batadv_slave_0
[  622.593345][ T6779] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  622.607084][ T6779] batman_adv: batadv0: Removing interface: batadv_slave_1
[  622.615355][ T6779] bridge_slave_1: left allmulticast mode
[  622.627269][ T6779] bridge_slave_1: left promiscuous mode
[  622.633307][ T6779] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.653092][ T6779] bridge_slave_0: left allmulticast mode
[  622.658872][ T6779] bridge_slave_0: left promiscuous mode
[  622.664773][ T6779] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.706135][ T6779] veth1_macvtap: left promiscuous mode
[  622.712055][ T6779] veth0_macvtap: left promiscuous mode
[  622.717802][ T6779] veth1_vlan: left promiscuous mode
[  622.725213][ T6779] veth0_vlan: left promiscuous mode
[  623.098331][T13063] loop1: detected capacity change from 0 to 4096
[  623.349551][T13063] ntfs3: loop1: failed to convert "0080" to cp737
[  623.416970][T13063] ntfs3: loop1: failed to convert name for inode 1e.
[  623.737625][T13074] loop1: detected capacity change from 0 to 4096
[  623.755219][T13074] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  624.172207][ T5779] Bluetooth: hci0: command tx timeout
[  624.211635][ T6779] team0 (unregistering): Port device team_slave_1 removed
[  624.298745][ T6779] team0 (unregistering): Port device team_slave_0 removed
[  624.396614][ T6779] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.416393][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  624.423734][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  625.258425][ T6779] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  625.777501][ T6779] bond0 (unregistering): Released all slaves
[  625.924647][T12986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  625.974388][T12986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  626.114718][T12986] team0: Port device team_slave_0 added
[  626.131452][T12986] team0: Port device team_slave_1 added
[  626.170947][T12986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  626.187092][T12986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.255594][ T5779] Bluetooth: hci0: command tx timeout
[  626.290832][T12986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  626.316687][T12986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  626.323820][T12986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.357171][T12986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  626.432139][T12986] hsr_slave_0: entered promiscuous mode
[  626.481511][T12986] hsr_slave_1: entered promiscuous mode
[  626.948027][T12986] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  626.972820][T12986] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  627.013352][T12986] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  627.051092][T12986] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  627.391669][T13101] vxcan1 speed is unknown, defaulting to 1000
[  627.401283][T13107] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2450'.
[  627.464173][T12986] 8021q: adding VLAN 0 to HW filter on device bond0
[  627.534565][T12986] 8021q: adding VLAN 0 to HW filter on device team0
[  627.579533][T13112] netlink: 'syz.3.2451': attribute type 10 has an invalid length.
[  627.635708][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[  627.642945][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[  627.722425][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[  627.729575][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[  628.202496][T13101] hsr0 speed is unknown, defaulting to 1000
[  628.252045][   T11] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  628.330936][ T5779] Bluetooth: hci0: command tx timeout
[  628.353607][T12986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  629.032746][T12986] veth0_vlan: entered promiscuous mode
[  629.068076][T12986] veth1_vlan: entered promiscuous mode
[  629.142241][T12986] veth0_macvtap: entered promiscuous mode
[  629.172810][T12986] veth1_macvtap: entered promiscuous mode
[  629.213644][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.226143][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.239085][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.256396][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.276755][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.294881][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.321932][T12986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  629.372289][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.385268][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.416865][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.446797][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.471004][T12986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.487138][T12986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.529872][T12986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  629.564857][T12986] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  629.584125][T12986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  629.595013][T12986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  629.606228][T12986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.709926][T13153] bond_slave_0: entered promiscuous mode
[  629.716030][T13153] bond_slave_1: entered promiscuous mode
[  629.729649][T13153] vlan2: entered promiscuous mode
[  629.734993][T13153] bond0: entered promiscuous mode
[  629.886988][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.903653][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  629.945689][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.966831][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.209950][T13169] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2459'.
[  630.433352][T13177] loop4: detected capacity change from 0 to 64
[  631.839125][T13192] loop1: detected capacity change from 0 to 512
[  631.915468][T13192] EXT4-fs (loop1): 1 truncate cleaned up
[  631.985054][T13192] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  632.222959][T13201] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2468'.
[  632.349849][T12734] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  632.718559][T10757] syz_tun (unregistering): left allmulticast mode
[  632.760528][T10757] bridge0: port 2(syz_tun) entered disabled state
[  632.862022][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  632.875785][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  632.886769][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  632.903267][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  632.912620][   T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  632.920039][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  633.045588][T13217] vxcan1 speed is unknown, defaulting to 1000
[  633.505263][T13217] hsr0 speed is unknown, defaulting to 1000
[  633.643957][T13240] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2479'.
[  634.131605][T13217] chnl_net:caif_netlink_parms(): no params data found
[  634.462729][T13217] bridge0: port 1(bridge_slave_0) entered blocking state
[  634.480203][T13217] bridge0: port 1(bridge_slave_0) entered disabled state
[  634.487657][T13217] bridge_slave_0: entered allmulticast mode
[  634.495593][T13217] bridge_slave_0: entered promiscuous mode
[  634.517437][T13217] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.540801][T13217] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.565884][T13217] bridge_slave_1: entered allmulticast mode
[  634.594269][T13217] bridge_slave_1: entered promiscuous mode
[  634.694630][T13217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  634.786037][T13217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  634.944408][T13217] team0: Port device team_slave_0 added
[  634.971588][   T51] Bluetooth: hci2: command tx timeout
[  635.084881][T13217] team0: Port device team_slave_1 added
[  635.243212][T13217] batman_adv: batadv0: Adding interface: batadv_slave_0
[  635.260616][T13217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  635.356290][T13217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  635.397275][T13217] batman_adv: batadv0: Adding interface: batadv_slave_1
[  635.435643][T13217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  635.463536][T13217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  635.523929][   T23] libceph: connect (1)[c::]:6789 error -101
[  635.560895][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  635.636534][T13217] hsr_slave_0: entered promiscuous mode
[  635.656068][T13217] hsr_slave_1: entered promiscuous mode
[  635.664454][T13217] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  635.678706][T13217] Cannot create hsr debugfs directory
[  635.855622][   T23] libceph: connect (1)[c::]:6789 error -101
[  635.874881][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  636.220562][T13294] ceph: No mds server is up or the cluster is laggy
[  636.355498][T13217] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  636.375603][T13217] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.421683][   T23] libceph: connect (1)[c::]:6789 error -101
[  636.448173][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  636.697854][T13217] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  636.727193][T13217] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.791353][T13336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2507'.
[  636.802248][T13336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2507'.
[  636.811841][T13336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2507'.
[  636.830907][T13336] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  636.839701][T13336] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  636.848653][T13336] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  636.857457][T13336] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  636.973521][T13217] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  637.009238][T13217] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.051952][   T51] Bluetooth: hci2: command tx timeout
[  637.052166][ T5779] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  637.068716][ T5779] Bluetooth: hci0: Injecting HCI hardware error event
[  637.078934][ T5779] Bluetooth: hci0: hardware error 0x00
[  637.238591][T13217] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  637.259850][T13217] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.296179][T13346] loop4: detected capacity change from 0 to 512
[  637.353019][T13346] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  637.380021][T13346] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  637.626914][T12986] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  637.718032][T13217] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  637.786843][T13217] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  637.834093][T13217] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  637.844065][T13360] Driver unsupported XDP return value 0 on prog  (id 70) dev N/A, expect packet loss!
[  637.879392][T13217] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  637.962574][T13366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2516'.
[  638.001167][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2516'.
[  638.036228][T13366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2516'.
[  638.245544][T13379] overlayfs: failed to clone upperpath
[  638.269421][T13217] 8021q: adding VLAN 0 to HW filter on device bond0
[  638.301950][T13217] 8021q: adding VLAN 0 to HW filter on device team0
[  638.341638][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.348827][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  638.388689][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.395911][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  638.415663][T13382] loop4: detected capacity change from 0 to 128
[  638.520039][T13217] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  638.532457][T13217] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  638.711190][T12767] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  638.865485][T13394] loop1: detected capacity change from 0 to 128
[  638.942480][T12767] usb 5-1: config 1 has an invalid descriptor of length 161, skipping remainder of the config
[  638.982334][T12767] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  638.993313][T13217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  639.021375][T12767] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  639.073973][T12767] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  639.092683][T12767] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.106089][T12767] usb 5-1: Product: syz
[  639.110303][T12767] usb 5-1: Manufacturer: syz
[  639.118504][T12767] usb 5-1: SerialNumber: syz
[  639.131966][   T51] Bluetooth: hci2: command tx timeout
[  639.140619][ T5779] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  639.148647][T13217] veth0_vlan: entered promiscuous mode
[  639.167730][T13217] veth1_vlan: entered promiscuous mode
[  639.175872][T12767] cdc_ncm 5-1:1.0: skipping garbage
[  639.190108][T12767] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  639.229666][T12767] cdc_ncm 5-1:1.0: bind() failure
[  639.248442][T13217] veth0_macvtap: entered promiscuous mode
[  639.277899][T13217] veth1_macvtap: entered promiscuous mode
[  639.327672][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  639.350555][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.376344][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  639.406012][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.430725][T12767] usb 5-1: USB disconnect, device number 2
[  639.455963][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  639.468247][T13405] autofs4:pid:13405:autofs_fill_super: called with bogus options
[  639.490744][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.527112][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  639.557737][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.572877][T13217] batman_adv: batadv0: Interface activated: batadv_slave_0
[  639.611418][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  639.653431][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.671282][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  639.683590][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.693931][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  639.720591][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.749690][T13217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  639.778572][T13217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  639.833367][T13217] batman_adv: batadv0: Interface activated: batadv_slave_1
[  639.877122][T13217] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  639.904048][T13217] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  639.922065][T13217] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  639.936415][T13217] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  640.167080][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  640.188585][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  640.264095][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  640.283388][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  640.908526][T13444] dummy0: entered allmulticast mode
[  641.054625][T13451] program syz.3.2535 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  641.210444][ T5779] Bluetooth: hci2: command tx timeout
[  641.666857][T13457] loop1: detected capacity change from 0 to 1024
[  641.761432][T13457] EXT4-fs: Ignoring removed nomblk_io_submit option
[  641.796256][T13457] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  641.919880][T11365] syz_tun (unregistering): left promiscuous mode
[  641.921884][T13457] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  642.011641][T13457] System zones: 0-1, 3-36
[  642.035918][T13457] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  642.168992][T12734] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  642.192525][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  642.220545][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  642.228811][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  642.239015][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  642.249501][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  642.257678][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  642.264894][T13014] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  642.433339][T13466] vxcan1 speed is unknown, defaulting to 1000
[  642.470611][T13014] usb 5-1: Using ep0 maxpacket: 16
[  642.511949][T13014] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.541546][T13014] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  642.580400][T13014] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  642.633892][T13014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.906317][T13474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2542'.
[  642.950042][T13474] bond1: entered promiscuous mode
[  642.955671][T13474] 8021q: adding VLAN 0 to HW filter on device bond1
[  642.964516][T13466] hsr0 speed is unknown, defaulting to 1000
[  643.133961][T13014] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  643.379209][T13466] chnl_net:caif_netlink_parms(): no params data found
[  643.379451][T13014] usb 5-1: USB disconnect, device number 3
[  643.625309][T13466] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.635133][T13466] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.648462][T13466] bridge_slave_0: entered allmulticast mode
[  643.656383][T13466] bridge_slave_0: entered promiscuous mode
[  643.666388][T13466] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.674144][T13466] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.681521][T13466] bridge_slave_1: entered allmulticast mode
[  643.688809][T13466] bridge_slave_1: entered promiscuous mode
[  643.725093][T13466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  643.739961][T13466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  643.783186][T13466] team0: Port device team_slave_0 added
[  643.794344][T13466] team0: Port device team_slave_1 added
[  643.928391][T13466] batman_adv: batadv0: Adding interface: batadv_slave_0
[  643.956308][T13466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  644.030426][T13466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  644.079197][T13466] batman_adv: batadv0: Adding interface: batadv_slave_1
[  644.089629][T13466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  644.164026][T13466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  644.318615][T13466] hsr_slave_0: entered promiscuous mode
[  644.332008][   T51] Bluetooth: hci1: command tx timeout
[  644.339938][T13466] hsr_slave_1: entered promiscuous mode
[  644.359888][T13466] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  644.368050][T13466] Cannot create hsr debugfs directory
[  644.772856][T13466] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  644.802221][T13466] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.823263][T13466] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  644.897116][   T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  645.039693][T13466] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  645.051705][T13466] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.067789][T13466] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  645.100543][   T23] usb 5-1: Using ep0 maxpacket: 16
[  645.108052][   T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  645.140616][   T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  645.161659][   T23] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  645.180717][T13014] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  645.232031][   T23] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  645.241442][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.252314][   T23] usb 5-1: config 0 descriptor??
[  645.324638][T13466] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  645.341885][T13466] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.359647][T13466] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  645.394187][T13014] usb 2-1: unable to get BOS descriptor or descriptor too short
[  645.408710][T13014] usb 2-1: not running at top speed; connect to a high speed hub
[  645.428637][T13014] usb 2-1: config 5 has an invalid interface number: 246 but max is 0
[  645.447952][T13014] usb 2-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  645.485898][T13014] usb 2-1: config 5 has no interface number 0
[  645.514220][T13014] usb 2-1: config 5 interface 246 altsetting 4 endpoint 0x3 has invalid wMaxPacketSize 0
[  645.563042][T13014] usb 2-1: config 5 interface 246 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  645.594209][T13466] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  645.609033][T13014] usb 2-1: config 5 interface 246 has no altsetting 0
[  645.620090][T13466] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.645579][T13466] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  645.657260][T13014] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  645.670497][T13014] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.693835][T13014] usb 2-1: Product: syz
[  645.698719][T13014] usb 2-1: Manufacturer: syz
[  645.713842][T13014] usb 2-1: SerialNumber: syz
[  646.018840][   T23] input: HID 054c:03d5 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:054C:03D5.0003/input/input9
[  646.037838][T13466] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  646.086133][T13014] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  646.109088][   T12] usb 2-1: Failed to submit usb control message: -71
[  646.117479][   T12] usb 2-1: unable to send the bmi data to the device: -71
[  646.137184][   T12] usb 2-1: unable to get target info from device
[  646.145957][T13014] usb 2-1: USB disconnect, device number 10
[  646.154020][T13466] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  646.173347][T13466] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  646.180706][   T12] usb 2-1: could not get target info (-71)
[  646.200753][   T23] sony 0003:054C:03D5.0003: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.4-1/input0
[  646.229890][   T23] usb 5-1: USB disconnect, device number 4
[  646.256164][   T12] usb 2-1: could not probe fw (-71)
[  646.291569][T13466] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  646.418767][   T51] Bluetooth: hci1: command tx timeout
[  646.470245][T13528] fido_id[13528]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  646.757535][T13466] 8021q: adding VLAN 0 to HW filter on device bond0
[  646.831947][T13466] 8021q: adding VLAN 0 to HW filter on device team0
[  646.849564][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.856796][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  646.875039][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.882294][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  647.400730][T12410] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  647.436744][T13466] 8021q: adding VLAN 0 to HW filter on device batadv0
[  647.593717][T13466] veth0_vlan: entered promiscuous mode
[  647.607704][T12410] usb 5-1: Using ep0 maxpacket: 8
[  647.618571][T12410] usb 5-1: unable to get BOS descriptor or descriptor too short
[  647.630094][T12410] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  647.652746][T12410] usb 5-1: New USB device found, idVendor=0e41, idProduct=4248, bcdDevice= 0.40
[  647.662618][T12410] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.673297][T13466] veth1_vlan: entered promiscuous mode
[  647.703209][T12410] usb 5-1: Product: syz
[  647.707429][T12410] usb 5-1: Manufacturer: syz
[  647.720603][T12410] usb 5-1: SerialNumber: syz
[  647.746853][T13466] veth0_macvtap: entered promiscuous mode
[  647.759000][T13466] veth1_macvtap: entered promiscuous mode
[  647.811167][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.841415][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.859228][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.878111][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.888878][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.907906][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.918313][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.930290][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.941944][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.952604][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.968129][T13466] batman_adv: batadv0: Interface activated: batadv_slave_0
[  647.996839][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.015888][T12410] usb 5-1: 1:1 : format type 0 is detected, processed as PCM
[  648.027293][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.031879][T12410] usb 5-1: 1:1 : unsupported sample bitwidth 1 in 165 bytes
[  648.055610][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.068727][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.078736][T12410] usb 5-1: unit 8 not found!
[  648.112648][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.127904][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.144727][T12410] usb 5-1: USB disconnect, device number 5
[  648.155961][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.194657][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.209369][T13466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.215204][T12759] udevd[12759]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  648.230468][T13466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.261089][T13466] batman_adv: batadv0: Interface activated: batadv_slave_1
[  648.295654][T13466] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  648.325877][T13466] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  648.341068][T13466] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  648.350378][T13466] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  648.496124][   T51] Bluetooth: hci1: command tx timeout
[  648.546161][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.604893][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.694561][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.732093][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.280734][T13014] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  649.474057][T13580] loop1: detected capacity change from 0 to 256
[  649.481363][T13014] usb 5-1: Using ep0 maxpacket: 8
[  649.488142][T13014] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  649.506051][T13014] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  649.533647][T13014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  649.586660][T13014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  649.613772][T13014] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  649.662434][T13014] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  649.692592][T13014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.970883][T13014] usb 5-1: usb_control_msg returned -32
[  649.994723][T13014] usbtmc 5-1:16.0: can't read capabilities
[  650.660412][   T51] Bluetooth: hci1: command tx timeout
[  651.320496][   T23] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  651.552482][   T23] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  651.568592][   T23] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  651.622193][   T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  651.657382][   T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  651.676634][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.701248][   T23] usb 2-1: config 0 descriptor??
[  651.709605][T13599] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  651.726368][   T23] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  652.067269][    T9] usb 5-1: USB disconnect, device number 6
[  654.212193][   T27] usb 2-1: USB disconnect, device number 11
[  656.302939][T13709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2590'.
[  656.325783][T13709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2590'.
[  656.357542][T13709] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2590'.
[  656.385454][T13709] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  656.394965][T13709] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  656.400938][ T5758] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  656.404035][T13709] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  656.421243][T13709] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  656.641477][ T5758] usb 1-1: Using ep0 maxpacket: 32
[  656.653112][ T5758] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  656.692769][ T5758] usb 1-1: config 0 has no interface number 0
[  656.698954][ T5758] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  656.731212][ T5758] usb 1-1: config 0 interface 85 has no altsetting 0
[  656.742911][ T5758] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  656.759457][ T5758] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.767862][ T5758] usb 1-1: Product: syz
[  656.773109][ T5758] usb 1-1: Manufacturer: syz
[  656.777800][ T5758] usb 1-1: SerialNumber: syz
[  656.807874][ T5758] usb 1-1: config 0 descriptor??
[  657.240130][ T5758] appletouch 1-1:0.85: Geyser mode initialized.
[  657.257038][ T5758] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input10
[  657.757218][    T8] usb 1-1: USB disconnect, device number 6
[  658.065462][    T8] appletouch 1-1:0.85: input: appletouch disconnected
[  658.180647][   T23] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  658.354915][T13751] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2597'.
[  658.396166][   T23] usb 5-1: Using ep0 maxpacket: 16
[  658.423436][   T23] usb 5-1: config 0 has no interfaces?
[  658.446056][   T23] usb 5-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73
[  658.464640][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.475922][   T23] usb 5-1: Product: syz
[  658.483687][   T23] usb 5-1: Manufacturer: syz
[  658.488535][   T23] usb 5-1: SerialNumber: syz
[  658.493881][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2600'.
[  658.504954][   T23] usb 5-1: config 0 descriptor??
[  658.514354][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2600'.
[  658.540108][T13756] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2600'.
[  658.559926][T13756] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  658.568752][T13756] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  658.577992][T13756] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  658.586918][T13756] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  658.838557][T13732] Bluetooth: MGMT ver 1.22
[  658.861577][  T787] usb 5-1: USB disconnect, device number 7
[  658.935519][T13762] 8021q: adding VLAN 0 to HW filter on device bond0
[  658.969957][T13762] bond0: (slave rose0): Enslaving as an active interface with an up link
[  660.514288][T13795] loop4: detected capacity change from 0 to 512
[  660.529680][T13795] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  660.555003][T13798] netlink: 'syz.1.2608': attribute type 1 has an invalid length.
[  660.585595][T13795] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.2609: iget: bad i_size value: 38620345925642
[  660.652586][T13795] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.2609: couldn't read orphan inode 15 (err -117)
[  660.756375][T13795] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  660.984524][T13795] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.2609: bg 0: block 5: invalid block bitmap
[  661.059766][T13795] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 256 with error 28
[  661.083759][T13795] EXT4-fs (loop4): This should not happen!! Data will be lost
[  661.083759][T13795] 
[  661.107605][T13795] EXT4-fs (loop4): Total free blocks count 0
[  661.131119][T13795] EXT4-fs (loop4): Free/Dirty block details
[  661.150390][T13795] EXT4-fs (loop4): free_blocks=0
[  661.163320][T13795] EXT4-fs (loop4): dirty_blocks=260
[  661.177567][T13795] EXT4-fs (loop4): Block reservation details
[  661.205039][T13795] EXT4-fs (loop4): i_reserved_data_blocks=260
[  661.508772][T12986] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.655005][T13835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2615'.
[  661.908381][T13842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2616'.
[  661.942420][T13842] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2616'.
[  662.956758][T13861] loop4: detected capacity change from 0 to 512
[  662.978391][T13861] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  663.007654][T13861] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.2621: iget: bad i_size value: 38620345925642
[  663.021376][T13861] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.2621: couldn't read orphan inode 15 (err -117)
[  663.060211][T13861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  663.108154][T13867] netlink: 'syz.0.2620': attribute type 10 has an invalid length.
[  663.118224][T13867] bond0: (slave wlan1): Opening slave failed
[  663.157523][T13859] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  663.259850][T13871] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.2621: bg 0: block 5: invalid block bitmap
[  663.273739][T13871] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 820 with error 28
[  663.291387][T13871] EXT4-fs (loop4): This should not happen!! Data will be lost
[  663.291387][T13871] 
[  663.306175][T13871] EXT4-fs (loop4): Total free blocks count 0
[  663.320825][T13871] EXT4-fs (loop4): Free/Dirty block details
[  663.339351][T13871] EXT4-fs (loop4): free_blocks=0
[  663.348333][T13871] EXT4-fs (loop4): dirty_blocks=824
[  663.360162][T13871] EXT4-fs (loop4): Block reservation details
[  663.379939][T13871] EXT4-fs (loop4): i_reserved_data_blocks=824
[  663.554489][T12986] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.816401][T13879] loop4: detected capacity change from 0 to 128
[  663.970679][T13883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2627'.
[  664.008623][T13883] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2627'.
[  664.644476][T13898] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  664.970478][   T51] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  664.981375][   T51] Bluetooth: hci1: Injecting HCI hardware error event
[  664.990259][ T5779] Bluetooth: hci1: hardware error 0x00
[  665.091944][T13916] bridge_slave_0: left allmulticast mode
[  665.108132][T13916] bridge_slave_0: left promiscuous mode
[  665.140580][T13916] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.207875][T13916] bridge_slave_1: left allmulticast mode
[  665.221209][T13916] bridge_slave_1: left promiscuous mode
[  665.228304][T13916] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.261802][T13916] bond0: (slave bond_slave_0): Releasing backup interface
[  665.307493][T13916] bond0: (slave bond_slave_1): Releasing backup interface
[  665.395270][T13916] team0: Port device team_slave_0 removed
[  665.457143][T13916] team0: Port device team_slave_1 removed
[  665.512326][T13916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  665.540143][T13916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  665.566074][T13916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  665.606871][T13916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  665.632742][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2637'.
[  665.849510][T13927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2638'.
[  665.875535][T13927] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2638'.
[  666.680790][T13957] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  667.130729][ T5779] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  667.434302][T13965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2647'.
[  667.443627][T13965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2647'.
[  668.159086][T13981] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  669.004314][T13999] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2656'.
[  669.033735][T13999] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2656'.
[  669.449555][T14008] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  669.660702][T14011] netlink: 'syz.0.2659': attribute type 1 has an invalid length.
[  669.956696][T14017] ------------[ cut here ]------------
[  669.962621][T14017] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[  669.984418][T14017] WARNING: CPU: 1 PID: 14017 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0
[  669.994384][T14017] Modules linked in:
[  669.998347][T14017] CPU: 1 PID: 14017 Comm: syz.1.2661 Not tainted syzkaller #0
[  670.000718][ T5758] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  670.007073][T14017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  670.024095][T14017] RIP: 0010:u32_change+0x1c5a/0x24f0
[  670.029447][T14017] Code: f8 eb 59 e8 58 b0 d8 f8 c6 05 35 39 c7 05 01 b9 10 00 00 00 48 c7 c7 80 5c c7 8b 4c 89 f6 48 c7 c2 00 5d c7 8b e8 66 68 a2 f8 <0f> 0b e9 86 f0 ff ff e8 2a b0 d8 f8 eb 24 e8 23 b0 d8 f8 c6 05 d7
[  670.049316][T14017] RSP: 0018:ffffc900050bed40 EFLAGS: 00010246
[  670.056230][T14017] RAX: b5041071a0180000 RBX: ffff8880256df800 RCX: 0000000000080000
[  670.064486][T14017] RDX: ffffc9001c0a0000 RSI: 00000000000044cd RDI: 00000000000044ce
[  670.072598][T14017] RBP: ffffc900050beef8 R08: ffffc900050be947 R09: 1ffff92000a17d28
[  670.081122][T14017] R10: dffffc0000000000 R11: fffff52000a17d29 R12: ffff88807e1c8400
[  670.089193][T14017] R13: ffff88807e1c84e8 R14: 0000000000000020 R15: ffff88807e7b9dc0
[  670.097345][T14017] FS:  00007fa6ba7e76c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  670.106413][T14017] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  670.113324][T14017] CR2: 000000110c431e90 CR3: 000000005c1fd000 CR4: 00000000003506e0
[  670.121430][T14017] Call Trace:
[  670.124764][T14017]  <TASK>
[  670.127750][T14017]  ? tc_new_tfilter+0x8f7/0x17c0
[  670.132799][T14017]  ? u32_get+0x370/0x370
[  670.137146][T14017]  ? u32_get+0x370/0x370
[  670.141674][T14017]  tc_new_tfilter+0x11f9/0x17c0
[  670.146634][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.152740][T14017]  ? rcu_read_unlock+0x8c/0xa0
[  670.157568][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.163652][T14017]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  670.168829][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.175548][T14017]  rtnetlink_rcv_msg+0x8b8/0xfa0
[  670.180706][T14017]  ? lockdep_hardirqs_on+0x98/0x150
[  670.186008][T14017]  ? rtnetlink_bind+0x80/0x80
[  670.190832][T14017]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  670.196887][T14017]  ? lock_chain_count+0x20/0x20
[  670.202236][T14017]  ? __local_bh_enable_ip+0x13a/0x1c0
[  670.207697][T14017]  ? lockdep_hardirqs_on+0x98/0x150
[  670.213033][T14017]  ? __local_bh_enable_ip+0x13a/0x1c0
[  670.218548][T14017]  ? _local_bh_enable+0xa0/0xa0
[  670.223652][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.228826][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.232221][ T5758] usb 1-1: unable to get BOS descriptor or descriptor too short
[  670.234864][T14017]  ? __dev_queue_xmit+0x1b2c/0x3660
[  670.246959][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.252264][T14017]  ? ref_tracker_free+0x690/0x840
[  670.253663][ T5758] usb 1-1: config 0 has no interfaces?
[  670.257326][T14017]  netlink_rcv_skb+0x241/0x4d0
[  670.257363][T14017]  ? rtnetlink_bind+0x80/0x80
[  670.272788][T14017]  ? netlink_ack+0x1180/0x1180
[  670.277625][T14017]  ? __lock_acquire+0x7d40/0x7d40
[  670.278102][ T5758] usb 1-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  670.282756][T14017]  ? netlink_deliver_tap+0x2e/0x1b0
[  670.282799][T14017]  netlink_unicast+0x751/0x8d0
[  670.282849][T14017]  netlink_sendmsg+0x8d0/0xbf0
[  670.282890][T14017]  ? netlink_getsockopt+0x590/0x590
[  670.304417][ T5758] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.307120][T14017]  ? aa_sock_msg_perm+0x94/0x150
[  670.307158][T14017]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  670.319380][ T5758] usb 1-1: Product: syz
[  670.321260][T14017]  ? security_socket_sendmsg+0x80/0xa0
[  670.327214][ T5758] usb 1-1: Manufacturer: syz
[  670.331150][T14017]  ? netlink_getsockopt+0x590/0x590
[  670.331191][T14017]  ____sys_sendmsg+0x5ba/0x960
[  670.337565][ T5758] usb 1-1: SerialNumber: syz
[  670.341077][T14017]  ? __asan_memset+0x22/0x40
[  670.365419][T14017]  ? __sys_sendmsg_sock+0x30/0x30
[  670.370581][T14017]  ? __import_iovec+0x5f2/0x850
[  670.375493][T14017]  ? import_iovec+0x73/0xa0
[  670.380048][T14017]  ___sys_sendmsg+0x2a6/0x360
[  670.385177][T14017]  ? __sys_sendmsg+0x2a0/0x2a0
[  670.390055][T14017]  __sys_sendmmsg+0x2ca/0x510
[  670.394915][T14017]  ? __ia32_sys_sendmsg+0x90/0x90
[  670.400000][T14017]  ? __ia32_sys_get_robust_list+0x110/0x110
[  670.406067][T14017]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  670.412694][T14017]  ? lock_chain_count+0x20/0x20
[  670.417671][T14017]  __x64_sys_sendmmsg+0xa0/0xb0
[  670.422683][T14017]  do_syscall_64+0x55/0xa0
[  670.427164][T14017]  ? clear_bhb_loop+0x40/0x90
[  670.431958][T14017]  ? clear_bhb_loop+0x40/0x90
[  670.435662][ T5758] usb 1-1: config 0 descriptor??
[  670.436726][T14017]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  670.447915][T14017] RIP: 0033:0x7fa6b999c819
[  670.452485][T14017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.472523][T14017] RSP: 002b:00007fa6ba7e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  670.481061][T14017] RAX: ffffffffffffffda RBX: 00007fa6b9c15fa0 RCX: 00007fa6b999c819
[  670.489138][T14017] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[  670.503684][T14017] RBP: 00007fa6b9a32c91 R08: 0000000000000000 R09: 0000000000000000
[  670.512137][T14017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.520181][T14017] R13: 00007fa6b9c16038 R14: 00007fa6b9c15fa0 R15: 00007ffeedead688
[  670.528279][T14017]  </TASK>
[  670.531633][T14017] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  670.538940][T14017] CPU: 1 PID: 14017 Comm: syz.1.2661 Not tainted syzkaller #0
[  670.546430][T14017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  670.556515][T14017] Call Trace:
[  670.559821][T14017]  <TASK>
[  670.562827][T14017]  dump_stack_lvl+0x18c/0x250
[  670.567560][T14017]  ? show_regs_print_info+0x20/0x20
[  670.572807][T14017]  ? load_image+0x400/0x400
[  670.577360][T14017]  panic+0x2dc/0x730
[  670.581296][T14017]  ? bpf_jit_dump+0xd0/0xd0
[  670.585876][T14017]  __warn+0x2e0/0x470
[  670.589921][T14017]  ? u32_change+0x1c5a/0x24f0
[  670.594642][T14017]  ? u32_change+0x1c5a/0x24f0
[  670.599347][T14017]  report_bug+0x2be/0x4f0
[  670.603695][T14017]  ? u32_change+0x1c5a/0x24f0
[  670.608389][T14017]  ? u32_change+0x1c5a/0x24f0
[  670.613085][T14017]  ? u32_change+0x1c5c/0x24f0
[  670.617772][T14017]  handle_bug+0xcf/0x120
[  670.622033][T14017]  exc_invalid_op+0x1a/0x50
[  670.626548][T14017]  asm_exc_invalid_op+0x1a/0x20
[  670.631412][T14017] RIP: 0010:u32_change+0x1c5a/0x24f0
[  670.636708][T14017] Code: f8 eb 59 e8 58 b0 d8 f8 c6 05 35 39 c7 05 01 b9 10 00 00 00 48 c7 c7 80 5c c7 8b 4c 89 f6 48 c7 c2 00 5d c7 8b e8 66 68 a2 f8 <0f> 0b e9 86 f0 ff ff e8 2a b0 d8 f8 eb 24 e8 23 b0 d8 f8 c6 05 d7
[  670.656332][T14017] RSP: 0018:ffffc900050bed40 EFLAGS: 00010246
[  670.662414][T14017] RAX: b5041071a0180000 RBX: ffff8880256df800 RCX: 0000000000080000
[  670.670403][T14017] RDX: ffffc9001c0a0000 RSI: 00000000000044cd RDI: 00000000000044ce
[  670.678389][T14017] RBP: ffffc900050beef8 R08: ffffc900050be947 R09: 1ffff92000a17d28
[  670.686404][T14017] R10: dffffc0000000000 R11: fffff52000a17d29 R12: ffff88807e1c8400
[  670.694393][T14017] R13: ffff88807e1c84e8 R14: 0000000000000020 R15: ffff88807e7b9dc0
[  670.702406][T14017]  ? tc_new_tfilter+0x8f7/0x17c0
[  670.707401][T14017]  ? u32_get+0x370/0x370
[  670.711684][T14017]  ? u32_get+0x370/0x370
[  670.715956][T14017]  tc_new_tfilter+0x11f9/0x17c0
[  670.720868][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.726903][T14017]  ? rcu_read_unlock+0x8c/0xa0
[  670.731696][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.737714][T14017]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  670.742845][T14017]  ? tcf_proto_signal_destroying+0x240/0x240
[  670.748880][T14017]  rtnetlink_rcv_msg+0x8b8/0xfa0
[  670.753836][T14017]  ? lockdep_hardirqs_on+0x98/0x150
[  670.759045][T14017]  ? rtnetlink_bind+0x80/0x80
[  670.763745][T14017]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  670.769741][T14017]  ? lock_chain_count+0x20/0x20
[  670.774612][T14017]  ? __local_bh_enable_ip+0x13a/0x1c0
[  670.779994][T14017]  ? lockdep_hardirqs_on+0x98/0x150
[  670.785236][T14017]  ? __local_bh_enable_ip+0x13a/0x1c0
[  670.790623][T14017]  ? _local_bh_enable+0xa0/0xa0
[  670.795496][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.800637][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.805776][T14017]  ? __dev_queue_xmit+0x1b2c/0x3660
[  670.811006][T14017]  ? __dev_queue_xmit+0x265/0x3660
[  670.816136][T14017]  ? ref_tracker_free+0x690/0x840
[  670.821176][T14017]  netlink_rcv_skb+0x241/0x4d0
[  670.826002][T14017]  ? rtnetlink_bind+0x80/0x80
[  670.830813][T14017]  ? netlink_ack+0x1180/0x1180
[  670.835626][T14017]  ? __lock_acquire+0x7d40/0x7d40
[  670.840692][T14017]  ? netlink_deliver_tap+0x2e/0x1b0
[  670.845927][T14017]  netlink_unicast+0x751/0x8d0
[  670.850758][T14017]  netlink_sendmsg+0x8d0/0xbf0
[  670.855555][T14017]  ? netlink_getsockopt+0x590/0x590
[  670.860780][T14017]  ? aa_sock_msg_perm+0x94/0x150
[  670.865741][T14017]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  670.871051][T14017]  ? security_socket_sendmsg+0x80/0xa0
[  670.876529][T14017]  ? netlink_getsockopt+0x590/0x590
[  670.881775][T14017]  ____sys_sendmsg+0x5ba/0x960
[  670.886555][T14017]  ? __asan_memset+0x22/0x40
[  670.891165][T14017]  ? __sys_sendmsg_sock+0x30/0x30
[  670.896200][T14017]  ? __import_iovec+0x5f2/0x850
[  670.901068][T14017]  ? import_iovec+0x73/0xa0
[  670.905620][T14017]  ___sys_sendmsg+0x2a6/0x360
[  670.910321][T14017]  ? __sys_sendmsg+0x2a0/0x2a0
[  670.915133][T14017]  __sys_sendmmsg+0x2ca/0x510
[  670.919832][T14017]  ? __ia32_sys_sendmsg+0x90/0x90
[  670.924886][T14017]  ? __ia32_sys_get_robust_list+0x110/0x110
[  670.930811][T14017]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  670.936825][T14017]  ? lock_chain_count+0x20/0x20
[  670.941705][T14017]  __x64_sys_sendmmsg+0xa0/0xb0
[  670.946573][T14017]  do_syscall_64+0x55/0xa0
[  670.951012][T14017]  ? clear_bhb_loop+0x40/0x90
[  670.955706][T14017]  ? clear_bhb_loop+0x40/0x90
[  670.960411][T14017]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  670.966323][T14017] RIP: 0033:0x7fa6b999c819
[  670.970776][T14017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.990413][T14017] RSP: 002b:00007fa6ba7e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  670.998855][T14017] RAX: ffffffffffffffda RBX: 00007fa6b9c15fa0 RCX: 00007fa6b999c819
[  671.006853][T14017] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[  671.014852][T14017] RBP: 00007fa6b9a32c91 R08: 0000000000000000 R09: 0000000000000000
[  671.022841][T14017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  671.030822][T14017] R13: 00007fa6b9c16038 R14: 00007fa6b9c15fa0 R15: 00007ffeedead688
[  671.038853][T14017]  </TASK>
[  671.042453][T14017] Kernel Offset: disabled
[  671.046801][T14017] Rebooting in 86400 seconds..