last executing test programs:

2m59.485406719s ago: executing program 0 (id=253):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000061121c05000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80)
setrlimit(0x40000000000008, &(0x7f0000000000))
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000600)={0x200000000000001, 0x3}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0xc880, &(0x7f0000000540)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x2, 0x404c484)

2m59.217819891s ago: executing program 0 (id=256):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

2m57.595499401s ago: executing program 0 (id=257):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20280, 0x0)
pipe2$9p(0x0, 0x0)
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000080)=0x14)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r3, 0x27, 0xe, 0x0, &(0x7f0000000e40)="0aae03000100299cc803005b88a8", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r2)

2m57.15698721s ago: executing program 0 (id=261):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f626172726965722c63726561746f723d5c5d07842c63726561746f723dbd3cfff52c6e6c733d63703433372c756d61736b3d3030303030303030303030303030000000000000dc599bad22eebebb0002372c6e6f6465000000000000000000"], 0x1, 0x6a4, &(0x7f0000001380)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
socket$inet6(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000240)={[{@nombcache}, {@debug}, {@norecovery}, {@grpid}, {@nodelalloc}]}, 0x9, 0x61b, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvTDY/mrzvm7S8vK+92IBIC9qkSVspItjitZT64+YpNmmpTZvSRDS1YAr1oogXD4InD9b/QgtePXj14MWDSCGI9GCl2pXZzKa72Wyy+bG7SfbzgUmemcnO852Eb55nn31mJoCONZx9SSMORsT1JGKwYl8h8p3DSz/34PdbF7IliWLx9d+SuPVBslB5rCT/PpC/+O/BSH5IIw501dY7O3/zysT09NSNfH107ur10dn5m0cvX524NHVp6tr4C+OnTp44eWrs2JbOr1BRPnvn7XcHPzr35ldfPErGvv7pXBKn43EeW3ZeK1/bu6Was9/ZcBSXPHyyNS19PbXFY+8UfwxW/44zycoN7FgX8xzpjoj/x2B0Vfw1B+PDV9saHNBUxSTKbRTQcZL187+7dlNfc4IBWqjcDyi/t1/tfXCttMm9EqAVFs8sDQAs5X53RJTzv7A0Nhh9pbGB/gdJ1ThPEhFbG5lbktXx/Xfn7mRL1BmHA5pj4XZ5lHtl+5+UcnMo+kpr/Q/SqvxPK5Zs+2ubrH94xbr8h9ZZuB0RT+Xtf09sOv/f2mT98h8AAAAAAAC2z70zEfH8avP/0uX5Pz2rzP8ZiIjT21D/+p//pffzQrIN1QEVFs9EvFQz//evytnBQ1355/z/Ls0H6E4vXp6eOhYR/4mII9Hdm62PVR+2aoLw0U8OfF6v/sr5f9mS1V+eC5gf6n5hxYW4kxNzE9tz9tDZFm9HPCzN/z2Ub6me/5O1/0lN+//xK1mCX2+wjgPP3j1fteGXJ/8e1s9/oFmKX0YcXvX6nyfd7WTt+3OMlvoDo+VeQa2n3//0m3r1y39on6z97187/3uTyvv1zG7s+D0RcXy+UKy3f7P9/57kja7y8TPvTczN3RiL6EnO1m4f31jMsFeV86GcL1n+H3lm7fG/5f5/RR7ui4iFBuv83+OBn+vt0/5D+2T5P7l2+z9U3f5vtNAX43eHvs1vMVbjfEPt/4lSm34k32L8DyrV3o+j0QRtS7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMulEfGvSNKR5XKajoxEDETEf6M/nZ6ZnXvu4sw71yazfdXP/x9cWk/Kz/8fqlgfX7F+PCL2R8RnXftK6yMXZqYn233yAAAAAAAAAAAAAAAAAAAAsEMMlK75L/auvP4/82tXu6MDmq6Qf5fv0HkKm35lsXdbAwFabvP5D+x2jed/d1PjAFqvfv4/fFQsaWk4QAvp/0Pn2mT++7gA9gDtP3SqBsf0+podB9AODbf/i82NAwAAAAAA2Bb7D937MYmIhRf3lZZMT77PZH/Y29J2BwC0jTm80LkKM+2OAGgX7/GBZLn056oX+9ef/Z80JyAAAAAAAAAAAAAAoMbhg67/h06VRqzxCG9z+2EvW+P6/9WS3+0CYA+p/+iPRtr+RA8BdjHv8YH12nHX/wMAAAAAAAAAAADADtB388rE9PTUjdn53Vd4eWeEsbHCwsSOCGNbC4/X+5nyY+Y3duTuiNgZJ9jqQvkWHG0Mo43/kwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCr/BAAA///kPC2+")
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc13, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

2m56.368993565s ago: executing program 0 (id=268):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x19, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000340)=[{0x2, 0x4, 0x1, 0x7}, {0x2, 0x5, 0xe, 0x2}, {0x3, 0x4, 0x9, 0x2}, {0x1, 0x3, 0x1, 0x9}, {0x2, 0x4, 0xb, 0x8}], 0x10, 0x1200}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x81, r2}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x2, 0x2, 0x4}, 0x50)

2m55.79049531s ago: executing program 0 (id=270):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="5c0200001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980600000000002c0012800b00010069703667726500001c00028008000500070000000800040081ffffff06000f"], 0x25c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
sendto$packet(r0, &(0x7f0000000400)="11", 0x1, 0x2404c001, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @link_local}, 0x14)

2m55.450916095s ago: executing program 32 (id=270):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="5c0200001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980600000000002c0012800b00010069703667726500001c00028008000500070000000800040081ffffff06000f"], 0x25c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
sendto$packet(r0, &(0x7f0000000400)="11", 0x1, 0x2404c001, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @link_local}, 0x14)

2m22.199595292s ago: executing program 1 (id=414):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="c1dfb080cd21d308098e00008100", 0x0, 0x8006, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m21.177701266s ago: executing program 1 (id=415):
mount$fuse(0x0, 0x0, 0x0, 0x10000, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303130303030302c757365725f69643dedd49dc0366b9767d15fabdefe0a521596e4f9"])
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newqdisc={0x54, 0x24, 0xe0b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x1ff, 0x6, 0xfffffffd, 0x0, 0xfffffffd, 0x32d}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}}, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x82020080, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999da20800", 0x36, 0x0, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)

2m20.920209317s ago: executing program 1 (id=419):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x10000, 0x100, 0x9004, 0x0, 0x3, 0x4, 0x5, 0x49, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x5, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x4, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x1, 0x4, 0x2, 0xcdc, 0x8, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x100000000000004, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x400000000008061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000540)={'wlan0\x00', {0x2, 0x0, @private=0xf30a0000}})
r4 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_int(r4, 0x29, 0x21, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2m20.311715794s ago: executing program 1 (id=424):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2m19.001288981s ago: executing program 1 (id=426):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, 0x8010, 0x602a1}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2m17.351553553s ago: executing program 1 (id=431):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/80, 0x50}], 0x1}, 0x5}], 0x40000, 0x0, 0x0)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)

2m1.795431399s ago: executing program 33 (id=431):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/80, 0x50}], 0x1}, 0x5}], 0x40000, 0x0, 0x0)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)

20.008181459s ago: executing program 6 (id=805):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
r5 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r5, &(0x7f0000000d00)={0x11, 0x1a, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)

19.420391565s ago: executing program 6 (id=807):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20)
syz_emit_ethernet(0x2a, &(0x7f0000000900)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x6, 0x11, 0x0, @empty, @empty}, {0x4, 0x4e20, 0x8}}}}}, 0x0)

10.09433122s ago: executing program 2 (id=844):
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b80)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x802}, 0x8080)

8.797798377s ago: executing program 3 (id=848):
syz_emit_ethernet(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
ptrace$pokeuser(0x6, r0, 0x388, 0x800001b6)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0)
getpgid(0x0)
timer_create(0x2, 0x0, 0x0)
timer_settime(0x0, 0x1, 0x0, 0x0)

8.295144858s ago: executing program 2 (id=850):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
rseq(0x0, 0x0, 0x20001, 0x0)

7.060200002s ago: executing program 3 (id=851):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x4)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0x564})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000010000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a010300"], 0x7c}}, 0x0)

7.058245642s ago: executing program 5 (id=852):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x8)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
unlinkat(r2, &(0x7f0000000280)='./file0\x00', 0x200)
r3 = msgget$private(0x0, 0x2)
setresuid(0x0, 0x0, 0x0)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000000280)={{0x1, 0x0, 0xffffffffffffffff, 0x0, 0xee00, 0x0, 0x2}, 0x0, 0x0, 0x400, 0x2, 0x8f, 0x1, 0x4, 0x3, 0x7, 0x6442})
lseek(r2, 0x100, 0x0)

7.049920173s ago: executing program 2 (id=853):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
msgget$private(0x0, 0x722)
futex(&(0x7f0000000100)=0x2, 0xb, 0x2, &(0x7f0000000180), &(0x7f00000001c0)=0x2, 0x1)

6.928004188s ago: executing program 3 (id=854):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100006b6c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r2}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

5.552059828s ago: executing program 2 (id=856):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r3 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
close(r4)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0xfffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0x12}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)={0xc0, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xac, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x98}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x9c, 0x3, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '%(,\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffa}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\'\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '.!:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000040)

5.04919508s ago: executing program 4 (id=857):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x13c, 0x1a, 0x413, 0x0, 0x25dfdbfb, {{@in6=@remote, @in=@loopback, 0x0, 0x4be6, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in=@dev={0xac, 0x14, 0x14, 0x11}, 0x4d5, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x4}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffffffffffc, 0x20000000008}, {0x0, 0x7, 0xcc}, {0xf5, 0x0, 0x1000}, 0x0, 0x4, 0xa, 0x1, 0x1}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x40}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x40080}, 0x4000)

5.026526011s ago: executing program 5 (id=858):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e23, 0x6, @private0, 0x3}, 0x1c)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000040))
truncate(0x0, 0xfe7)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x260, r4, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x23c, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7cbb}, @device_b, @device_a, @from_mac=@broadcast, {0x3, 0xfe}}, 0x8f8c, 0x5, @device_a, {0x0, 0x1f, @random="3b9cad986a87176ed9b43455dd258d2a2d4545240c286980b14ff4c366fecb"}, @val={0x1, 0x1, [{0x6e}]}, @val={0x2d, 0x1a, {0x1000, 0x0, 0x2, 0x0, {0x0, 0x8, 0x0, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x1, 0x2, 0x5}}, [{0xdd, 0xf1, "0b3432084907a5c6ddb52334620f692690f086928fe476fd0447e4f602e59565af2f6d8d26efedca52edb348d46847d94212d4629c4edb00a87234622bd6b15c0a1b20d6781abfa096de0c67586c3b9b0daacd48e15f7f02ee88e02a468a8210a0c20031b7e42f6b649de74ca8a1ea8bd83405f6fca82c08f92d4c1d265dbd131e52d34e9da6d05da273d2d11c57e441d89f00e54ab386fd917ab88d07ba86752a3039b84a2a110d6aa6bdd46bb47cb1d0ac37212a412818d9392e40d383feb36b04d5f236f0a92dc4d68d92f1c931d4491f8882a9bc8ced889a9f27e63ddd35b8bf95e001b7e9dfea938100f44cdd4d86"}, {0xdd, 0xe1, "fa53dfa1be31abd8df6817c8f388b06a316c390fa488dfaf48c41a7c6b57d133a26745e39f110af092278e60df23102b3a04b1496883684d5b5d710156d88411a7f86092082e046707f219957ba2ad77ad53f69159e68abea908e4ef099444b093477263d74aea51ed420b9e1fbc8342c74b9589b217e8e0a68eb34d2f568f173863cf38959233c3905cb74093037101d450dea77239cd30c6b19af592202d94e1f4757006129b1928168f5ccfd063761fdbfe7d0d45dc4aa79aec6ce6d4385020a27a3dfc2c6469060fcc13e094fc07aa3ebd5be53631d72ce05e7c73d6ab8ff1"}]}}]}, 0x260}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

4.657497297s ago: executing program 6 (id=859):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x4000890)
r4 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvfrom$unix(r4, &(0x7f0000001680)=""/256, 0x100, 0x1120, 0x0, 0x0)

4.555692251s ago: executing program 5 (id=860):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c, 0x1, 0x0, 0x3}, 0xe)
shutdown(r1, 0x1)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0)

4.34809909s ago: executing program 4 (id=861):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x703, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe8}}, 0x0)

3.816767024s ago: executing program 6 (id=862):
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040045}, 0x4040001)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x0, &(0x7f00000002c0)={{0x77359400}, {0x0, 0x3938700}}, 0xffffffffffffffff)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
timerfd_settime(r0, 0x1, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0)

3.495406568s ago: executing program 3 (id=863):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xc70, 0xf00e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x406, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x2)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r2, 0x81, 0x1, &(0x7f0000000040)='\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b15, &(0x7f0000000000)={'wlan0\x00'})
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@multicast1, @local}, 0x10)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000080)=0x8, 0x4)
syz_usb_connect(0x0, 0x33, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100007b8955403a0976245b0d0102030109022100010d20000009040000000e0100000f2402010102", @ANYRES64], 0x0)

2.53098863s ago: executing program 4 (id=864):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'})
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_ifindex, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10)
write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)
recvmmsg$unix(r2, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0)

2.454224543s ago: executing program 5 (id=865):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0)={'#! ', './file0'}, 0xb)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000006000008001b"], 0x30}}, 0x0)
pipe2$9p(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r3, 0x0, r0, 0x0, 0x20000000000002, 0x2)

2.375189106s ago: executing program 6 (id=866):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1002002, 0x0)
r1 = dup(r0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x71)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
ftruncate(r4, 0xee72)
sendfile(r1, r4, 0x0, 0x8000fffffffe)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x19)

2.227437763s ago: executing program 2 (id=867):
r0 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})

1.114699801s ago: executing program 5 (id=868):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c850000002b000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143}, 0x48)

1.106768151s ago: executing program 2 (id=869):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11"], 0x3c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x248080, &(0x7f0000000340), 0x0, 0x5fd, &(0x7f00000004c0)="$eJzs3c1vFVUbAPBnpp+07/u2kDcqLqSJMZAoLS1giDER9oTgx85VpYUghRJao0USS4IbE+PGhYkrF+J/oSRuXbh14caVISHGsBBD5Jq5nSnT23tLv+69pff3S4aeM8Odc6b04Zl7es7cADrWSPZHGrE/Iq4mEUOlY92RHxxZ+nv3/7xxLtuSqFTe/iOJG58ki+VzJfnXwfzF/wxF8nMasa9rdbtzC9cvTc7MTF/L62Pzl6+OzS1cP3zx8uSF6QvTVyZenThx/NjxE+NHtnR9Sal8+tb7Hw59dubdb79+mIx/9+uZJE7Go7xv2XXVvrZvSy1n37ORqCx5UN6ffV9PbPHcO8VfQ8XPyWNJ7Q52rDT/eeyJiGdjKLpK/5pD8embbe0c0FSVJIocBXScZFPx37/9HQFarLgPKN7b13sfvFra5LsSoBXunVoaAFiK/Z6IKOK/e2lsMPqrYwMD95MV4zxJRGxtZG5J1sZPP565lW3RYBwOaI7Fm8Uod23+T6qxORz91drA/XRF/KelLdv/1ibbH6mpi39oncWbEfFcnv97Y0PxP1KK//c22b74BwAAAAAAgO1z51REvFJv/l+6PP+nt878n8GIOLkN7T/593/p3byQbENzQMm9UxGv153/uzzHd7grr/23Oh+gJzl/cWb6SET8LyIORU9fVh+vOW95hvDhz/d91aj98vy/bMvaL+YC5me6212zEHdqcn5yq9cNRNy7GfF8df7vgXzPyvk/Wf5P6uT/LL6vrrONfS/dPtvo2JPjH2iWyjcRB+vm/8e328naz+cYq94PjBV3Bau98PEX3zdqX/xD+2T5f2Dt+O9Lys/rmdvY+Xsj4uhCd6XR8c3e//cm73QV5898NDk/f208ojc5vXr/xMb6DLtVEQ9FvGTxf+jFtcf/lu//S3G4JyIW19nmM48Gf2t0TP6H9snif2rt/D+8Mv9vvDBxe/iHRu2fXVf+P1bN6YfyPcb/oGz18zjWG6Bt6S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOXSiPhPJOnocjlNR0cjBiPi/zGQzszOzb98fvaDK1PZsern/6fFJ/0OLdWT4vP/h0v1iZr60YjYGxFfdu2p1kfPzc5MtfviAQAAAAAAAAAAAAAAAAAAYIcYrK75r/TVrv/P/N7V7t4BTdedfxXv0Hm6N/3KSt+2dgRouc3HP/C0W3/89zS1H0DrNY7/Bw8rVS3tDtBC7v+hc20y/v26AHYB+R861TrH9Pqb3Q+gHeR/AAAAAADYVfYeuPNLEhGLr+2pbpne/JjJ/rC7pe3uANA25vBC5+qebXcPgHbxHh9Ilkt/113s33j2f9KcDgEAAAAAAAAAAAAAqxzcb/0/dKq11/+b2w+72Rrr/+sFv8cFwC7S+KM/5H7Y7bzHB56U7a3/BwAAAAAAAAAAAIAdoP/6pcmZmelrcwtPX+GNndGNjRUWJ3dEN7a18Kg5Z+6JiJ1xga0uFI/gaGM32vz/EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOzfAAAA//+XNycY")
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r1, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000740)={0x0})

1.050042864s ago: executing program 3 (id=870):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r2, 0x0)
connect$unix(r1, &(0x7f0000000280)=@file={0x1}, 0x6e)
r3 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r3, &(0x7f0000000000)=@file={0x1}, 0x6e)
listen(r2, 0x800)

1.048903414s ago: executing program 4 (id=871):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RESEND(r2, &(0x7f00000000c0)={0x14}, 0x14)
write$FUSE_BMAP(r2, &(0x7f0000000340)={0x18, 0x0, 0x0, {0x400000001ff}}, 0x18)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r3=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20400, 0x38)
getdents64(r4, 0x0, 0x0)

654.223361ms ago: executing program 3 (id=872):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x771, @rand_addr=' \x01\x00', 0x5}, @in6={0xa, 0x4e22, 0x0, @remote}, @in={0x2, 0x4e20, @multicast2}], 0x48)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2}, &(0x7f00000001c0), &(0x7f0000000180)='%-5lx  \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r3, 0x18000000000002a0, 0x48, 0x62, &(0x7f0000000600)="b9ff03075fe9008cb89e08e09900", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x28)

516.408067ms ago: executing program 6 (id=873):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000300)={0xaa, 0x110})
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x420}, 0x1, 0x0, 0x0, 0x8000000}, 0x840)
setsockopt$inet_int(r1, 0x0, 0xe, &(0x7f0000000080)=0x7, 0x4)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000380)={&(0x7f0000bfd000/0x400000)=nil, &(0x7f0000bd1000/0x2000)=nil, 0x400000, 0x1})
syz_open_dev$dri(&(0x7f0000000140), 0xffffffffffffffff, 0x0)
sendmsg$AUDIT_DEL_RULE(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000002c0)={0x420, 0x3f4, 0x10, 0x70bd28, 0x25dfdbfb, {0x3, 0x1, 0x38, [0xff, 0x3, 0x4, 0x825, 0x81, 0x9, 0x4, 0x5cef9f36, 0x7, 0x400, 0x7, 0x5, 0x3, 0x1, 0x8, 0xffff11b7, 0x10000, 0x9, 0x3, 0x5, 0x400, 0x800, 0xffffffc7, 0x1, 0x1, 0xbf14, 0x743, 0x2, 0x1881, 0x3, 0x0, 0x4, 0x34, 0x7, 0x10, 0x6, 0x5ba, 0x4, 0x3, 0x5fb6, 0x5, 0x9, 0x4, 0x309, 0x8, 0x3, 0xcb8d, 0xfff, 0xa, 0x7, 0x6b0, 0x665c, 0x1, 0x2, 0x9, 0x10, 0x826, 0x57, 0x7, 0x0, 0x3, 0x1, 0x6], [0x9, 0x6, 0xfffffff5, 0x2, 0x2, 0xfffffffe, 0x5e, 0x2, 0x80000000, 0x5, 0x5, 0x9, 0xff, 0xfffffffb, 0xffffffff, 0x1, 0x7, 0x80000001, 0x3, 0xfe75, 0x3, 0x40, 0xda0, 0xfff, 0xb80, 0x10, 0x4, 0x10, 0x40, 0x4, 0x9, 0x0, 0x5aa3, 0x0, 0x8, 0x4, 0x6, 0x6, 0x10, 0x9, 0x7fffffff, 0x2, 0x453, 0x0, 0xe61, 0x0, 0x4, 0x4, 0xa, 0x1, 0x7, 0x1, 0x2, 0x40, 0x7d4, 0x5, 0xffff, 0x94b, 0x8, 0x2, 0xfffffffb, 0xffff9ef8, 0xffff, 0x10001], [0x81, 0x328e, 0x2, 0x8, 0x6, 0x0, 0x10000, 0xd, 0x3, 0x7fffffff, 0x401, 0x6, 0x7, 0x0, 0x1, 0x8001, 0xd83, 0x10, 0x5, 0x3, 0x7, 0x7, 0x3, 0x1, 0x2327, 0x4, 0x7, 0x5a, 0x3, 0x3, 0x7, 0x24, 0x2, 0x6, 0x833, 0x233, 0x1, 0x2, 0x4, 0x8, 0xffffffff, 0x80, 0xfffff801, 0x6ac, 0x81, 0x7, 0xb3, 0x9, 0x6, 0xd6b, 0x1, 0x6, 0xef7c, 0x7704, 0x31, 0x2, 0xff, 0xa17, 0x29a, 0x9, 0x2, 0x6, 0x5, 0x1], [0x400, 0x400, 0x3, 0xfffffffa, 0x5, 0xee, 0xe, 0x7e1, 0x6, 0x9, 0x3, 0x3fd, 0x9, 0xfff, 0x8, 0x101, 0x7fff, 0x83cc, 0x6, 0x6, 0x3, 0x2, 0x9, 0x1000, 0x200, 0x36a, 0xac14, 0x5, 0x8, 0xa8, 0xe2, 0x7fff00, 0x9, 0x4, 0x6, 0x1, 0x8001, 0x39c, 0x7, 0x81, 0x7, 0x0, 0x5, 0x86, 0x7, 0x5, 0xc9, 0x21d, 0x0, 0x8001, 0x3, 0x0, 0x1, 0x38, 0x4, 0x8, 0x80, 0x3, 0xffffff80, 0x6, 0xd2bb, 0x7, 0x5, 0x2]}}, 0x420}, 0x1, 0x0, 0x0, 0x44}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xc, 0x42, 0x40, 0xc0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000001c0), 0x10f0, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000640), 0x16c5, r2}, 0x38)

494.640238ms ago: executing program 4 (id=874):
ioperm(0x9, 0x1, 0x3)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000010c0)='mmap_lock_acquire_returned\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
madvise(&(0x7f00005b4000/0x2000)=nil, 0x2000, 0x4)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x298, 0x1398, 0x1398, 0x298, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0x188, 0x1a8, 0x0, {}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@loopback, [0x0, 0xff000000, 0xffffff00, 0xff], @ipv6=@private1, [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00], @ipv4=@local, [0xffffffff, 0xffffff00, 0x0, 0xffff00], 0x0, 0x8, 0x8, 0x4e22, 0x4e21, 0x4e23, 0x4e20, 0x100, 0x1240}, 0x81, 0x41}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8)
r1 = fsopen(&(0x7f0000000bc0)='erofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x12e)
madvise(&(0x7f000042a000/0x4000)=nil, 0x4000, 0x64)

15.670759ms ago: executing program 5 (id=875):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x140)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff, 0x25, 0x0, @val=@netfilter={0x0, 0x0, 0x6}}, 0x20)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB="4400000072a6cd0d8ceda6168f9174e3bada5513f7b964d242755dad105d7ade7eb2d1f8259daf0911d581449e00cdd45ff18bf909ec9717e67362d9fa1ddaf26bd6aa36c40ff2ff17f120f9c3400dbd", @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r3, @ANYBLOB="0a000a000600080211b34bf446e3c70b60939997d853e23956a7b4a6411501f1602b85de000000002600"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000240)=@mgmt_frame=@probe_response={{{}, {}, @device_a, @broadcast, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xb}, @void, @void, @void}, 0x3a)
r4 = socket(0xa, 0x5, 0x0)
listen(r4, 0x100)
sendmsg$inet_sctp(r4, &(0x7f00000000c0)={&(0x7f0000000180)=@in={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000380)="4e8c", 0x2}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="1400000000000000000000000000000088000000"], 0x14, 0x4855}, 0x4008850)

0s ago: executing program 4 (id=876):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):

9][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.901165][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.908307][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.917739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.957056][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.967243][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.975814][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.982965][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.994172][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.003015][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.012914][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.020130][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.028524][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.038007][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.048436][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.057970][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.086403][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.098476][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.108093][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.115586][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.125986][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.134617][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.143972][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.152696][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.162551][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.170789][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.180428][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.189784][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.198124][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.211724][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.240501][ T4183] 8021q: adding VLAN 0 to HW filter on device team0
[   65.251085][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.261731][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.270758][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.279976][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.295148][ T4190] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.306787][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.330220][ T4197] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.343005][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.352196][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.360995][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.369793][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.378232][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.387765][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.396182][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.404797][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.414751][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.423580][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.432404][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.439630][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.453445][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.477574][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.503544][ T4197] 8021q: adding VLAN 0 to HW filter on device team0
[   65.515940][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.527967][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.542828][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.549973][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.559430][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.566298][ T4249] Bluetooth: hci2: command 0x041b tx timeout
[   65.568150][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.572928][ T4249] Bluetooth: hci0: command 0x041b tx timeout
[   65.587424][ T4249] Bluetooth: hci3: command 0x041b tx timeout
[   65.595797][ T4258] Bluetooth: hci4: command 0x041b tx timeout
[   65.602039][ T4258] Bluetooth: hci1: command 0x041b tx timeout
[   65.614109][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.624361][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.633504][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.643303][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.653816][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.663223][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.673153][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.680296][ T3083] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.688810][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.697999][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.706955][ T3083] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.714001][ T3083] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.721984][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.730826][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.740203][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   65.748894][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.758585][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.767371][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.801781][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.816592][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.825412][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.847415][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.863757][ T4184] device veth0_vlan entered promiscuous mode
[   65.890120][ T4190] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.901798][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.917140][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.936425][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.962255][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.971653][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.985467][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.995404][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.019195][ T4183] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   66.029686][ T4183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.050594][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.060737][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.070215][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.079812][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.098502][ T4184] device veth1_vlan entered promiscuous mode
[   66.116550][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.124344][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.146401][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.167670][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.177007][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.187939][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.223943][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.232267][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.278109][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.298537][ T4184] device veth0_macvtap entered promiscuous mode
[   66.307856][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.326527][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.355142][ T4184] device veth1_macvtap entered promiscuous mode
[   66.374813][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.383868][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.410112][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.430217][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.450921][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.466383][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.476578][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.485444][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.495267][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.518966][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.538467][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.548707][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.558929][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.567862][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.576963][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.585164][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.600578][ T4185] device veth0_vlan entered promiscuous mode
[   66.616962][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.624469][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.632549][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.641970][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.657725][ T4184] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.668161][ T4184] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.677362][ T4184] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.687258][ T4184] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.702179][ T4185] device veth1_vlan entered promiscuous mode
[   66.709943][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.718687][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.728217][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.737333][ T4190] device veth0_vlan entered promiscuous mode
[   66.747023][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.791769][ T4190] device veth1_vlan entered promiscuous mode
[   66.801712][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.810700][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.819644][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.827654][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.851553][ T4197] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.885148][ T4185] device veth0_macvtap entered promiscuous mode
[   66.902751][ T4185] device veth1_macvtap entered promiscuous mode
[   66.934539][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.943877][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.953062][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.961752][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.970127][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.978998][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.989363][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.018370][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.035152][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.062994][ T4183] device veth0_vlan entered promiscuous mode
[   67.073635][ T4190] device veth0_macvtap entered promiscuous mode
[   67.083963][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.097174][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.105454][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.114199][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   67.123374][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.133781][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.142378][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.157193][ T3083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.165226][ T3083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.192105][ T4190] device veth1_macvtap entered promiscuous mode
[   67.203092][ T4183] device veth1_vlan entered promiscuous mode
[   67.210511][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.219275][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   67.229329][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.258829][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.267838][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.279884][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.292380][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.304564][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.323586][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   67.332294][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.340573][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.349304][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.358538][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.373009][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.384049][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.394266][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.405060][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.421459][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.430825][ T4197] device veth0_vlan entered promiscuous mode
[   67.439994][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.449606][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.449961][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.469106][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.481835][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.491144][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.500180][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.509267][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.518054][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.527140][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.539199][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.550639][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.560773][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.571560][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.583103][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.608079][ T4185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.620182][ T4185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.629420][ T4185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.638486][ T4185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.646778][ T4249] Bluetooth: hci1: command 0x040f tx timeout
[   67.653548][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.662813][ T4249] Bluetooth: hci4: command 0x040f tx timeout
[   67.664198][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.682275][ T4190] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.686287][ T4249] Bluetooth: hci3: command 0x040f tx timeout
[   67.693351][ T4190] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.707059][ T4190] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.716267][ T4190] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.722638][ T4249] Bluetooth: hci0: command 0x040f tx timeout
[   67.741760][ T4197] device veth1_vlan entered promiscuous mode
[   67.748513][ T4249] Bluetooth: hci2: command 0x040f tx timeout
[   67.756091][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   67.764267][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.778017][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.796389][ T4183] device veth0_macvtap entered promiscuous mode
[   67.837928][ T4183] device veth1_macvtap entered promiscuous mode
[   67.924062][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   67.934626][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.944319][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.952948][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.962141][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.972529][ T4291] netlink: 'syz.1.2': attribute type 1 has an invalid length.
[   67.987765][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.999280][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.009218][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.019700][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.029898][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.040682][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.058628][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.075473][ T4197] device veth0_macvtap entered promiscuous mode
[   68.100821][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   68.112173][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.121414][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.131705][ T4291] 8021q: VLANs not supported on gre0
[   68.140185][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.151048][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.161011][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.171596][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.181929][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.193125][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.205216][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.223965][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.236313][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.258051][ T4183] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.270588][ T4183] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.280205][ T4183] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.298618][ T4183] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.315703][ T4197] device veth1_macvtap entered promiscuous mode
[   68.369363][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.383127][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.392231][ T4294] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6'.
[   68.417846][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.431209][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.443777][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.454906][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.464908][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.475442][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.486347][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.496874][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.508217][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.516416][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.524443][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.534305][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.548817][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.573871][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.590491][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.601433][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.623351][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.644448][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.661448][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.672086][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.682252][ T4197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.694348][ T4197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.707176][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.730294][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.738660][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.748902][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.794351][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.794896][ T4197] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.812234][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.822240][ T4197] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.835398][ T4197] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.844383][ T4197] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.874333][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.913818][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.937575][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.944038][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.953943][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.976306][ T2304] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   68.982598][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.998481][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.058169][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.072493][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.084802][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   69.093797][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.103307][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.121005][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.134341][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.156975][ T4298] device bridge_slave_0 left promiscuous mode
[   69.164305][ T4298] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.190440][ T4298] device bridge_slave_1 left promiscuous mode
[   69.197307][ T4298] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.212335][ T4298] bond0: (slave bond_slave_0): Releasing backup interface
[   69.232490][ T4298] bond0: (slave bond_slave_1): Releasing backup interface
[   69.263874][ T4298] team0: Port device team_slave_0 removed
[   69.284678][ T4298] team0: Port device team_slave_1 removed
[   69.292276][ T4298] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.300192][ T4298] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.312067][ T4298] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.320059][ T4298] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.348045][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.362254][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.393433][ T4301] netlink: 'syz.4.5': attribute type 4 has an invalid length.
[   69.401982][ T4298] syz.0.1 (4298) used greatest stack depth: 20096 bytes left
[   69.404298][ T4301] netlink: 'syz.4.5': attribute type 5 has an invalid length.
[   69.425367][ T2304] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   69.459484][ T4304] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   69.466164][ T2304] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3
[   69.476189][ T4301] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.5'.
[   69.484652][ T2304] usb 2-1: config 220 interface 0 has no altsetting 0
[   69.552392][ T3083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.575732][ T3083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.592284][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.696031][ T2304] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   69.705128][ T2304] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.726802][ T4226] Bluetooth: hci3: command 0x0419 tx timeout
[   69.736023][ T4226] Bluetooth: hci4: command 0x0419 tx timeout
[   69.743312][ T2304] usb 2-1: Product: syz
[   69.754760][ T2304] usb 2-1: Manufacturer: syz
[   69.768296][ T4226] Bluetooth: hci1: command 0x0419 tx timeout
[   69.785602][ T2304] usb 2-1: SerialNumber: syz
[   69.806331][ T4267] Bluetooth: hci2: command 0x0419 tx timeout
[   69.822628][ T4267] Bluetooth: hci0: command 0x0419 tx timeout
[   70.019296][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   70.076410][ T4318] process 'syz.4.10' launched './file0' with NULL argv: empty string added
[   70.445951][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   70.455763][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   70.465442][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   70.475042][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   70.484648][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   70.493704][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   70.502768][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   70.511854][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   70.520969][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   71.490460][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   71.497378][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   71.502484][ T4333] 8021q: adding VLAN 0 to HW filter on device bond1
[   71.861605][ T2304] usb 2-1: Found UVC 0.00 device syz (8086:0b07)
[   71.875445][ T2304] usb 2-1: No valid video chain found.
[   72.802092][ T2304] usb 2-1: USB disconnect, device number 2
[   73.968499][ T4366] sctp: failed to load transform for md5: -2
[   74.010796][ T4368] sctp: failed to load transform for md5: -2
[   74.249909][ T4390] loop1: detected capacity change from 0 to 512
[   74.378322][ T4390] =======================================================
[   74.378322][ T4390] WARNING: The mand mount option has been deprecated and
[   74.378322][ T4390]          and is ignored by this kernel. Remove the mand
[   74.378322][ T4390]          option from the mount to silence this warning.
[   74.378322][ T4390] =======================================================
[   74.487609][ T4399] Zero length message leads to an empty skb
[   74.697996][ T4390] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   75.238208][ T4390] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.27: bg 0: block 5: invalid block bitmap
[   75.495819][ T4390] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6178: Corrupt filesystem
[   75.624894][ T4390] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.27: invalid indirect mapped block 3 (level 2)
[   75.844502][ T4390] EXT4-fs (loop1): 2 truncates cleaned up
[   76.009790][ T4390] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,dioread_nolock,grpquota,,errors=continue. Quota mode: writeback.
[   76.217320][ T4407] netlink: 'syz.4.32': attribute type 27 has an invalid length.
[   76.299448][ T4407] netlink: 'syz.4.32': attribute type 4 has an invalid length.
[   76.403943][ T4407] netlink: 144 bytes leftover after parsing attributes in process `syz.4.32'.
[   76.878172][   T26] audit: type=1800 audit(1763648192.292:2): pid=4390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.27" name="file2" dev="loop1" ino=16 res=0 errno=0
[   79.573239][ T4432] syz.2.41 uses obsolete (PF_INET,SOCK_PACKET)
[   81.795927][ T4462] netlink: 12 bytes leftover after parsing attributes in process `syz.0.51'.
[   81.853797][ T4462] device bond_slave_1 entered promiscuous mode
[   81.894619][ T4462] device macvlan2 entered promiscuous mode
[   82.000824][ T4466] netlink: 4 bytes leftover after parsing attributes in process `syz.4.53'.
[   82.068313][ T4466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.53'.
[   82.141929][ T4461] device bond_slave_1 left promiscuous mode
[   82.599741][ T4475] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   82.599741][ T4475] The task syz.3.55 (4475) triggered the difference, watch for misbehavior.
[   83.662804][ T4460] loop1: detected capacity change from 0 to 32768
[   83.726948][ T4460] JFS: continuò is an invalid error handler
[   85.005827][ T4504] af_packet: tpacket_rcv: packet too big, clamped from 120 to 4294967272. macoff=96
[   85.049807][ T4504] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   85.441167][ T4258] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.795711][ T4241] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   85.836198][ T4519] ptrace attach of ""[4520] was attempted by "./syz-executor exec"[4519]
[   85.865834][ T4258] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.887522][ T4258] usb 5-1: New USB device found, idVendor=056e, idProduct=00ff, bcdDevice= 0.00
[   85.922771][ T4258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.942429][ T4258] usb 5-1: config 0 descriptor??
[   86.220018][ T4241] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   86.540619][ T4258] elecom 0003:056E:00FF.0001: item fetching failed at offset 0/3
[   86.562075][ T4258] elecom: probe of 0003:056E:00FF.0001 failed with error -22
[   86.600182][ T4241] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   86.611170][ T4241] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   86.619557][ T4241] usb 1-1: Product: syz
[   86.623995][ T4241] usb 1-1: SerialNumber: syz
[   86.747765][ T2304] usb 5-1: USB disconnect, device number 2
[   86.943701][    T7] cfg80211: failed to load regulatory.db
[   87.111798][ T4540] xt_CT: You must specify a L4 protocol and not use inversions on it
[   87.786045][ T4241] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   87.803757][ T4241] cdc_ncm 1-1:1.0: setting rx_max = 16384
[   88.273232][ T4535] xt_hashlimit: size too large, truncated to 1048576
[   88.305755][ T4241] cdc_ncm 1-1:1.0: setting tx_max = 88
[   88.408026][ T4241] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[   88.519335][ T4241] usb 1-1: USB disconnect, device number 2
[   88.592574][ T4241] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[   88.955504][    C0] sched: RT throttling activated
[   89.131243][ T4552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'.
[   89.257399][ T4552] netlink: 12 bytes leftover after parsing attributes in process `syz.0.78'.
[   90.445093][ T4565] netlink: 24 bytes leftover after parsing attributes in process `syz.4.82'.
[   90.655163][ T4570] netlink: 44 bytes leftover after parsing attributes in process `syz.2.84'.
[   90.686259][ T4570] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.693687][ T4570] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.870469][ T4576] team0: Device gtp0 is of different type
[   91.117464][ T4578] blk_update_request: I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[   91.129327][ T4578] hfsplus: unable to find HFS+ superblock
[   91.972787][ T4582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.89'.
[   94.441108][ T4612] loop2: detected capacity change from 0 to 128
[   94.496012][ T4613] device netdevsim0 entered promiscuous mode
[   94.865724][ T4619] attempt to access beyond end of device
[   94.865724][ T4619] loop2: rw=2049, want=977, limit=128
[   95.108629][ T4612] attempt to access beyond end of device
[   95.108629][ T4612] loop2: rw=524288, want=369, limit=128
[   97.301152][ T4649] loop4: detected capacity change from 0 to 512
[   97.374655][ T4655] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   97.386621][ T4655] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   97.589946][ T4649] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   97.904976][ T4649] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   98.292787][ T4649] EXT4-fs (loop4): 1 orphan inode deleted
[   98.326832][ T4649] EXT4-fs (loop4): 1 truncate cleaned up
[   98.391865][ T4649] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback.
[   98.537044][ T4649] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1447: inode #12: block 7: comm syz.4.109: path /21/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0
[   98.598538][ T4649] EXT4-fs (loop4): Remounting filesystem read-only
[   98.815263][    T7] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   98.878342][    T7] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   99.115575][    T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   99.412504][    T7] usb 3-1: Using ep0 maxpacket: 16
[   99.561257][    T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   99.637502][   T26] audit: type=1804 audit(1763648215.062:3): pid=4690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.120" name="/newroot/24/file0" dev="fuse" ino=1 res=1 errno=0
[   99.785971][    T7] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   99.806559][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.814627][    T7] usb 3-1: Product: syz
[   99.831425][    T7] usb 3-1: Manufacturer: syz
[   99.836640][    T7] usb 3-1: SerialNumber: syz
[   99.852650][    T7] usb 3-1: config 0 descriptor??
[   99.898168][    T7] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   99.948358][    T7] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  100.072857][ T4699] loop0: detected capacity change from 0 to 32768
[  100.153493][ T4707] tipc: Failed to remove unknown binding: 66,1,1/0:1829642333/1829642335
[  100.192302][ T4707] tipc: Failed to remove unknown binding: 66,1,1/0:1829642333/1829642335
[  100.231922][ T4707] tipc: Failed to remove unknown binding: 66,1,1/0:1829642333/1829642335
[  100.302766][ T4699] XFS (loop0): Mounting V5 Filesystem
[  100.451900][ T4226] XFS (loop0): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:80). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  100.497843][ T4226] XFS (loop0): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_inobt block 0x18 
[  100.524965][ T4226] XFS (loop0): Unmount and run xfs_repair
[  100.525778][    T7] em28xx 3-1:0.0: chip ID is em2765
[  100.565572][ T4226] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  100.572996][ T4226] 00000000: 49 41 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  IAB3............
[  100.583866][ T4719] loop3: detected capacity change from 0 to 4096
[  100.598502][ T4226] 00000010: 00 00 00 00 00 00 00 18 00 00 00 02 00 00 00 10  ................
[  100.621930][ T4226] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  100.631309][ T4226] 00000030: 00 00 00 00 f0 ea ad a5 00 00 11 40 00 00 40 37  ...........@..@7
[  100.641567][ T4226] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  100.660954][ T4226] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  100.695591][ T4226] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  100.704508][ T4226] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  100.725920][ T4699] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x18 len 8 error 74
[  100.737996][ T4699] XFS (loop0): Failed to read root inode 0x1140, error 117
[  101.265838][    T7] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  101.274895][    T7] em28xx 3-1:0.0: board has no eeprom
[  103.155715][    T7] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  103.163766][    T7] em28xx 3-1:0.0: dvb set to bulk mode.
[  103.325016][    T7] usb 3-1: USB disconnect, device number 2
[  103.331766][    T7] em28xx 3-1:0.0: Disconnecting em28xx
[  103.340275][ T4242] em28xx 3-1:0.0: Binding DVB extension
[  103.399503][ T4242] em28xx 3-1:0.0: Registering input extension
[  103.418996][    T7] em28xx 3-1:0.0: Closing input extension
[  103.480048][ T4767] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.620722][    T7] em28xx 3-1:0.0: Freeing device
[  104.828002][ T4785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.148'.
[  104.948590][ T4787] netlink: 'syz.1.149': attribute type 39 has an invalid length.
[  105.581665][ T4793] loop3: detected capacity change from 0 to 512
[  106.209888][ T4793] EXT4-fs (loop3): Mount option "nodelalloc" incompatible with ext2
[  108.742778][ T4826] netlink: 'syz.2.160': attribute type 7 has an invalid length.
[  108.795466][ T4826] netlink: 'syz.2.160': attribute type 8 has an invalid length.
[  109.133905][ T4833] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer.
[  109.170431][ T4829] loop3: detected capacity change from 0 to 2048
[  109.203128][ T4838] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer.
[  109.243191][ T4840] bridge0: port 3(vlan2) entered blocking state
[  109.269244][ T4840] bridge0: port 3(vlan2) entered disabled state
[  109.307346][ T4840] device vlan2 entered promiscuous mode
[  109.375434][ T4829] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  110.406918][ T4862] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  110.586477][ T4862] loop1: detected capacity change from 0 to 1024
[  110.670608][ T4868] loop3: detected capacity change from 0 to 128
[  110.821870][ T4862] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  110.835719][ T4862] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.596053][ T1110] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  111.680286][ T1110] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  112.198057][ T4897] loop0: detected capacity change from 0 to 128
[  112.503691][ T4905] loop0: detected capacity change from 0 to 128
[  112.809953][ T4911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.187'.
[  112.841359][ T4905] EXT4-fs (loop0): Test dummy encryption mode enabled
[  112.852710][ T4911] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  112.862053][ T4911] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  112.871005][ T4911] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  112.879793][ T4911] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  112.949011][ T4911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.187'.
[  112.986366][ T4905] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  113.025723][ T4905] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  113.374494][ T4905] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  114.092821][ T4946] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  116.400391][ T4975] netlink: 'syz.3.205': attribute type 1 has an invalid length.
[  116.590314][ T4975] device bond1 entered promiscuous mode
[  116.596375][ T4975] 8021q: adding VLAN 0 to HW filter on device bond1
[  116.695123][ T4978] netlink: 'syz.1.195': attribute type 9 has an invalid length.
[  116.705357][ T4978] netlink: 'syz.1.195': attribute type 6 has an invalid length.
[  116.777160][ T4980] 8021q: adding VLAN 0 to HW filter on device bond1
[  116.794547][ T4986] overlayfs: bad index found (index=index/00fb2100016f59ce3de3944151bc8b839837c71da72533ba1fd700000000000000, ftype=2000, origin ftype=a000).
[  116.801673][ T4980] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  116.820995][ T4980] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  116.850797][ T4980] bond1: (slave wireguard0): making interface the new active one
[  116.873138][ T4980] device wireguard0 entered promiscuous mode
[  116.890905][ T4992] loop2: detected capacity change from 0 to 1024
[  116.898020][ T4980] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[  116.914011][ T4987] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  116.922549][ T4987] IPv6: NLM_F_CREATE should be set when creating new route
[  116.929835][ T4987] IPv6: NLM_F_CREATE should be set when creating new route
[  117.052033][ T4992] hfsplus: invalid btree flag
[  117.090087][ T4992] hfsplus: failed to load extents file
[  117.114080][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  117.159816][ T4987] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  117.569815][   T26] audit: type=1326 audit(1763648488.991:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="syz.2.213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x0
[  117.837124][ T5012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.216'.
[  117.892510][ T5012] netlink: 'syz.0.216': attribute type 5 has an invalid length.
[  117.921213][ T5012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.216'.
[  118.613918][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'.
[  118.707175][ T5029] mmap: syz.0.222 (5029) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  118.754529][ T5030] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'.
[  119.177841][ T5032] netem: incorrect gi model size
[  119.183404][ T5032] netem: change failed
[  119.400593][ T5026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  119.433560][ T5039] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  119.950229][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  119.968530][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  119.976974][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  121.335671][    T7] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  121.598385][    T7] usb 4-1: Using ep0 maxpacket: 8
[  121.725719][    T7] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  121.737466][    T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  121.747913][    T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  121.757926][    T7] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.771027][    T7] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  121.780191][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.865722][ T4242] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  122.028491][ T5084] SET target dimension over the limit!
[  122.104423][ T5082] loop2: detected capacity change from 0 to 256
[  122.125842][ T4242] usb 2-1: Using ep0 maxpacket: 16
[  122.131253][    T7] usb 4-1: GET_CAPABILITIES returned 0
[  122.138051][    T7] usbtmc 4-1:16.0: can't read capabilities
[  122.276479][ T4242] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  122.386892][ T5082] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  122.636532][ T4242] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  122.709205][ T5082] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  122.712284][ T4242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.736209][ T4242] usb 2-1: Product: syz
[  122.740744][ T4242] usb 2-1: Manufacturer: syz
[  122.745457][ T4242] usb 2-1: SerialNumber: syz
[  122.799550][ T4242] usb 2-1: config 0 descriptor??
[  122.865673][ T4242] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  122.879514][ T4242] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  123.212714][ T5102] netlink: 'syz.2.247': attribute type 11 has an invalid length.
[  123.256609][ T1110] usb 4-1: USB disconnect, device number 2
[  123.400219][ T5109] loop3: detected capacity change from 0 to 1024
[  123.575881][ T4242] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  123.596963][ T5104] 8021q: adding VLAN 0 to HW filter on device bond1
[  124.610048][ T5109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.250'.
[  124.684486][ T5121] capability: warning: `syz.0.253' uses deprecated v2 capabilities in a way that may be insecure
[  124.787009][ T4242] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  124.815358][ T4242] em28xx 2-1:0.0: board has no eeprom
[  126.446790][ T5129] loop3: detected capacity change from 0 to 2048
[  126.565722][ T5114] em28xx 2-1:0.0: reading from i2c device at 0x0 failed (error=-5)
[  126.598208][ T5129] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  126.607756][ T4242] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  126.622448][ T4242] em28xx 2-1:0.0: dvb set to bulk mode.
[  126.675571][ T4242] em28xx 2-1:0.0: Binding DVB extension
[  126.744815][ T1110] usb 2-1: USB disconnect, device number 3
[  126.765668][ T1110] em28xx 2-1:0.0: Disconnecting em28xx
[  126.948720][ T4242] em28xx 2-1:0.0: Registering input extension
[  126.958099][ T1110] em28xx 2-1:0.0: Closing input extension
[  127.060295][ T1110] em28xx 2-1:0.0: Freeing device
[  127.075209][ T5142] loop0: detected capacity change from 0 to 1024
[  127.672339][ T4185] hfsplus: bad catalog entry type
[  128.179275][  T155] hfsplus: b-tree write err: -5, ino 4
[  128.375386][ T5162] loop2: detected capacity change from 0 to 1024
[  128.470050][ T5162] EXT4-fs (loop2): Ignoring removed orlov option
[  128.518681][ T5162] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  128.660215][ T5162] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback.
[  130.003140][ T5156] loop3: detected capacity change from 0 to 32768
[  130.221070][ T5156] JBD2: Ignoring recovery information on journal
[  130.570005][ T5156] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  130.634298][ T5160] ODEBUG: Out of memory. ODEBUG disabled
[  130.794525][ T5176] chnl_net:caif_netlink_parms(): no params data found
[  130.952809][ T5189] netlink: 12 bytes leftover after parsing attributes in process `syz.4.276'.
[  130.986985][ T4183] ocfs2: Unmounting device (7,3) on (node local)
[  131.370179][ T5176] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.389901][ T5176] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.419123][ T5176] device bridge_slave_0 entered promiscuous mode
[  131.463243][ T5176] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.501049][ T5176] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.519693][ T5176] device bridge_slave_1 entered promiscuous mode
[  131.619296][ T5176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.629931][ T4187] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  131.658973][ T5176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.784022][ T5176] team0: Port device team_slave_0 added
[  131.821190][ T5176] team0: Port device team_slave_1 added
[  131.905820][ T4187] usb 5-1: Using ep0 maxpacket: 32
[  131.914066][ T5176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.932883][ T5176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.023880][ T5176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.047526][ T4187] usb 5-1: config 0 has no interfaces?
[  132.053055][ T4187] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  132.078456][ T5176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.092220][ T5176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.133693][ T4187] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.156943][ T5176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.237283][ T4187] usb 5-1: config 0 descriptor??
[  132.889754][ T5215] VFS: Mount too revealing
[  132.930088][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  132.936466][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  132.961877][ T4226] Bluetooth: hci2: command 0x0409 tx timeout
[  133.000764][ T5176] device hsr_slave_0 entered promiscuous mode
[  133.039956][ T5176] device hsr_slave_1 entered promiscuous mode
[  133.065711][ T5176] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.086121][ T5176] Cannot create hsr debugfs directory
[  133.172581][ T3083] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.477064][ T3083] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.628141][ T5236] device team_slave_0 entered promiscuous mode
[  133.634847][ T5236] device team_slave_1 entered promiscuous mode
[  134.333686][ T4226] usb 5-1: USB disconnect, device number 3
[  134.454911][ T5238] loop2: detected capacity change from 0 to 64
[  134.823885][ T5236] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  134.981602][ T5237] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  135.065267][ T3083] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.121288][ T4187] Bluetooth: hci2: command 0x041b tx timeout
[  135.221157][ T3083] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.300103][ T5248] device syzkaller0 entered promiscuous mode
[  136.922601][ T5176] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  137.043826][ T5176] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  137.101291][ T5176] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  137.152517][ T5176] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  137.171763][ T4242] Bluetooth: hci2: command 0x040f tx timeout
[  137.483773][ T5341] netlink: 488 bytes leftover after parsing attributes in process `syz.3.302'.
[  137.571028][ T5176] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.599818][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  137.620854][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  137.719499][ T5176] 8021q: adding VLAN 0 to HW filter on device team0
[  137.738933][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  137.790966][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  137.814003][ T4401] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.821304][ T4401] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.676357][ T5353] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.685452][ T5353] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.758130][ T5357] device bridge_slave_1 left promiscuous mode
[  138.766855][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.812863][ T5357] device bridge_slave_0 left promiscuous mode
[  138.819319][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.911333][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  138.946943][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  138.957088][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  138.974319][ T5372] loop2: detected capacity change from 0 to 256
[  138.977096][ T4401] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.987731][ T4401] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.016044][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.127760][ T5372] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 256)
[  139.150440][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.164211][ T5375] sock: sock_set_timeout: `syz.1.313' (pid 5375) tries to set negative timeout
[  139.184247][ T5372] exFAT-fs (loop2): failed to load alloc-bitmap
[  139.188973][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.214047][ T5376] binder: 5374:5376 ioctl c0306201 200000000c00 returned -14
[  139.239874][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.248830][ T4302] Bluetooth: hci2: command 0x0419 tx timeout
[  139.255947][ T5372] exFAT-fs (loop2): failed to recognize exfat type
[  139.266836][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.277080][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.327552][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  139.371584][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.404297][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  139.434798][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  139.486491][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.818558][ T5176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.368982][ T5398] netlink: 24 bytes leftover after parsing attributes in process `syz.3.318'.
[  140.507982][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  140.515830][ T4242] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  140.545729][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  140.561089][ T5176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.025922][ T4242] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.362415][ T4242] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.554300][ T4242] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  141.888346][ T4242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.946551][ T4242] usb 2-1: config 0 descriptor??
[  142.050126][ T3083] device hsr_slave_0 left promiscuous mode
[  142.072317][ T3083] device hsr_slave_1 left promiscuous mode
[  142.132230][ T3083] device veth1_macvtap left promiscuous mode
[  142.278442][ T3083] device veth0_macvtap left promiscuous mode
[  142.284965][ T3083] device veth1_vlan left promiscuous mode
[  142.291654][ T3083] device veth0_vlan left promiscuous mode
[  142.584790][ T4242] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  142.757450][ T4242] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  142.895930][ T4242] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE
[  143.198946][ T3083] bond0 (unregistering): Released all slaves
[  143.280102][ T5421] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  143.290687][ T5432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.324'.
[  143.341881][ T5432] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  143.510034][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  143.531062][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  143.669952][ T4302] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  143.719006][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  143.768319][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  143.830070][ T5176] device veth0_vlan entered promiscuous mode
[  143.852118][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  143.880629][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  143.912077][ T5176] device veth1_vlan entered promiscuous mode
[  143.937288][ T4302] usb 3-1: Using ep0 maxpacket: 32
[  143.955990][ T4242] usb 2-1: reset high-speed USB device number 4 using dummy_hcd
[  144.028078][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  144.041556][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  144.055854][ T4302] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  144.064284][ T4302] usb 3-1: config 0 has no interface number 0
[  144.075577][ T4302] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  144.099144][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  144.143232][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  144.154909][ T5176] device veth0_macvtap entered promiscuous mode
[  144.175342][ T5176] device veth1_macvtap entered promiscuous mode
[  144.252774][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.282719][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.299748][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.310647][ T4302] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  144.327663][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.355749][ T4302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.364049][ T4302] usb 3-1: Product: syz
[  144.375446][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.405775][ T4302] usb 3-1: Manufacturer: syz
[  144.410436][ T4302] usb 3-1: SerialNumber: syz
[  144.427649][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.455303][ T4302] usb 3-1: config 0 descriptor??
[  144.460513][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.495955][ T5441] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  144.505669][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.556382][ T5176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  144.581945][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  144.630514][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  144.647685][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  144.657715][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  144.674236][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.687147][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.705274][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.716710][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.727352][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.738494][ T5441] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  144.746488][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.764800][ T5176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.788211][ T5176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.822796][ T5176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.845914][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  144.861371][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  144.881814][ T5176] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.892742][ T5176] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.902450][ T5176] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.911250][ T5176] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.012805][ T5494] netlink: 168 bytes leftover after parsing attributes in process `syz.4.337'.
[  145.103133][ T5302] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.129782][ T5302] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.175669][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  145.252339][ T5295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.276712][ T5500] loop4: detected capacity change from 0 to 128
[  145.284400][ T5295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.308328][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  145.400470][    T7] usb 2-1: USB disconnect, device number 4
[  146.632144][ T5518] syz.5.341 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  146.684161][ T5521] netlink: 24 bytes leftover after parsing attributes in process `syz.1.343'.
[  146.756991][ T4302] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  146.796983][ T4302] asix: probe of 3-1:0.188 failed with error -71
[  146.857371][ T4302] usb 3-1: USB disconnect, device number 3
[  150.300058][ T5569] netlink: 24 bytes leftover after parsing attributes in process `syz.4.356'.
[  150.337916][ T5571] netlink: 3672 bytes leftover after parsing attributes in process `syz.3.355'.
[  150.350643][ T5577] loop5: detected capacity change from 0 to 128
[  150.533682][ T5577] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback.
[  150.565879][ T5577] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.745702][ T4187] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  151.006056][ T4187] usb 2-1: Using ep0 maxpacket: 32
[  151.135789][ T4187] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  151.152142][ T4187] usb 2-1: config 0 has no interface number 0
[  152.157177][ T5619] netlink: 12 bytes leftover after parsing attributes in process `syz.5.365'.
[  152.175874][ T4187] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  152.211512][ T4187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.222716][ T4187] usb 2-1: Product: syz
[  152.237246][ T5619] netlink: 12 bytes leftover after parsing attributes in process `syz.5.365'.
[  152.240481][ T4187] usb 2-1: Manufacturer: syz
[  152.312577][ T4187] usb 2-1: SerialNumber: syz
[  152.341630][ T4187] usb 2-1: config 0 descriptor??
[  152.407513][ T4187] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  153.377506][ T4187] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  153.391825][ T4187] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  153.705121][ T5315] usb 2-1: USB disconnect, device number 5
[  153.715564][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  153.751849][ T5315] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  153.837616][ T5315] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  154.033712][ T5315] quatech2 2-1:0.51: device disconnected
[  154.930705][ T5671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.375'.
[  157.937774][ T5729] netlink: 24 bytes leftover after parsing attributes in process `syz.3.386'.
[  158.187784][ T5738] loop1: detected capacity change from 0 to 2048
[  158.195576][ T4302] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  158.366159][ T5738]  loop1: p1 < > p4
[  158.378292][ T5747] blk_update_request: I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  158.400367][ T5749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'.
[  158.447373][ T5749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'.
[  158.456544][ T5747] EXT4-fs (loop3): unable to read superblock
[  158.456724][ T4302] usb 5-1: Using ep0 maxpacket: 8
[  158.475652][ T5738] loop1: p4 size 8388608 extends beyond EOD, truncated
[  158.635801][ T4302] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  158.644209][ T4302] usb 5-1: config 0 has no interface number 0
[  158.664068][ T4302] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  158.704284][ T4302] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  158.742631][ T4302] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  158.782253][ T4302] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  158.842794][ T4302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.900313][ T4302] usb 5-1: config 0 descriptor??
[  158.984979][ T4302] ldusb 5-1:0.55: Interrupt in endpoint not found
[  159.029939][ T4781] udevd[4781]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  159.056408][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  159.229666][ T5768] kvm: pic: non byte read
[  159.270245][ T5768] kvm: pic: non byte read
[  159.288238][ T5768] kvm: pic: single mode not supported
[  159.288440][ T5768] kvm: pic: level sensitive irq not supported
[  159.320103][ T5768] kvm: pic: non byte read
[  159.370842][ T5768] kvm: pic: single mode not supported
[  159.370914][ T5768] kvm: pic: non byte read
[  159.413263][ T5768] kvm: pic: non byte read
[  159.432875][ T4302] usb 5-1: USB disconnect, device number 4
[  159.452020][ T5768] kvm: pic: non byte read
[  159.489067][ T5768] kvm: pic: single mode not supported
[  159.489087][ T5768] kvm: pic: level sensitive irq not supported
[  159.544607][ T5768] kvm: pic: non byte read
[  159.606245][ T5768] kvm: pic: single mode not supported
[  159.606314][ T5768] kvm: pic: non byte read
[  159.650419][ T5768] kvm: pic: non byte read
[  159.725322][ T5788] device veth0_to_bridge entered promiscuous mode
[  160.829684][ T5827] fuse: root generation should be zero
[  162.959682][ T5851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.415'.
[  163.292083][ T5868] loop5: detected capacity change from 0 to 256
[  163.431429][ T5868] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  165.176232][ T5897] netlink: 'syz.1.426': attribute type 1 has an invalid length.
[  165.349298][ T5897] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  165.405150][ T5907] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  165.426438][ T5907] bond1 (unregistering): Released all slaves
[  167.002721][ T5931] fuse: Bad value for 'fd'
[  171.311848][ T5990] bond1: option mode: unable to set because the bond device is up
[  171.335734][ T5990] bond1: (slave ip6gretap1): making interface the new active one
[  171.347145][ T5990] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  171.434972][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  173.189557][ T6007] netlink: 4 bytes leftover after parsing attributes in process `syz.3.453'.
[  173.722722][ T6023] netlink: 12 bytes leftover after parsing attributes in process `syz.5.457'.
[  173.846006][ T6026] device bond1 entered promiscuous mode
[  174.045381][ T6023] device macvlan2 entered promiscuous mode
[  174.097832][ T6023] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  174.253563][ T6022] device bond1 left promiscuous mode
[  175.047399][   T26] audit: type=1326 audit(1763648546.471:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20c67f749 code=0x7fc00000
[  175.065717][ T4249] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  175.161859][   T26] audit: type=1326 audit(1763648546.501:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb20c67f749 code=0x7fc00000
[  175.294906][   T26] audit: type=1326 audit(1763648546.501:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20c67f749 code=0x7fc00000
[  175.345681][ T4249] usb 6-1: Using ep0 maxpacket: 16
[  175.470320][ T4249] usb 6-1: config 222 has an invalid interface number: 31 but max is 0
[  175.488425][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.468'.
[  175.504514][ T4249] usb 6-1: config 222 has no interface number 0
[  175.534618][ T4249] usb 6-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11
[  175.585619][ T4249] usb 6-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024
[  175.631290][ T4249] usb 6-1: config 222 interface 31 has no altsetting 0
[  175.826884][ T4249] usb 6-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd
[  175.849786][ T4249] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.895686][ T4249] usb 6-1: Product: syz
[  175.915636][ T4249] usb 6-1: Manufacturer: syz
[  175.940842][ T4249] usb 6-1: SerialNumber: syz
[  175.975929][ T6059] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  176.282362][ T4249] ldusb 6-1:222.31: LD USB Device #0 now attached to major 180 minor 0
[  176.325774][ T4249] usb 6-1: USB disconnect, device number 2
[  176.378001][ T4249] ldusb 6-1:222.31: LD USB Device #0 now disconnected
[  176.925003][ T6116] loop4: detected capacity change from 0 to 1024
[  177.115572][ T6116] EXT4-fs (loop4): INFO: recovery required on readonly filesystem
[  177.123466][ T6116] EXT4-fs (loop4): write access will be enabled during recovery
[  177.139468][ T6116] JBD2: no valid journal superblock found
[  177.145393][ T6116] EXT4-fs (loop4): error loading journal
[  179.222469][ T6131] batman_adv: batadv0: Adding interface: dummy0
[  179.234550][ T6135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.476'.
[  179.244652][ T6131] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.304138][ T6131] batman_adv: batadv0: Interface activated: dummy0
[  179.347533][ T6135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.476'.
[  180.018737][ T6134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  181.192208][ T6153] loop4: detected capacity change from 0 to 256
[  182.136584][ T6153] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  182.187116][ T6153] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  184.465014][ T6205] loop5: detected capacity change from 0 to 1024
[  184.618025][ T6205] EXT4-fs (loop5): INFO: recovery required on readonly filesystem
[  184.626050][ T6205] EXT4-fs (loop5): write access will be enabled during recovery
[  184.635185][ T6205] JBD2: no valid journal superblock found
[  184.641107][ T6205] EXT4-fs (loop5): error loading journal
[  185.492374][ T6180] chnl_net:caif_netlink_parms(): no params data found
[  185.516401][ T2304] Bluetooth: hci5: command 0x0409 tx timeout
[  185.980610][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.055563][ T6180] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.106824][ T6180] device bridge_slave_0 entered promiscuous mode
[  186.175057][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.260431][ T6180] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.330791][ T6180] device bridge_slave_1 entered promiscuous mode
[  186.393069][ T6193] loop4: detected capacity change from 0 to 32768
[  186.518662][ T2304] Bluetooth: hci0: command 0x0406 tx timeout
[  186.527566][ T2304] Bluetooth: hci3: command 0x0406 tx timeout
[  186.533657][ T2304] Bluetooth: hci4: command 0x0406 tx timeout
[  186.680332][ T6193] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.486 (6193)
[  186.698632][ T6180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.928963][ T6223] netlink: 'syz.5.491': attribute type 1 has an invalid length.
[  187.565796][ T2304] Bluetooth: hci5: command 0x041b tx timeout
[  188.414518][ T6193] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  188.442886][ T6225] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  188.467550][ T6180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.499377][ T6193] BTRFS info (device loop4): turning off barriers
[  188.506046][ T6193] BTRFS info (device loop4): setting nodatasum
[  188.512224][ T6193] BTRFS info (device loop4): enabling auto defrag
[  188.520726][ T6193] BTRFS info (device loop4): disabling tree log
[  188.527136][ T6193] BTRFS info (device loop4): using free space tree
[  188.533767][ T6193] BTRFS info (device loop4): has skinny extents
[  189.669085][ T4242] Bluetooth: hci5: command 0x040f tx timeout
[  189.851242][ T6193] BTRFS error (device loop4): open_ctree failed: -12
[  189.890840][ T6227] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  189.936798][ T6227] bond2 (unregistering): Released all slaves
[  190.024791][ T6180] team0: Port device team_slave_0 added
[  190.055303][ T4175] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4175)
[  190.075239][ T6180] team0: Port device team_slave_1 added
[  190.159968][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.192988][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.425479][ T6180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.743405][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.793223][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.274145][ T6180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.377725][ T6180] device hsr_slave_0 entered promiscuous mode
[  191.420023][ T6180] device hsr_slave_1 entered promiscuous mode
[  191.658501][ T6180] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  191.666263][ T6180] Cannot create hsr debugfs directory
[  191.725578][ T4242] Bluetooth: hci5: command 0x0419 tx timeout
[  194.782837][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  194.789215][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  195.307866][ T6180] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  195.315684][ T4226] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  195.336348][ T6180] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  195.361718][ T6180] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  195.383802][ T6180] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  195.618276][ T6180] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.639674][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  195.656568][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  195.669306][ T6180] 8021q: adding VLAN 0 to HW filter on device team0
[  195.780150][ T4226] usb 5-1: unable to get BOS descriptor or descriptor too short
[  195.799758][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  195.823504][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  195.852163][ T5308] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.859414][ T5308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.886475][ T4226] usb 5-1: config 63 has an invalid interface number: 66 but max is 0
[  195.905155][ T4226] usb 5-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config
[  195.949255][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  195.979635][ T4226] usb 5-1: config 63 has no interface number 0
[  196.009735][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  196.025492][ T4226] usb 5-1: config 63 interface 66 has no altsetting 0
[  196.056771][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  196.102200][ T5308] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.109478][ T5308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.163718][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.427818][ T4226] usb 5-1: New USB device found, idVendor=174f, idProduct=8a31, bcdDevice=39.f4
[  196.437578][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  196.509958][ T6354] blk_update_request: I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[  196.521535][ T6354] hfsplus: unable to find HFS+ superblock
[  197.203723][ T6258] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  197.214562][ T4226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.246803][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.255043][ T4226] usb 5-1: Product: syz
[  197.265503][ T4226] usb 5-1: Manufacturer: syz
[  197.278739][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.286820][ T4226] usb 5-1: SerialNumber: syz
[  197.332930][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  197.388036][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  197.485152][ T6180] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  197.515406][ T6180] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  197.565947][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  197.588010][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  198.142213][ T6321] udc-core: couldn't find an available UDC or it's busy
[  198.358957][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  198.375331][ T6321] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  198.390815][ T6258] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  198.392945][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  198.402596][ T6258] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[  198.418345][ T6258] usb 4-1: config 220 interface 0 has no altsetting 0
[  198.472143][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  198.526218][ T5308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  198.781790][ T6258] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  199.007468][ T4226] usb 5-1: USB disconnect, device number 5
[  199.914112][ T6258] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.922498][ T6258] usb 4-1: Product: syz
[  199.926846][ T6258] usb 4-1: Manufacturer: syz
[  199.938151][ T6258] usb 4-1: SerialNumber: syz
[  199.958708][ T6258] usb 4-1: can't set config #220, error -71
[  199.983543][ T6258] usb 4-1: USB disconnect, device number 3
[  200.981457][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  200.996268][ T5302] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  201.027427][ T6180] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.459711][   T26] audit: type=1804 audit(1763648572.881:8): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.527" name="bus" dev="ramfs" ino=40620 res=1 errno=0
[  203.049574][   T26] audit: type=1804 audit(1763648572.911:9): pid=6405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.527" name="bus" dev="ramfs" ino=40620 res=1 errno=0
[  205.155838][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  205.164804][   T26] audit: type=1326 audit(1763648576.581:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6434 comm="syz.2.535" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x0
[  205.179608][ T6432] loop4: detected capacity change from 0 to 1024
[  205.204450][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  205.264045][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  205.311903][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  205.360068][ T6433] loop5: detected capacity change from 0 to 4096
[  205.386717][ T6180] device veth0_vlan entered promiscuous mode
[  205.400343][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  205.410447][ T6432] EXT4-fs (loop4): Ignoring removed orlov option
[  205.425598][ T6432] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  205.447782][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  205.476134][ T6180] device veth1_vlan entered promiscuous mode
[  205.506580][ T6433] ntfs3: Unknown parameter 'windows_names'
[  205.524098][ T6432] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback.
[  205.654299][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  205.688754][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  205.736478][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  205.796295][ T5295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  205.822436][ T6180] device veth0_macvtap entered promiscuous mode
[  206.980959][ T6180] device veth1_macvtap entered promiscuous mode
[  207.036334][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  207.059374][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  208.094951][ T6468] netlink: 'syz.3.541': attribute type 6 has an invalid length.
[  208.143957][ T6471] netlink: 24 bytes leftover after parsing attributes in process `syz.5.544'.
[  208.218111][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  208.255973][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.320384][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  208.358869][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.373010][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  208.389399][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.612056][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  208.622846][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.632965][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  208.643638][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.628962][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.722481][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.790937][ T6494] loop5: detected capacity change from 0 to 512
[  209.816213][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.826195][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.836729][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.850438][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.863266][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.873271][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.893378][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.912956][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.930463][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.944094][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.965915][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  210.002876][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  210.025184][ T6494] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  210.048013][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  210.067482][ T6494] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  210.122893][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  210.194681][ T6180] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.209718][ T6180] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.218534][ T6180] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.228655][ T6180] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.053971][ T6513] sctp: [Deprecated]: syz.2.558 (pid 6513) Use of int in max_burst socket option.
[  211.053971][ T6513] Use struct sctp_assoc_value instead
[  211.199459][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.213454][ T4402] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.225237][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.267835][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  211.269534][ T6519] loop5: detected capacity change from 0 to 512
[  211.321656][ T6519] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  211.560991][ T6519] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.575015][ T4402] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.025767][ T5292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.034814][ T5292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.088746][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  213.115915][   T26] audit: type=1804 audit(1763648584.491:11): pid=6535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.560" name="/newroot/51/file1/file2" dev="loop5" ino=16 res=1 errno=0
[  213.136848][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.144742][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.564'.
[  213.424171][ T6539] loop4: detected capacity change from 0 to 2048
[  213.549346][ T6539] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  213.809775][ T6546] netlink: 'syz.6.481': attribute type 1 has an invalid length.
[  213.820107][ T6547] EXT4-fs (loop4): shut down requested (0)
[  214.403473][ T6546] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  214.410917][ T6546] IPv6: NLM_F_CREATE should be set when creating new route
[  214.418222][ T6546] IPv6: NLM_F_CREATE should be set when creating new route
[  214.503418][ T4402] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.571058][ T6546] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  214.790477][ T4402] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.022337][ T6564] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  215.196301][ T6566] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  215.226785][ T6566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  215.273617][ T6569] netlink: 4 bytes leftover after parsing attributes in process `syz.6.574'.
[  215.319775][ T6569] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  215.355863][ T6569] batman_adv: batadv0: Removing interface: batadv_slave_0
[  215.386522][ T6569] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  215.423452][ T6569] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.775004][   T26] audit: type=1326 audit(1763648587.191:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.029860][   T26] audit: type=1326 audit(1763648587.201:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.628015][   T26] audit: type=1326 audit(1763648587.201:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.700347][   T26] audit: type=1326 audit(1763648587.201:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.731931][   T26] audit: type=1326 audit(1763648587.201:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.835858][   T26] audit: type=1326 audit(1763648587.201:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.835902][   T26] audit: type=1326 audit(1763648587.201:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.835938][   T26] audit: type=1326 audit(1763648587.201:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.835973][   T26] audit: type=1326 audit(1763648587.201:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.2.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  216.926030][ T6610] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  217.001156][ T6613] sock: sock_set_timeout: `syz.2.584' (pid 6613) tries to set negative timeout
[  217.011822][ T6610] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  217.827454][ T6610] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  219.141111][ T6634] device lo entered promiscuous mode
[  219.147303][ T6634] device tunl0 entered promiscuous mode
[  219.154075][ T6634] device gre0 entered promiscuous mode
[  219.160767][ T6634] device gretap0 entered promiscuous mode
[  219.167373][ T6634] device erspan0 entered promiscuous mode
[  219.173812][ T6634] device ip_vti0 entered promiscuous mode
[  219.180643][ T6634] device ip6_vti0 entered promiscuous mode
[  219.187617][ T6634] device sit0 entered promiscuous mode
[  219.195282][ T6634] device ip6tnl0 entered promiscuous mode
[  219.203010][ T6634] device ip6gre0 entered promiscuous mode
[  219.210853][ T6634] device syz_tun entered promiscuous mode
[  219.217816][ T6634] device ip6gretap0 entered promiscuous mode
[  219.225215][ T6634] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.232443][ T6634] bridge0: port 2(bridge_slave_1) entered listening state
[  219.239954][ T6634] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.247154][ T6634] bridge0: port 1(bridge_slave_0) entered listening state
[  219.255026][ T6634] device bridge0 entered promiscuous mode
[  219.263781][ T6634] device vcan0 entered promiscuous mode
[  219.269678][ T6634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  219.277628][ T6634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  219.285223][ T6634] device bond0 entered promiscuous mode
[  219.290888][ T6634] device bond_slave_0 entered promiscuous mode
[  219.297432][ T6634] device bond_slave_1 entered promiscuous mode
[  219.305943][ T6634] device team0 entered promiscuous mode
[  219.313926][ T6634] device dummy0 entered promiscuous mode
[  219.321577][ T6634] device nlmon0 entered promiscuous mode
[  219.785624][ T6634] device caif0 entered promiscuous mode
[  219.791234][ T6634] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  222.089921][ T4402] device hsr_slave_0 left promiscuous mode
[  222.114017][ T4402] device hsr_slave_1 left promiscuous mode
[  222.141080][ T4402] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  222.174577][ T4402] batman_adv: batadv0: Removing interface: batadv_slave_0
[  222.211252][ T4402] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.261196][ T4402] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.351928][ T4402] device veth1_macvtap left promiscuous mode
[  222.370821][ T4402] device veth0_macvtap left promiscuous mode
[  222.404326][ T4402] device veth1_vlan left promiscuous mode
[  222.424751][ T4402] device veth0_vlan left promiscuous mode
[  223.561439][ T6687] loop6: detected capacity change from 0 to 512
[  223.642065][ T6687] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  223.668009][ T6687] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  223.862111][ T6698] loop6: detected capacity change from 0 to 128
[  223.883898][ T6698] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  224.091640][ T4402] team0 (unregistering): Port device team_slave_1 removed
[  224.148532][ T4402] team0 (unregistering): Port device team_slave_0 removed
[  224.190611][ T4402] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  224.246744][ T4402] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  224.493372][ T4402] bond0 (unregistering): Released all slaves
[  224.573393][ T6680] device vlan3 entered promiscuous mode
[  224.766369][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  224.766384][   T26] audit: type=1326 audit(1763648596.191:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  224.870066][   T26] audit: type=1326 audit(1763648596.191:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  224.971930][   T26] audit: type=1326 audit(1763648596.191:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  225.066985][   T26] audit: type=1326 audit(1763648596.191:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  225.188184][   T26] audit: type=1326 audit(1763648596.191:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  225.204375][ T6734] netlink: 'syz.5.620': attribute type 1 has an invalid length.
[  225.281823][   T26] audit: type=1326 audit(1763648596.191:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa067f5cf90 code=0x7ffc0000
[  225.420383][ T6738] loop4: detected capacity change from 0 to 512
[  225.431629][ T6743] netlink: 28 bytes leftover after parsing attributes in process `syz.5.620'.
[  225.442219][ T6743] 8021q: adding VLAN 0 to HW filter on device bond2
[  225.818442][   T26] audit: type=1326 audit(1763648596.191:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa067f5cf90 code=0x7ffc0000
[  226.686205][   T26] audit: type=1326 audit(1763648596.191:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  226.849753][ T6748] loop5: detected capacity change from 0 to 512
[  226.871378][   T26] audit: type=1326 audit(1763648596.191:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  227.016930][   T26] audit: type=1326 audit(1763648596.201:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.2.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  227.205813][ T6748] EXT4-fs (loop5): Ignoring removed bh option
[  227.386369][ T6748] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  227.503366][ T6748] ext4 filesystem being mounted at /57/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  227.547731][ T6738] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  227.612564][ T6738] ext4 filesystem being mounted at /137/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  230.735955][ T6791] netlink: 68 bytes leftover after parsing attributes in process `syz.3.628'.
[  230.809867][ T6797] loop6: detected capacity change from 0 to 128
[  231.860839][ T6797] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  232.076091][ T6797] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  234.035017][    T9] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  234.295372][ T6828] loop4: detected capacity change from 0 to 512
[  235.165899][    C1] bridge0: port 1(bridge_slave_0) entered learning state
[  235.173673][    C1] bridge0: port 2(bridge_slave_1) entered learning state
[  236.961537][ T6828] EXT4-fs: failed to create workqueue
[  236.967075][ T6828] EXT4-fs (loop4): mount failed
[  239.539843][ T6862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.648'.
[  244.217990][ T6939] loop5: detected capacity change from 0 to 40427
[  244.389083][ T6939] F2FS-fs (loop5): Found nat_bits in checkpoint
[  244.536103][ T6939] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  244.585684][ T6938] attempt to access beyond end of device
[  244.585684][ T6938] loop5: rw=2049, want=45104, limit=40427
[  244.795250][ T5176] attempt to access beyond end of device
[  244.795250][ T5176] loop5: rw=2049, want=45112, limit=40427
[  245.823500][ T6956] MPTCP: addr_signal error, rm_addr=1
[  246.175977][ T6970] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  247.206696][ T6988] netlink: 'syz.6.678': attribute type 21 has an invalid length.
[  247.240119][ T6988] netlink: 132 bytes leftover after parsing attributes in process `syz.6.678'.
[  247.274441][ T6988] netlink: 'syz.6.678': attribute type 1 has an invalid length.
[  247.306003][ T6988] netlink: 12 bytes leftover after parsing attributes in process `syz.6.678'.
[  247.317622][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.679'.
[  247.359024][ T6991] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  247.388163][ T6989] netlink: 'syz.4.679': attribute type 5 has an invalid length.
[  247.405960][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.4.679'.
[  248.920660][ T7021] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080
[  250.419404][    T7] Bluetooth: hci5: command 0x0405 tx timeout
[  250.608035][ T7050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.695'.
[  250.687293][    C1] bridge0: port 2(bridge_slave_1) entered forwarding state
[  250.694666][    C1] bridge0: topology change detected, propagating
[  250.702812][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[  250.710078][    C1] bridge0: topology change detected, propagating
[  250.722804][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  250.742049][ T7050] tipc: Started in network mode
[  250.747797][ T7050] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  250.760465][ T7050] tipc: Enabled bearer <udp:syz0>, priority 10
[  250.846674][ T7054] loop6: detected capacity change from 0 to 512
[  250.908145][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.4.698'.
[  250.973080][ T7054] EXT4-fs (loop6): Ignoring removed bh option
[  251.053056][ T7054] EXT4-fs (loop6): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  251.077025][ T7054] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  251.759404][ T4241] tipc: Node number set to 1
[  251.779351][ T7088] netlink: 40 bytes leftover after parsing attributes in process `syz.3.705'.
[  252.018668][ T7088] netlink: 40 bytes leftover after parsing attributes in process `syz.3.705'.
[  252.239699][ T7088] netlink: 40 bytes leftover after parsing attributes in process `syz.3.705'.
[  252.563484][ T7088] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  252.775579][ T6256] Bluetooth: hci2: command 0x0406 tx timeout
[  253.022953][ T7095] loop6: detected capacity change from 0 to 4096
[  254.172653][ T7104] device vlan2 entered promiscuous mode
[  254.284073][ T7104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'.
[  254.795728][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.6.706'.
[  255.809240][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  255.815622][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  256.926405][ T7152] device syzkaller0 entered promiscuous mode
[  257.073773][ T7163] loop5: detected capacity change from 0 to 1024
[  257.226684][ T7163] EXT4-fs (loop5): Ignoring removed orlov option
[  257.624424][ T7163] EXT4-fs (loop5): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000009,journal_dev=0x0000000000000003,errors=continue,noquota,data_err=ignore,noblock_validity,delalloc,nolazytime,orlov,user_xattr,nodioread_nolock,nolazytime,,errors=continue. Quota mode: none.
[  258.394166][ T7184] device macsec0 entered promiscuous mode
[  261.084759][ T7210] fuse: Bad value for 'fd'
[  261.963990][ T7228] lo speed is unknown, defaulting to 1000
[  261.992395][ T7228] lo speed is unknown, defaulting to 1000
[  262.127259][ T7228] lo speed is unknown, defaulting to 1000
[  263.126829][ T7242] loop4: detected capacity change from 0 to 1024
[  263.904660][ T7228] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  264.157570][ T7228] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  265.916374][ T7242] EXT4-fs: error -4 creating inode table initialization thread
[  265.925269][ T7242] EXT4-fs (loop4): mount failed
[  266.044666][ T7228] lo speed is unknown, defaulting to 1000
[  266.140434][ T7228] lo speed is unknown, defaulting to 1000
[  266.196526][ T7228] lo speed is unknown, defaulting to 1000
[  266.234803][ T7228] lo speed is unknown, defaulting to 1000
[  266.274047][ T7228] lo speed is unknown, defaulting to 1000
[  266.302164][ T7228] lo speed is unknown, defaulting to 1000
[  266.355818][ T7228] lo speed is unknown, defaulting to 1000
[  267.087286][ T7265] device geneve2 entered promiscuous mode
[  270.110519][ T7311] tipc: Started in network mode
[  270.146019][ T7311] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  270.215218][ T7311] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  270.231055][ T7311] tipc: Enabled bearer <udp:syz0>, priority 10
[  271.369750][ T4233] tipc: Node number set to 1
[  273.385036][ T7341] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  273.495912][   T26] kauditd_printk_skb: 17 callbacks suppressed
[  273.495928][   T26] audit: type=1326 audit(1763648644.921:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  273.654921][   T26] audit: type=1326 audit(1763648644.951:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  273.750144][   T26] audit: type=1326 audit(1763648645.121:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  273.786968][ T7363] loop6: detected capacity change from 0 to 2048
[  273.848571][   T26] audit: type=1326 audit(1763648645.121:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  273.889323][ T7372] netlink: 12 bytes leftover after parsing attributes in process `syz.5.771'.
[  273.915894][ T7363] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  273.961126][ T7363] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  273.979888][   T26] audit: type=1326 audit(1763648645.121:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  274.125767][ T7363] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  274.210080][ T7363] UDF-fs: Scanning with blocksize 512 failed
[  274.761894][ T7363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  276.575193][ T7409] overlayfs: failed to clone upperpath
[  276.626029][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  276.645857][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.511066][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.571829][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.615146][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.645076][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.687262][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.715198][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.911533][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  277.925638][ T7413] netlink: 'syz.2.781': attribute type 3 has an invalid length.
[  278.900454][   T26] audit: type=1326 audit(1763648650.321:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20c67f749 code=0x7fc00000
[  280.053463][ T7441] siw: device registration error -23
[  280.070180][ T7443] netlink: 28 bytes leftover after parsing attributes in process `syz.6.788'.
[  282.699539][   T26] audit: type=1326 audit(1763648654.121:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  282.848478][   T26] audit: type=1326 audit(1763648654.151:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.069299][   T26] audit: type=1326 audit(1763648654.151:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.327082][   T26] audit: type=1326 audit(1763648654.151:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.350371][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.6.801'.
[  283.353460][   T26] audit: type=1326 audit(1763648654.151:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.415118][   T26] audit: type=1326 audit(1763648654.151:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.457406][   T26] audit: type=1326 audit(1763648654.161:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.630865][   T26] audit: type=1326 audit(1763648654.161:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  283.791291][   T26] audit: type=1326 audit(1763648654.161:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.6.798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe58a876749 code=0x7ffc0000
[  284.081362][ T7518] validate_nla: 44 callbacks suppressed
[  284.081380][ T7518] netlink: 'syz.6.805': attribute type 4 has an invalid length.
[  284.147528][ T4226] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  284.794882][ T7532] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  284.856764][ T7531] ipt_CLUSTERIP: Please specify destination IP
[  284.935734][ T4226] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  284.943208][ T4226] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  284.972948][ T4226] usb 6-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  285.121376][ T4226] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  285.132075][ T4226] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  285.955787][ T4226] usb 6-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  286.045710][ T4226] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  286.056746][ T4226] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  286.105482][ T4226] usb 6-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  286.108529][ T7549] bridge0: port 3(netdevsim0) entered blocking state
[  286.285943][ T7549] bridge0: port 3(netdevsim0) entered disabled state
[  286.296343][ T7549] device netdevsim0 entered promiscuous mode
[  286.302951][ T7549] bridge0: port 3(netdevsim0) entered blocking state
[  286.309761][ T7549] bridge0: port 3(netdevsim0) entered forwarding state
[  287.155641][ T4226] usb 6-1: string descriptor 0 read error: -71
[  287.161969][ T4226] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  287.215757][ T4226] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.290765][ T4226] usb 6-1: can't set config #168, error -71
[  287.340536][ T4226] usb 6-1: USB disconnect, device number 3
[  288.616745][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  288.616761][   T26] audit: type=1326 audit(1763648660.041:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  288.668247][ T7581] netlink: 'syz.2.822': attribute type 4 has an invalid length.
[  288.683994][ T7581] netlink: 'syz.2.822': attribute type 3 has an invalid length.
[  288.702138][ T7581] netlink: 132 bytes leftover after parsing attributes in process `syz.2.822'.
[  288.731257][ T7583] sctp: [Deprecated]: syz.5.821 (pid 7583) Use of struct sctp_assoc_value in delayed_ack socket option.
[  288.731257][ T7583] Use struct sctp_sack_info instead
[  288.775561][   T26] audit: type=1326 audit(1763648660.041:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  288.888399][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.823'.
[  288.918870][   T26] audit: type=1326 audit(1763648660.071:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.015873][   T26] audit: type=1326 audit(1763648660.071:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.087212][   T26] audit: type=1326 audit(1763648660.071:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.163132][   T26] audit: type=1326 audit(1763648660.091:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.220435][   T26] audit: type=1326 audit(1763648660.091:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.374685][   T26] audit: type=1326 audit(1763648660.091:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  289.406998][   T26] audit: type=1326 audit(1763648660.091:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  290.177570][   T26] audit: type=1326 audit(1763648660.091:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.2.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa067f5e749 code=0x7ffc0000
[  291.813798][ T7629] netlink: 'syz.2.834': attribute type 3 has an invalid length.
[  291.995984][ T7629] netlink: 'syz.2.834': attribute type 3 has an invalid length.
[  292.659834][ T7633] netlink: 12 bytes leftover after parsing attributes in process `syz.4.836'.
[  295.728279][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.847'.
[  299.148703][ T7728] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  299.255023][ T7728] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.288149][ T7728] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.452751][ T7736] netlink: 'syz.2.856': attribute type 16 has an invalid length.
[  299.468298][ T7736] netlink: 'syz.2.856': attribute type 17 has an invalid length.
[  299.649960][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  299.902054][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  300.571776][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  300.769440][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  300.831716][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  300.938676][ T7736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  301.422388][ T7736] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.429624][ T7736] bridge0: port 1(bridge_slave_0) entered listening state
[  301.547782][   T26] kauditd_printk_skb: 50 callbacks suppressed
[  301.547797][   T26] audit: type=1326 audit(1763648672.971:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  301.592274][ T7736] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.599459][ T7736] bridge0: port 2(bridge_slave_1) entered listening state
[  301.623581][   T26] audit: type=1326 audit(1763648673.031:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  301.704029][   T26] audit: type=1326 audit(1763648673.031:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  301.811068][   T26] audit: type=1326 audit(1763648673.031:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  301.921430][   T26] audit: type=1326 audit(1763648673.031:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  301.975063][   T26] audit: type=1326 audit(1763648673.031:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  302.007560][   T26] audit: type=1326 audit(1763648673.031:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  302.036254][   T26] audit: type=1326 audit(1763648673.031:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  302.093534][   T26] audit: type=1326 audit(1763648673.031:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  302.173574][   T26] audit: type=1326 audit(1763648673.031:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7763 comm="syz.4.864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53d0368749 code=0x7ffc0000
[  304.007783][ T7811] xt_CT: You must specify a L4 protocol and not use inversions on it
[  304.463941][ T7815] ------------[ cut here ]------------
[  304.470560][ T7815] wlan1: Failed check-sdata-in-driver check, flags: 0x4
[  304.894022][ T7815] WARNING: CPU: 1 PID: 7815 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550
[  305.180855][ T7815] Modules linked in:
[  305.184829][ T7815] CPU: 0 PID: 7815 Comm: syz.5.875 Not tainted syzkaller #0
[  305.285967][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  305.379678][ T7815] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550
[  305.396661][ T7815] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15
[  305.493467][ T7823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  305.522945][ T7815] RSP: 0000:ffffc900034af248 EFLAGS: 00010246
[  305.540889][ T7815] RAX: 67fdfc02bb32ab00 RBX: 0000000000400000 RCX: 0000000000080000
[  305.554593][ T7815] RDX: ffffc90014f6d000 RSI: 0000000000004280 RDI: 0000000000004281
[  305.563256][ T7815] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0
[  305.571838][ T7815] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff8880234cc000
[  305.580416][ T7815] R13: ffff8880234cd290 R14: ffff888076e68da0 R15: ffff8880234ce298
[  305.590467][ T7815] FS:  00007fa5490846c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  305.603903][ T7815] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  305.610991][ T7815] CR2: 00007f2011a31286 CR3: 000000004b306000 CR4: 00000000003506f0
[  305.624405][ T7815] Call Trace:
[  305.627819][ T7815]  <TASK>
[  305.630794][ T7815]  ? netif_carrier_off+0x1/0xc0
[  305.640837][ T7815]  ieee80211_ocb_leave+0x26f/0x320
[  305.662758][ T7815]  __cfg80211_leave_ocb+0x219/0x3f0
[  305.674629][ T7815]  cfg80211_leave_ocb+0x53/0x70
[  305.691608][ T7815]  cfg80211_change_iface+0x4f1/0xeb0
[  305.701537][ T7815]  nl80211_set_interface+0x598/0x7d0
[  305.707373][ T7815]  ? nl80211_dump_interface+0x5c0/0x5c0
[  305.713016][ T7815]  ? mutex_lock_nested+0x17/0x20
[  305.718968][ T7815]  genl_rcv_msg+0xbc6/0xf40
[  305.723640][ T7815]  ? genl_bind+0x370/0x370
[  305.728986][ T7815]  ? verify_lock_unused+0x140/0x140
[  305.734289][ T7815]  ? __dev_queue_xmit+0x1bc5/0x2ed0
[  305.739844][ T7815]  ? dev_queue_xmit+0x20/0x20
[  305.744832][ T7815]  ? nl80211_dump_interface+0x5c0/0x5c0
[  305.750534][ T7815]  netlink_rcv_skb+0x1e0/0x430
[  305.755354][ T7815]  ? genl_bind+0x370/0x370
[  305.759911][ T7815]  ? netlink_ack+0xb60/0xb60
[  305.764532][ T7815]  ? __lock_acquire+0x7c60/0x7c60
[  305.769656][ T7815]  ? preempt_count_add+0x8d/0x190
[  305.774741][ T7815]  ? down_read+0x1aa/0x2e0
[  305.779292][ T7815]  genl_rcv+0x24/0x40
[  305.783307][ T7815]  netlink_unicast+0x774/0x920
[  305.789102][ T7815]  netlink_sendmsg+0x8ab/0xbc0
[  305.793891][ T7815]  ? netlink_getsockopt+0x560/0x560
[  305.799211][ T7815]  ? aa_sock_msg_perm+0x94/0x150
[  305.804188][ T7815]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  305.809617][ T7815]  ? security_socket_sendmsg+0x7c/0xa0
[  305.815115][ T7815]  ? netlink_getsockopt+0x560/0x560
[  305.820499][ T7815]  ____sys_sendmsg+0x5a2/0x8c0
[  305.825342][ T7815]  ? memset+0x1e/0x40
[  305.829443][ T7815]  ? __sys_sendmsg_sock+0x30/0x30
[  305.834520][ T7815]  ? import_iovec+0x6f/0xa0
[  305.839133][ T7815]  ___sys_sendmsg+0x1f0/0x260
[  305.843855][ T7815]  ? __sys_sendmsg+0x250/0x250
[  305.848878][ T7815]  ? sock_do_ioctl+0x27c/0x2f0
[  305.853703][ T7815]  ? __fdget+0x18b/0x210
[  305.858140][ T7815]  __se_sys_sendmsg+0x190/0x250
[  305.863047][ T7815]  ? __x64_sys_sendmsg+0x80/0x80
[  305.868087][ T7815]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  305.874127][ T7815]  ? lockdep_hardirqs_on+0x94/0x140
[  305.879438][ T7815]  do_syscall_64+0x4c/0xa0
[  305.883887][ T7815]  ? clear_bhb_loop+0x30/0x80
[  305.888746][ T7815]  ? clear_bhb_loop+0x30/0x80
[  305.893503][ T7815]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  305.900587][ T7815] RIP: 0033:0x7fa54ae1d749
[  305.905030][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.924743][ T7815] RSP: 002b:00007fa549084038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  305.933334][ T7815] RAX: ffffffffffffffda RBX: 00007fa54b073fa0 RCX: 00007fa54ae1d749
[  305.941416][ T7815] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  305.949619][ T7815] RBP: 00007fa54aea1f91 R08: 0000000000000000 R09: 0000000000000000
[  305.957812][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  305.965957][ T7815] R13: 00007fa54b074038 R14: 00007fa54b073fa0 R15: 00007ffe90c1e0e8
[  305.974135][ T7815]  </TASK>
[  305.977299][ T7815] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  305.984599][ T7815] CPU: 1 PID: 7815 Comm: syz.5.875 Not tainted syzkaller #0
[  305.991887][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  306.001949][ T7815] Call Trace:
[  306.005252][ T7815]  <TASK>
[  306.008192][ T7815]  dump_stack_lvl+0x168/0x230
[  306.012896][ T7815]  ? show_regs_print_info+0x20/0x20
[  306.018109][ T7815]  ? load_image+0x3b0/0x3b0
[  306.022659][ T7815]  panic+0x2c9/0x7f0
[  306.026581][ T7815]  ? bpf_jit_dump+0xd0/0xd0
[  306.031123][ T7815]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  306.037648][ T7815]  __warn+0x248/0x2b0
[  306.041674][ T7815]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  306.048122][ T7815]  report_bug+0x1b7/0x2e0
[  306.052473][ T7815]  handle_bug+0x3a/0x70
[  306.056649][ T7815]  exc_invalid_op+0x16/0x40
[  306.061176][ T7815]  asm_exc_invalid_op+0x16/0x20
[  306.066048][ T7815] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550
[  306.073103][ T7815] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15
[  306.092732][ T7815] RSP: 0000:ffffc900034af248 EFLAGS: 00010246
[  306.098824][ T7815] RAX: 67fdfc02bb32ab00 RBX: 0000000000400000 RCX: 0000000000080000
[  306.106827][ T7815] RDX: ffffc90014f6d000 RSI: 0000000000004280 RDI: 0000000000004281
[  306.114818][ T7815] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0
[  306.122801][ T7815] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff8880234cc000
[  306.130785][ T7815] R13: ffff8880234cd290 R14: ffff888076e68da0 R15: ffff8880234ce298
[  306.138794][ T7815]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  306.145251][ T7815]  ? netif_carrier_off+0x1/0xc0
[  306.150124][ T7815]  ieee80211_ocb_leave+0x26f/0x320
[  306.155287][ T7815]  __cfg80211_leave_ocb+0x219/0x3f0
[  306.160501][ T7815]  cfg80211_leave_ocb+0x53/0x70
[  306.165362][ T7815]  cfg80211_change_iface+0x4f1/0xeb0
[  306.170681][ T7815]  nl80211_set_interface+0x598/0x7d0
[  306.176012][ T7815]  ? nl80211_dump_interface+0x5c0/0x5c0
[  306.181589][ T7815]  ? mutex_lock_nested+0x17/0x20
[  306.186558][ T7815]  genl_rcv_msg+0xbc6/0xf40
[  306.191088][ T7815]  ? genl_bind+0x370/0x370
[  306.195527][ T7815]  ? verify_lock_unused+0x140/0x140
[  306.200755][ T7815]  ? __dev_queue_xmit+0x1bc5/0x2ed0
[  306.205993][ T7815]  ? dev_queue_xmit+0x20/0x20
[  306.210690][ T7815]  ? nl80211_dump_interface+0x5c0/0x5c0
[  306.216273][ T7815]  netlink_rcv_skb+0x1e0/0x430
[  306.221080][ T7815]  ? genl_bind+0x370/0x370
[  306.225531][ T7815]  ? netlink_ack+0xb60/0xb60
[  306.230156][ T7815]  ? __lock_acquire+0x7c60/0x7c60
[  306.235208][ T7815]  ? preempt_count_add+0x8d/0x190
[  306.240248][ T7815]  ? down_read+0x1aa/0x2e0
[  306.244689][ T7815]  genl_rcv+0x24/0x40
[  306.248690][ T7815]  netlink_unicast+0x774/0x920
[  306.253468][ T7815]  netlink_sendmsg+0x8ab/0xbc0
[  306.258252][ T7815]  ? netlink_getsockopt+0x560/0x560
[  306.263503][ T7815]  ? aa_sock_msg_perm+0x94/0x150
[  306.268457][ T7815]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  306.273750][ T7815]  ? security_socket_sendmsg+0x7c/0xa0
[  306.279218][ T7815]  ? netlink_getsockopt+0x560/0x560
[  306.284443][ T7815]  ____sys_sendmsg+0x5a2/0x8c0
[  306.289218][ T7815]  ? memset+0x1e/0x40
[  306.293205][ T7815]  ? __sys_sendmsg_sock+0x30/0x30
[  306.298251][ T7815]  ? import_iovec+0x6f/0xa0
[  306.302783][ T7815]  ___sys_sendmsg+0x1f0/0x260
[  306.307485][ T7815]  ? __sys_sendmsg+0x250/0x250
[  306.312274][ T7815]  ? sock_do_ioctl+0x27c/0x2f0
[  306.317065][ T7815]  ? __fdget+0x18b/0x210
[  306.321329][ T7815]  __se_sys_sendmsg+0x190/0x250
[  306.326208][ T7815]  ? __x64_sys_sendmsg+0x80/0x80
[  306.331194][ T7815]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  306.337200][ T7815]  ? lockdep_hardirqs_on+0x94/0x140
[  306.342423][ T7815]  do_syscall_64+0x4c/0xa0
[  306.346837][ T7815]  ? clear_bhb_loop+0x30/0x80
[  306.351519][ T7815]  ? clear_bhb_loop+0x30/0x80
[  306.356206][ T7815]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  306.362129][ T7815] RIP: 0033:0x7fa54ae1d749
[  306.366561][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.386208][ T7815] RSP: 002b:00007fa549084038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  306.394653][ T7815] RAX: ffffffffffffffda RBX: 00007fa54b073fa0 RCX: 00007fa54ae1d749
[  306.402631][ T7815] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  306.410606][ T7815] RBP: 00007fa54aea1f91 R08: 0000000000000000 R09: 0000000000000000
[  306.418611][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  306.426628][ T7815] R13: 00007fa54b074038 R14: 00007fa54b073fa0 R15: 00007ffe90c1e0e8
[  306.434641][ T7815]  </TASK>
[  306.437966][ T7815] Kernel Offset: disabled
[  306.442669][ T7815] Rebooting in 86400 seconds..