last executing test programs:

2m9.051424949s ago: executing program 0 (id=232):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f00000003c0)=ANY=[], 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x42050, &(0x7f00000002c0)={0xa, 0x4e24, 0x5, @local, 0x3b67}, 0x1c)

2m9.00117975s ago: executing program 0 (id=233):
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m8.941020842s ago: executing program 0 (id=235):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000007c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\f\n5', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

2m8.753296386s ago: executing program 0 (id=236):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@minixdf}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
setxattr$security_capability(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0), 0x0, 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x3f, 0x0)

2m7.996240208s ago: executing program 0 (id=241):
syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ee0ff540991100b038e5010203010902240001000000000904000002da8671000905065abf0300000009058202"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac3(0xffffffffffffffff, 0x0, &(0x7f0000000a00)={0x44, &(0x7f00000007c0)={0x20, 0x10, 0x4, "8d4b2751"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$evdev(&(0x7f0000000880), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x80284511, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x81, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6f, 0x2, 0x1, 0x6, 0x0, 0xff, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "88"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x0, 0x4, 0x8}, {0x6, 0x24, 0x1a, 0x7}, [@country_functional={0x8, 0x24, 0x7, 0x9, 0x7, [0xed1b]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x4}, @obex={0x5, 0x24, 0x15, 0x1ff}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x6, 0x6, 0x6e}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x63, 0x9, 0x62}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x5, 0x4, 0xf}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x3, 0x9, 0x3, 0x40, 0xb8}, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="0000a927feccc17e02ed6d8c1deacb0024"], 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x83e}}, {0x93, &(0x7f0000000200)=@string={0x93, 0x3, "59feae3407c13703fc54752fb9f92006c5f85a0c53baad32463d4d674ef44bac40e5ef887ee431582f1490a9fdc14e85384c4828ecdf09cec7c1d9840479fcb9dd67773f625ebb6aaa2bec3a00bc0f24ad346f8428a91eb644f0fece0410d387edee5f54150249fa0b40fef76dc7f7d56a6ca0907b88fbc9008a2bb25537e52fed2e385bf506109c05b8becb86a68b7020"}}]})

2m7.53941935s ago: executing program 0 (id=244):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a31000000001400048008000240e7b140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000600)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6f911b51430437121d2ca7af23", 0x2c}], 0x1}, 0x0)

2m7.144539561s ago: executing program 32 (id=244):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a31000000001400048008000240e7b140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000600)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6f911b51430437121d2ca7af23", 0x2c}], 0x1}, 0x0)

1m58.331493864s ago: executing program 1 (id=286):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000040)='./file1\x00', 0x400)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0xfc, 0x0, 0x40, 0x7fff, 0x2, 0x3e, 0xfffbffed, 0x294, 0x40, 0x1dd, 0xf, 0x0, 0x38, 0x1, 0x0, 0x2}, [{0x3, 0x3, 0x4, 0xd, 0x1c8, 0xe6, 0x1004, 0x3}], "8896f90580418954b50ef0f8011177f10291cbe4d3216fbc64f1ba622fdc49f66389be39365bb59d9c290d8b0ee2fea7687f7d9bbf575a4ce10ff0a5ef4278f6591b0531b2a7c2b99998f516147a99cc57365ed46bccfb71c0d5d504e1d023a3f2158e1a94f98388c50814f0832afb8b9ae3"}, 0xea)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)

1m57.966364574s ago: executing program 1 (id=289):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x7, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000740)='D', 0x1}, {&(0x7f00000022c0)='o', 0x1}], 0x2)

1m54.793353481s ago: executing program 1 (id=297):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x5a6, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0xb, 0x0, 0x0)

1m53.497869657s ago: executing program 1 (id=302):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1404c, &(0x7f0000000300)={[{@grpquota}, {@init_itable}, {@init_itable_val}]}, 0x1, 0x485, &(0x7f0000000bc0)="$eJzs3M9vFFUcAPDvbLuFWrQV8Rf4YxWNxGhLAZWDBzWaeMDERA963LSVIAUNrYmQJhYPeDLGxLvx6L/gSS/GeNHEq94JCTFcBE9rZmem3W1ntxR2u+p+PsnC983M7nvfffO2b+Z1G8DQqqX/JBF7IuL3iJjMiu0H1LL/rl9bmbtxbWUuiUbjrT+T5nF/XVuZKw4tnjfRWogkDpTUu3T+wun64uLCubw8s3zmw5ml8xeePXWmfnLh5MLZI8ePHzs6+8LzR57rSZ4TUcmj19/98o0Tn7flvyGPHql12/lko9Hj6gbrzpZ4dIDtYHtG8v6qNsf/ZIy09N5kvPbpWuGTATUQ6JtGo9GY6Lx7tQH8jyXRXjbkYVgUP+iL69+y6+CX+jb7GLyrL2cXQGne1/NHtmd07Y5BdcP1bS/VIuKd1b+/Th/Rn/sQAABtvk/nP8+ks52VuXTusT7/qMR9Lcfdla8NTUXE3RGxNyLuibOxLyLujWgee39EPLDN+lsWSZrTzM3zn8qVW07uJqTzvxfzta32+V8x+4upkWbpfFaIavLeqcWFw/l7ciiqu9LybJc6fnj1ty867Wud/6WPtP5iLpi348rorvbnzNeX67eecburFyP2j5bln6ytBCQR8WBE7C97gcrWdZx6+tuHOu2rTW+Vfxc9WGhqfBPxVNb/q7Eh/0LSfX1yZncsLhyeKc6KzX7+9dKbnerfuv/7K+3/O0rP/7X8p5LW9dql7ddx6Y/POl7T1Kp5sI3zf7W+XB9L3m7GY/m2j+vLy+dmI8aSE1mjW7cfWX9uUS6OT/M/dLB8/O+N9XfiQESkJ/HDEfFIRDya991jEfF4RBzskv9Przzx/sZt40X+3ft/rMvL9kSa//y2+n89GIv2LZWSY9Jg5PSP37VVOrUe5vnf6P75d6wZHcq33Mzn3+ZWlAe3+/4BAADAf0ElIvZEUpleiyuV6ensd/j3ZUvfqY/OzmffEZiKaqW40zXZcj90Nr+sz8oXIyL71YJi/9GoNO8bfzUy3ixPz32wOD/QzIGJDuM/dXlk0K0D+s4XtmB4Gf8wvLqO/+rOtQPYeZvGf9cxv6uvbQF2VsnP//FBtAPYeWXzf3/vB4bDhvFv2Q+GiPv/MLyMfxhexj8MpaXx2PpL8l2D4pVu8elbBZMRt9vC07vLdv1S+jcNehdEtV+v/O8IotL3Ksb6e2r1LUhuts2XB97UzsHgPpMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66Z8AAAD//2qZzow=")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3200009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x322020, &(0x7f0000000280)=ANY=[], 0x1, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x2)

1m52.756351997s ago: executing program 1 (id=304):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
unshare(0x22020600)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001c40)={r1, r0, 0x4, r1}, 0x10)

1m52.179379503s ago: executing program 1 (id=306):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000180)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@inlinecrypt}]}, 0x1, 0x5a2, &(0x7f00000003c0)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQFNGVzc6mabpbN2k3W7O/H8zu+85M5nnfmX3e7AwzbAB963D9JY14KiLOJxHDG5YNRLbwcGO91ZWl4t2VpWIStdqFX5JIIuLOylKxuX6SvR+IiOWI+H9EfJOPOJqub3JPs1BdWJwaL5dLs1l9ZG768kh1YfHYpenxydJkaebEiy+dOn3y1NjxsY3NvVvbWMtvra/Xfrz+7rXvXrl5/dPPDi0X3x9P4kwMZcs29uNxauyTfJzZNP9kN4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6DO9I8oItqgxG1dRuKQB9IJD30qeb3gPr5b3Paye8ft842TkDqcVdXlorvRDP+QOPaROxdOzfZ/2ty35lJ/Xzz4E42lF1p+WpEjA4MPPj5T7LP3/aNPo4G0lVfn20cqAePf7o+/kSL8Weoee30ETXHv9Vs/FttET/XZvw732GMP17/6aO28a8OxtMt4yfr8ZMW8dOIeLPD+Dde+/J0u2W1jyOOROv4TcnDrw+PXLxULo02XlvG+OrIoZfb9z9if5v4jWu2e9casrH/e7I2pR32/4tvP39m+SHxn3/24ce/1f7fFxHvdRj/P3c+ebXdsltXk9v1bwFbPf5J5ONmh/FfOHP4h6zoqiEAAAAAAAAAADxG6dq9bElaWC+naaHQeIb3v7E/LVeqc0cvVuZnJhr3vB2MfNq802q4UU/q9bHsftxm/fim+olcFjC3b61eKFbKEz3uOwAAAAAAAAAAAAAAAAAAADwpDmx6/v+33Nrz/5t/rhrYrdr/5Dew28l/6F/353/Ss3YAO8//f+hbNfkP/Uv+Q/+S/9C/5D/0L/kP/Uv+Q/+S/wAAAAAAAAAAAAAAAAAAAAAAAAAA0BXnz52rT7W7K0vFen1iYGF+qvLWsYlSdaowPV8sFCuzlwuTlcpkuVQoVqb/bntJpXJ5NGbmr4zMlapzI9WFxTemK/Mzzd8ULeW73iMAAAAAAAAAAAAAAAAAAAD45xlam5K0EJFv1NO0UIj4V0QcTCK5eKlcGo2If0fE97n8YL0+1utGAwAAAAAAAAAAAAAAAAAAwC5TXVicGi+XS7PdKwxkoboYovPCwFZWjojlRwn6e61Wu39OfYtb3k4+24E93nW7o5B7Mj6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qXsP/Xb6F392t0EAAAAAAAAAAAAAAAAAAADQl9Kfk4ioT0eGnxvavHRPsppbe4+It29c+ODK+Nzc7Fh9/u31+XMfZvOP96L9QKeaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHuqC4tT4+VyaXabhcEO1ul1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2468AAAD//3+o0IY=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001980)={&(0x7f0000001000/0x2000)=nil, &(0x7f0000002000/0xb000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000002000/0x4000)=nil, &(0x7f000000b000/0x4000)=nil, &(0x7f000000a000/0x3000)=nil, &(0x7f000000c000/0x2000)=nil, &(0x7f000000a000/0x3000)=nil, 0x0, 0x0, r0}, 0x68)
truncate(&(0x7f0000000940)='./file1\x00', 0x8da6)
write$cgroup_freezer_state(r0, &(0x7f0000000040)='FROZEN\x00', 0x7)

1m51.641225017s ago: executing program 33 (id=306):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000180)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@inlinecrypt}]}, 0x1, 0x5a2, &(0x7f00000003c0)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQFNGVzc6mabpbN2k3W7O/H8zu+85M5nnfmX3e7AwzbAB963D9JY14KiLOJxHDG5YNRLbwcGO91ZWl4t2VpWIStdqFX5JIIuLOylKxuX6SvR+IiOWI+H9EfJOPOJqub3JPs1BdWJwaL5dLs1l9ZG768kh1YfHYpenxydJkaebEiy+dOn3y1NjxsY3NvVvbWMtvra/Xfrz+7rXvXrl5/dPPDi0X3x9P4kwMZcs29uNxauyTfJzZNP9kN4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6DO9I8oItqgxG1dRuKQB9IJD30qeb3gPr5b3Paye8ft842TkDqcVdXlorvRDP+QOPaROxdOzfZ/2ty35lJ/Xzz4E42lF1p+WpEjA4MPPj5T7LP3/aNPo4G0lVfn20cqAePf7o+/kSL8Weoee30ETXHv9Vs/FttET/XZvw732GMP17/6aO28a8OxtMt4yfr8ZMW8dOIeLPD+Dde+/J0u2W1jyOOROv4TcnDrw+PXLxULo02XlvG+OrIoZfb9z9if5v4jWu2e9casrH/e7I2pR32/4tvP39m+SHxn3/24ce/1f7fFxHvdRj/P3c+ebXdsltXk9v1bwFbPf5J5ONmh/FfOHP4h6zoqiEAAAAAAAAAADxG6dq9bElaWC+naaHQeIb3v7E/LVeqc0cvVuZnJhr3vB2MfNq802q4UU/q9bHsftxm/fim+olcFjC3b61eKFbKEz3uOwAAAAAAAAAAAAAAAAAAADwpDmx6/v+33Nrz/5t/rhrYrdr/5Dew28l/6F/353/Ss3YAO8//f+hbNfkP/Uv+Q/+S/9C/5D/0L/kP/Uv+Q/+S/wAAAAAAAAAAAAAAAAAAAAAAAAAA0BXnz52rT7W7K0vFen1iYGF+qvLWsYlSdaowPV8sFCuzlwuTlcpkuVQoVqb/bntJpXJ5NGbmr4zMlapzI9WFxTemK/Mzzd8ULeW73iMAAAAAAAAAAAAAAAAAAAD45xlam5K0EJFv1NO0UIj4V0QcTCK5eKlcGo2If0fE97n8YL0+1utGAwAAAAAAAAAAAAAAAAAAwC5TXVicGi+XS7PdKwxkoboYovPCwFZWjojlRwn6e61Wu39OfYtb3k4+24E93nW7o5B7Mj6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qXsP/Xb6F392t0EAAAAAAAAAAAAAAAAAAADQl9Kfk4ioT0eGnxvavHRPsppbe4+It29c+ODK+Nzc7Fh9/u31+XMfZvOP96L9QKeaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHuqC4tT4+VyaXabhcEO1ul1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2468AAAD//3+o0IY=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001980)={&(0x7f0000001000/0x2000)=nil, &(0x7f0000002000/0xb000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000002000/0x4000)=nil, &(0x7f000000b000/0x4000)=nil, &(0x7f000000a000/0x3000)=nil, &(0x7f000000c000/0x2000)=nil, &(0x7f000000a000/0x3000)=nil, 0x0, 0x0, r0}, 0x68)
truncate(&(0x7f0000000940)='./file1\x00', 0x8da6)
write$cgroup_freezer_state(r0, &(0x7f0000000040)='FROZEN\x00', 0x7)

1m39.949406879s ago: executing program 3 (id=390):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140))
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='system.posix_acl_access\x00')

1m39.801762453s ago: executing program 3 (id=392):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x4000)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x100, 0xac}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

1m39.55402713s ago: executing program 3 (id=397):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "0d5011f02b7fab96e0aa834d3a9e7cfc12178ac0ab1e6227c2b6ddaa5effda90", 0x5, 0x16, 0xfffffffe, 0x1}, 0x3c)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@broadcast, @multicast1, 0x0, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85ee73daab4158e8", 0x2, 0x6, 0x4, 0x4}, 0x3c)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000100)=0xe, 0x4)

1m39.291415367s ago: executing program 3 (id=400):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x804b14, &(0x7f0000000040)={[{@nobarrier}]}, 0xfc, 0x491, &(0x7f0000000200)="$eJzs3MtrXFUYAPDvzmT6bhNrrba2Gq1i8ZE0adUuXKgouFAQdFGXMUlr7bSRJoItQaNIXUrBvbgU/AvcuRF1IYJbBZdSKBqEpq4i99VMJ5M0SZOMzfx+MDP33Mec8917zsy598ydADpWb/qUROyIiN8iojtP3rxCb/4yMz05fH16cjiJ2dk3/kqy9a5NTw6Xq5bbbS8ShysRlU+TeD6Zn+/4hYtnhur10fNFun/i7Hv94xcuPnX67NCp0VOj5waPHz92dODZZwafXpU407iu7f9w7MC+V966/Nrwictv//hNWqy9B/PljXHc0vUWAbXQm+61v2czzcseXUbZ7wQ7G6aTrjYWhGWpRkR6uGpZ+++OaswdvO54+ZO2Fg5YU+l30+aFF0/NAhtYEq3m1ta/IMA6K7/o0/Pf8rFOXY//hasvRGwqpmemJ4dnbsTfFZVifm0N8++NiBNT/36ZPmK51yEAAFYg69s82ar/V4m92Ws+1rGrGEPpiYi7ImJ3RNwdEXsi4p6IbN17I+K+fOPZ7iXm39uUnt//qVxpWeZVkvb/nmvo+800xF+89FSL1M4s/lpy8nR99EixTw5HbXOaHlgkj+9e+vXzhZY19v/SR5p/2RcsCnClq+kC3cjQxNBq7YSrH0fs72oVf3JjJCCtAfsiYv/y3npXOXH68a8PLLTSreNfxCqMM81+FfFYfvynoin+UrL4+GT/lqiPHukva8V8P/1y6fWF8r+t+FdBevy33Vz/m9bo/ifJx2trUa+Pnh9ffh6Xfv9swXOaldb/Tcmb2Zj1z+/k8z4Ympg4PxCxKXk1S5fndNn8wblty3S5fhr/4UOt2//uYps0/vsjIq3EByPigYh4sCj7QxHxcEQcWiT+H1585N1F4k8iibYe/5GWn3836n9P0jhev4KJ6pnvv11oxHxpx/9YTGWftbns8+8WllrA29x9AAAAcEeoRMSOSCp9+XTvjqhU+vry3/DviW2V+tj4xBMnx94/N5LfI9ATtUp5pau74XroQDJVvGOeHsyvFVfL5UeL68ZfVLdm6b7hsfpIm2OHTrf95vYfZftP/Vltd+mANed+Lehcze2/0qZyAOtvKd//zgVgY2po/+XPCre2qyzA+nL+D52rVfv/qCmt/w8b0/z2/0eLv6wDNiL9f+hc2j90riW1fz8KgI3mdu7rX/lEebPAyt9ny5Lv8O+UifIfL9Yyr60xNycqbQ+5g6pN2mLWN9O5/1ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4k/0XAAD//8Iq5SY=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1f0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a1)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd2f0, 0x2000, 0x8, 0xadea})
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m38.692403314s ago: executing program 3 (id=406):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0)

1m37.931388585s ago: executing program 3 (id=410):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x82}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x260580e9}, 0x810)

1m37.3690277s ago: executing program 34 (id=410):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x82}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x260580e9}, 0x810)

3.136256023s ago: executing program 6 (id=1108):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4c010)
r0 = gettid()
r1 = syz_open_procfs(r0, &(0x7f0000000240)='net/if_inet6\x00')
preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000380)=""/131, 0x83}], 0x1, 0x80000001, 0x3)

2.110628061s ago: executing program 6 (id=1117):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
syz_usb_connect(0x0, 0xb, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

1.975420215s ago: executing program 5 (id=1121):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x2, 0x0, 0x4}, 0x2}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000005c0)="92708d2a2e96decae2", 0x9}}, 0xee)
sendmsg$can_j1939(r2, &(0x7f00000004c0)={&(0x7f0000000400)={0x1d, r1, 0x2, {0x0, 0x1, 0x1}, 0xfe}, 0x18, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x10)

1.511399598s ago: executing program 2 (id=1125):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x5, 0x4, 0x7fe2, 0x1, 0x1, 0xffffffffffffffff, 0xfff}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x8, 0xc}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f00000001c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r2}, 0xc)

1.218065186s ago: executing program 6 (id=1126):
semget$private(0x0, 0x6, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
semop(0x0, &(0x7f0000000340)=[{0x2, 0x8001, 0x1000}], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
semop(0x0, &(0x7f0000000300)=[{0x2, 0xffff, 0x2000}], 0x1)
semctl$IPC_RMID(0x0, 0x0, 0x0)

1.217183546s ago: executing program 2 (id=1135):
unshare(0x22020400)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$LINK_DETACH(0x22, 0x0, 0x0)

1.152573698s ago: executing program 2 (id=1127):
r0 = socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r1, 0x4)
connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000300)="dd481ea0a28dd3ad058e78c4d1f7569674787dd5402817780ac263bca36438fb7d9b33eec04d9ab3cf2cacd243c3c3be17e032145717622a30e0f26ba1882d07a2ecd8ed737e5cc833a15fabcf7022f6cafacb52b3ef8aa8ab933b635eeaeca917429a96cb616bc8", 0x4000f}], 0x1}}], 0x51, 0x40010)

1.05808245s ago: executing program 6 (id=1128):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000140), 0x400000000000287, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000ec0)=[{{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x40)

1.05584217s ago: executing program 2 (id=1138):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001a"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

694.73761ms ago: executing program 4 (id=1129):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x1, 0x8, 0x8, 0x40}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000005000000080000000f"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

643.390442ms ago: executing program 4 (id=1131):
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r0 = syz_clone(0x82008400, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000b40)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000440)='attr/prev\x00')

640.989992ms ago: executing program 2 (id=1141):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x321008a, &(0x7f00000005c0)=ANY=[@ANYBLOB="696f636861727365743d6b6f69382d752c000000000000008074653d312c73686f77657865632c6e6f6e756d7461696c3d302c1746bfd6722c7574663800"/73], 0x4, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f00000004c0), 0xce, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60020000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

569.353764ms ago: executing program 5 (id=1132):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_io_uring_setup(0x2b26, &(0x7f0000000040)={0x0, 0xacff, 0x40, 0x0, 0x22}, &(0x7f0000ffd000), 0x0, &(0x7f0000000000))
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

462.469676ms ago: executing program 4 (id=1133):
r0 = socket(0xa, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r0, 0x0, 0xffe5, 0xe000, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x12041, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040))

462.259756ms ago: executing program 2 (id=1134):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000640)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)

379.817399ms ago: executing program 5 (id=1136):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000300004802c"], 0x84}}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0eab070004000523"], 0xfe33)

324.87224ms ago: executing program 4 (id=1137):
r0 = memfd_create(&(0x7f0000000600)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\x00\x00\x00\x00\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5\xc6\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa2\xa7\x01(l\xb8\x83\xe2f\xfd\x92\xcd\xb0\xfd\x00\x91\xd4\xe8N\xfd\xac\x86\x9aZRY\tz\xe3\x93\x06M\xb3\xa6\xec\xa3\v4\x01\b\x14\xde\x1a\x9b\xea]\xb9\xe06\x84$\xa1\xbdQa=\x97i\xfb\xf4\x9a\xacm\xbdT\xcc\\\x7f\xa3\xcfv\n\xc7\xf8Os\x96Q\x1b\x82\xfa=\r\x9d\xc6\"\x9d\xe1.gG\xeb\fR\xd4L^Y\xd6\xf9\xe0\x8c\x18Y:t\x17\x16\x97\xe1\xc4\f\xb7\x98Jk\xe6y\x90,\xeb\xd6W\xb8I\xa5Z\v7', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}})

246.893762ms ago: executing program 5 (id=1139):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x4}]}, 0x10)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x9a, &(0x7f0000000240)={@link_local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x64, 0x11, 0x0, @local, @mcast2, {[], {0x4000, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "1983426a97e3503bbbc12ef01ae488918c1ea89a08a25f78de9f802d2628cc4b", "b6af91bfb69252b136c8f50eaee89ebe", {"26e39726e261b1997fe90de7841c2e1f", "8def4140df2b9c11e876f120f5f7bfc5"}}}}}}}}, 0x0)

245.900242ms ago: executing program 4 (id=1148):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x1d, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000001000000b708000000000000dbaaf8fff1000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000006a000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbf6a00000000000007040000f0ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x8, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)

185.467364ms ago: executing program 5 (id=1140):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x275a, 0x0)
mmap(&(0x7f0000fef000/0x11000)=nil, 0x11000, 0x7000001, 0x12, r0, 0x0)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}})

138.488755ms ago: executing program 6 (id=1142):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x30, r3, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x2)

82.210347ms ago: executing program 4 (id=1143):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x0, 0xfffffffb, 0x0, 0x515f3157, 0x4, "78e1141009f593233bce41f20613341f43d01f"})
write$UHID_INPUT(r1, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)

877.869µs ago: executing program 6 (id=1144):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg$can_j1939(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f00000017c0)=""/247, 0xf7}, {&(0x7f00000018c0)=""/81, 0x51}], 0x2}, 0x1003)

0s ago: executing program 5 (id=1145):
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r0 = syz_clone(0x82008400, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000b40)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000440)='attr/prev\x00')

kernel console output (not intermixed with test programs):

:]:6789 error -101
[   98.356654][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   98.469538][   T27] audit: type=1326 audit(1777508855.023:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.520961][   T27] audit: type=1326 audit(1777508855.023:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.552483][   T27] audit: type=1326 audit(1777508855.063:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.584745][   T27] audit: type=1326 audit(1777508855.063:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.612037][   T27] audit: type=1326 audit(1777508855.063:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.661065][   T27] audit: type=1326 audit(1777508855.063:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.718341][   T27] audit: type=1326 audit(1777508855.063:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.760303][   T27] audit: type=1326 audit(1777508855.063:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.793548][   T27] audit: type=1326 audit(1777508855.063:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6520 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[   98.847050][    T9] libceph: connect (1)[c::]:6789 error -101
[   98.872194][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   98.907156][    T9] libceph: connect (1)[c::]:6789 error -101
[   98.908041][ T6525] loop3: detected capacity change from 0 to 32768
[   98.927369][ T6525] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.230 (6525)
[   98.943035][ T6501] ceph: No mds server is up or the cluster is laggy
[   98.951833][ T6495] ceph: No mds server is up or the cluster is laggy
[   98.960689][    T9] libceph: mon0 (1)[c::]:6789 connect error
[   99.008483][ T6525] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   99.019153][ T6525] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[   99.028028][ T6525] BTRFS info (device loop3): enabling auto defrag
[   99.030109][ T6515] loop1: detected capacity change from 0 to 40427
[   99.035588][ T6525] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[   99.051237][ T6525] BTRFS info (device loop3): use zstd compression, level 3
[   99.058486][ T6525] BTRFS info (device loop3): turning on async discard
[   99.065474][ T6525] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   99.076202][ T6525] BTRFS info (device loop3): trying to use backup root at mount time
[   99.076978][ T6515] F2FS-fs (loop1): Invalid SB checksum offset: 0
[   99.084620][ T6525] BTRFS info (device loop3): enabling ssd optimizations
[   99.084669][ T6525] BTRFS info (device loop3): using spread ssd allocation scheme
[   99.084685][ T6525] BTRFS info (device loop3): force zlib compression, level 3
[   99.084703][ T6525] BTRFS info (device loop3): using free space tree
[   99.139460][ T6515] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   99.178022][ T6515] F2FS-fs (loop1): invalid crc value
[   99.278381][   T12] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[   99.358779][ T6525] BTRFS error (device loop3): failed to load root extent
[   99.366160][ T6525] BTRFS warning (device loop3): try to load backup roots slot 1
[   99.380667][   T12] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[   99.410574][ T6525] BTRFS warning (device loop3): couldn't read tree root
[   99.417650][ T6525] BTRFS warning (device loop3): try to load backup roots slot 2
[   99.431702][ T6375] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[   99.444731][ T6551] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[   99.476603][ T6525] BTRFS warning (device loop3): couldn't read tree root
[   99.483798][ T6525] BTRFS warning (device loop3): try to load backup roots slot 3
[   99.511258][ T6525] BTRFS info (device loop3): rebuilding free space tree
[   99.538014][ T6525] BTRFS info (device loop3): checking UUID tree
[   99.648363][ T6515] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[   99.679681][ T6515] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   99.687954][ T6559] loop0: detected capacity change from 0 to 512
[   99.740003][ T6559] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   99.813590][ T6559] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   99.913713][ T6559] EXT4-fs (loop0): 1 truncate cleaned up
[   99.936959][ T5763] syz-executor: attempt to access beyond end of device
[   99.936959][ T5763] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   99.937943][ T6559] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.981934][ T5763] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  100.029325][ T5767] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  100.649458][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.915078][   T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.118547][   T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.175730][ T6571] loop1: detected capacity change from 0 to 32768
[  101.186159][ T6571] XFS: attr2 mount option is deprecated.
[  101.246682][   T41] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.309354][ T6571] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  101.331815][ T6581] kernel profiling enabled (shift: 5)
[  101.425292][ T6571] XFS (loop1): Ending clean mount
[  101.438581][   T41] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.514348][ T6571] XFS (loop1): Quotacheck needed: Please wait.
[  101.634430][ T5765] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  101.645579][ T5765] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  101.657179][ T5765] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  101.670735][ T5765] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  101.695298][ T5765] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  101.711016][ T5765] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  101.740554][ T6571] XFS (loop1): Quotacheck: Done.
[  102.057917][ T5763] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  102.306526][   T41] tipc: Left network mode
[  102.500882][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  102.601485][ T6593] chnl_net:caif_netlink_parms(): no params data found
[  102.962479][ T6612] tipc: Started in network mode
[  102.987408][ T6612] tipc: Node identity ac1414aa, cluster identity 4711
[  103.002078][ T6612] tipc: Enabled bearer <udp:s>, priority 10
[  103.268149][ T6629] loop1: detected capacity change from 0 to 256
[  103.435592][ T6593] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.461842][ T6593] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.469115][ T6593] bridge_slave_0: entered allmulticast mode
[  103.500692][ T6593] bridge_slave_0: entered promiscuous mode
[  103.522319][ T6593] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.529577][ T6593] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.547796][ T6593] bridge_slave_1: entered allmulticast mode
[  103.568773][ T6593] bridge_slave_1: entered promiscuous mode
[  103.717424][ T6625] loop3: detected capacity change from 0 to 40427
[  103.736800][ T6625] F2FS-fs (loop3): build fault injection attr: rate: 684, type: 0x7ffff
[  103.746942][ T6625] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  103.772572][ T6625] F2FS-fs (loop3): Image doesn't support compression
[  103.781556][ T5765] Bluetooth: hci2: command tx timeout
[  103.781741][ T6625] F2FS-fs (loop3): invalid crc value
[  103.798821][ T6593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.818161][ T6593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.840573][ T6625] F2FS-fs (loop3): Found nat_bits in checkpoint
[  103.991389][ T6625] F2FS-fs (loop3): Start checkpoint disabled!
[  104.005767][ T6593] team0: Port device team_slave_0 added
[  104.008658][ T6625] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  104.090184][ T6593] team0: Port device team_slave_1 added
[  104.099783][ T6625] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60
[  104.138213][  T786] tipc: Node number set to 2886997162
[  104.183884][ T6593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.198161][ T6593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.249735][ T6593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.376654][ T6375] kworker/u4:13: attempt to access beyond end of device
[  104.376654][ T6375] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  104.394986][ T6375] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  104.405216][ T6375] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  104.413850][ T6593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.422412][ T6593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.550472][ T6593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.944082][ T6593] hsr_slave_0: entered promiscuous mode
[  104.981027][ T6593] hsr_slave_1: entered promiscuous mode
[  105.011168][ T6593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.040268][ T6593] Cannot create hsr debugfs directory
[  105.200563][   T41] hsr_slave_0: left promiscuous mode
[  105.214928][   T41] hsr_slave_1: left promiscuous mode
[  105.230239][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.250619][   T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.270208][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.288105][   T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.299663][   T41] bridge_slave_1: left allmulticast mode
[  105.318043][   T41] bridge_slave_1: left promiscuous mode
[  105.326413][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.352660][   T41] bridge_slave_0: left allmulticast mode
[  105.358370][   T41] bridge_slave_0: left promiscuous mode
[  105.369990][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.453772][   T41] veth1_macvtap: left promiscuous mode
[  105.475588][   T41] veth0_macvtap: left promiscuous mode
[  105.485391][   T41] veth1_vlan: left promiscuous mode
[  105.521180][   T41] veth0_vlan: left promiscuous mode
[  105.860504][ T5765] Bluetooth: hci2: command tx timeout
[  105.873260][ T6667] loop3: detected capacity change from 0 to 32768
[  105.908256][ T6667] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.258 (6667)
[  105.962413][ T6667] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  105.981702][ T6667] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  106.012207][ T6667] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11
[  106.050593][ T6667] BTRFS info (device loop3): using free space tree
[  106.261078][ T6667] BTRFS info (device loop3): enabling ssd optimizations
[  106.268105][ T6667] BTRFS info (device loop3): auto enabling async discard
[  106.656662][ T5767] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  107.127033][ T6694] loop1: detected capacity change from 0 to 32768
[  107.155124][ T6694] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.266 (6694)
[  107.213032][ T6694] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  107.245994][ T6694] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  107.270571][ T6694] BTRFS info (device loop1): using free space tree
[  107.451140][ T6694] BTRFS info (device loop1): enabling ssd optimizations
[  107.462966][ T6694] BTRFS info (device loop1): auto enabling async discard
[  107.774503][ T5763] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  107.808854][   T41] team0 (unregistering): Port device team_slave_1 removed
[  107.936130][   T41] team0 (unregistering): Port device team_slave_0 removed
[  107.945260][ T5765] Bluetooth: hci2: command tx timeout
[  108.162645][   T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.318739][   T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.843677][   T41] bond0 (unregistering): Released all slaves
[  109.332620][ T6754] loop1: detected capacity change from 0 to 512
[  109.382810][ T6754] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck.
[  109.438864][ T6754] EXT4-fs (loop1): 1 truncate cleaned up
[  109.456972][ T6754] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.611906][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.905570][ T6593] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  109.954233][ T6593] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  110.020626][ T5765] Bluetooth: hci2: command tx timeout
[  110.031140][ T6593] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  110.073650][ T6593] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  110.084013][ T6772] process 'syz.1.286' launched './file1' with NULL argv: empty string added
[  110.405974][ T6593] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.452218][ T6593] 8021q: adding VLAN 0 to HW filter on device team0
[  110.496257][ T6375] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.503554][ T6375] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.542596][ T6375] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.549797][ T6375] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.710016][ T6593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  110.784205][ T5801] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  111.009101][ T5801] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  111.034219][ T5801] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  111.061017][ T5801] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  111.087915][ T5801] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  111.110532][ T5801] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  111.143804][ T5801] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  111.163287][ T5801] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  111.220967][ T5801] usb 2-1: Product: syz
[  111.225210][ T5801] usb 2-1: Manufacturer: syz
[  111.270932][ T5801] cdc_wdm 2-1:1.0: skipping garbage
[  111.281488][ T5801] cdc_wdm 2-1:1.0: skipping garbage
[  111.311187][ T5801] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  111.316621][ T6593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.318465][ T5801] cdc_wdm 2-1:1.0: Unknown control protocol
[  112.007400][ T6593] veth0_vlan: entered promiscuous mode
[  112.046047][ T6593] veth1_vlan: entered promiscuous mode
[  112.095699][ T6593] veth0_macvtap: entered promiscuous mode
[  112.127792][ T6593] veth1_macvtap: entered promiscuous mode
[  112.170370][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.210593][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.233706][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.260955][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.273655][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.284760][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.296536][ T6593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.334636][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.362769][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.383255][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.396640][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.408546][ T6593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.419458][ T6593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.438034][ T6593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.479878][ T6593] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.505830][ T6593] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.526172][ T6593] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.535445][ T6593] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.681591][ T6816] loop3: detected capacity change from 0 to 32768
[  112.811960][ T6816] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  112.851118][ T6372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.903229][ T6372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.963672][ T6816] XFS (loop3): Ending clean mount
[  113.028233][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.046563][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.293846][ T5767] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  113.431361][  T786] usb 2-1: USB disconnect, device number 4
[  114.971454][ T6875] loop4: detected capacity change from 0 to 1024
[  114.990166][ T6875] EXT4-fs: Ignoring removed bh option
[  115.074738][ T6878] loop1: detected capacity change from 0 to 512
[  115.100707][ T6878] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  115.165940][ T6875] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.178562][ T6878] EXT4-fs error (device loop1): ext4_orphan_get:1430: comm syz.1.302: bad orphan inode 131083
[  115.232169][ T6878] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.390302][ T6878] overlayfs: upper fs needs to support d_type.
[  115.549451][ T5763] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /69/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  115.583759][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.985171][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.208839][ T6372] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  116.235631][ T6372] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.434109][ T6372] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  116.464321][ T6750] Set syz1 is full, maxelem 65536 reached
[  116.470902][ T6372] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.717184][ T6372] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  116.760509][ T6372] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.924055][ T6372] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  116.945236][ T6372] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.050589][ T5801] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  117.277546][ T6914] block nbd4: NBD_DISCONNECT
[  117.285769][ T6914] block nbd4: Disconnected due to user request.
[  117.293824][ T6914] block nbd4: shutting down sockets
[  117.294239][ T5801] usb 4-1: config 0 has no interfaces?
[  117.362447][ T5801] usb 4-1: New USB device found, idVendor=23c5, idProduct=8699, bcdDevice=f8.85
[  117.395517][ T5801] usb 4-1: New USB device strings: Mfr=200, Product=24, SerialNumber=3
[  117.422160][ T6372] tipc: Disabling bearer <udp:s>
[  117.442710][ T6372] tipc: Left network mode
[  117.447766][ T5801] usb 4-1: Product: syz
[  117.457376][ T5801] usb 4-1: Manufacturer: syz
[  117.462895][ T5801] usb 4-1: SerialNumber: syz
[  117.495638][ T5801] usb 4-1: config 0 descriptor??
[  117.521107][ T5776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.532100][ T5776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.550314][ T5776] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.603497][ T5776] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.611490][ T5776] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  117.618946][ T5776] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  117.830973][   T27] kauditd_printk_skb: 21 callbacks suppressed
[  117.830986][   T27] audit: type=1326 audit(1777508874.393:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.2.316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96a359cdd9 code=0x0
[  117.987637][ T6900] netlink: 12 bytes leftover after parsing attributes in process `syz.3.309'.
[  118.009217][    T9] usb 4-1: USB disconnect, device number 5
[  118.518014][ T6922] chnl_net:caif_netlink_parms(): no params data found
[  118.693415][ T6961] loop3: detected capacity change from 0 to 64
[  119.166914][ T6922] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.180629][ T6922] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.198557][ T6922] bridge_slave_0: entered allmulticast mode
[  119.218443][ T6922] bridge_slave_0: entered promiscuous mode
[  119.284850][ T6922] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.302992][ T6922] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.334672][ T6922] bridge_slave_1: entered allmulticast mode
[  119.354070][ T6922] bridge_slave_1: entered promiscuous mode
[  119.497617][ T6922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.523673][ T6922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.624005][ T6372] hsr_slave_0: left promiscuous mode
[  119.645479][ T6372] hsr_slave_1: left promiscuous mode
[  119.654770][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.665701][ T6372] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.678936][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.689862][ T6372] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.701104][ T5765] Bluetooth: hci0: command tx timeout
[  119.721193][ T6372] bridge_slave_1: left allmulticast mode
[  119.726901][ T6372] bridge_slave_1: left promiscuous mode
[  119.737428][ T6372] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.756477][ T6372] bridge_slave_0: left allmulticast mode
[  119.763442][ T6372] bridge_slave_0: left promiscuous mode
[  119.769245][ T6372] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.795345][ T6372] veth1_macvtap: left promiscuous mode
[  119.801017][ T5802] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  119.808630][ T6372] veth0_macvtap: left promiscuous mode
[  119.815348][ T6372] veth1_vlan: left promiscuous mode
[  119.821445][ T6372] veth0_vlan: left promiscuous mode
[  120.025278][ T5802] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  120.046500][ T5802] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.065918][ T5802] usb 4-1: config 0 descriptor??
[  120.075093][ T5802] cp210x 4-1:0.0: cp210x converter detected
[  120.496447][ T5802] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  120.549416][ T5802] usb 4-1: cp210x converter now attached to ttyUSB0
[  120.570314][ T6372] team0 (unregistering): Port device team_slave_1 removed
[  120.629332][ T6372] team0 (unregistering): Port device team_slave_0 removed
[  120.684906][ T6372] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.746963][ T5802] usb 4-1: USB disconnect, device number 6
[  120.754254][ T6372] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.769301][ T5802] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  120.825339][ T5802] cp210x 4-1:0.0: device disconnected
[  121.215555][ T6372] bond0 (unregistering): Released all slaves
[  121.373835][ T6922] team0: Port device team_slave_0 added
[  121.416018][ T6922] team0: Port device team_slave_1 added
[  121.554074][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.593172][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.626869][ T6922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.640950][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.648503][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.726963][ T6922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.806751][ T5765] Bluetooth: hci0: command tx timeout
[  122.016736][ T6922] hsr_slave_0: entered promiscuous mode
[  122.037258][ T6922] hsr_slave_1: entered promiscuous mode
[  122.308988][ T7025] loop4: detected capacity change from 0 to 128
[  122.793474][ T6922] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  122.889982][ T6922] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  122.992065][ T6922] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  123.028196][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.342'.
[  123.060701][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.342'.
[  123.099801][ T7044] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  123.109172][ T7044] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  123.118133][ T7044] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  123.126924][ T7044] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  123.143862][ T6922] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  123.182060][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.342'.
[  123.199389][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.342'.
[  123.565972][ T7058] netlink: 'syz.3.349': attribute type 1 has an invalid length.
[  123.575462][ T6922] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.734419][ T6922] 8021q: adding VLAN 0 to HW filter on device team0
[  123.771073][ T6377] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.779137][ T6377] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.829219][ T6377] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.836461][ T6377] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.860613][ T5765] Bluetooth: hci0: command tx timeout
[  123.948748][ T6922] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  123.976790][ T6922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  124.138685][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'.
[  124.221505][ T7082] A link change request failed with some changes committed already. Interface ip6erspan0 may have been left with an inconsistent configuration, please check.
[  124.428764][ T6922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.642907][   T27] audit: type=1326 audit(1777508881.203:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.738446][   T27] audit: type=1326 audit(1777508881.243:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.803500][   T27] audit: type=1326 audit(1777508881.243:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.829020][   T27] audit: type=1326 audit(1777508881.243:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.854025][   T27] audit: type=1326 audit(1777508881.243:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.914954][   T27] audit: type=1326 audit(1777508881.243:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  124.962153][ T7111] netlink: 136 bytes leftover after parsing attributes in process `syz.3.361'.
[  124.981558][   T27] audit: type=1326 audit(1777508881.243:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  125.000697][ T7111] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  125.061201][   T27] audit: type=1326 audit(1777508881.243:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  125.141556][   T27] audit: type=1326 audit(1777508881.253:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  125.224206][   T27] audit: type=1326 audit(1777508881.253:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faaf9cdd9 code=0x7ffc0000
[  125.443808][ T6922] veth0_vlan: entered promiscuous mode
[  125.497316][ T6922] veth1_vlan: entered promiscuous mode
[  125.627229][ T6922] veth0_macvtap: entered promiscuous mode
[  125.658711][ T6922] veth1_macvtap: entered promiscuous mode
[  125.743092][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.763284][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.795202][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.823942][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.842947][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.856144][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.872313][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.893670][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.908385][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.940695][ T5765] Bluetooth: hci0: command tx timeout
[  125.946189][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.960512][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.971341][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.982298][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.012088][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.086723][ T7152] loop3: detected capacity change from 0 to 2048
[  126.134312][ T6922] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.163113][ T7152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.175235][ T6922] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.175322][ T6922] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.175347][ T6922] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.496194][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.516428][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.550637][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.654076][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.692226][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.732668][   T42] IPVS: starting estimator thread 0...
[  126.749120][ T7167] tipc: Started in network mode
[  126.764758][ T7167] tipc: Node identity ac14140f, cluster identity 4711
[  126.782091][ T7167] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  126.802419][ T7167] tipc: Enabled bearer <udp:syz2>, priority 10
[  126.842556][ T7169] IPVS: using max 22 ests per chain, 52800 per kthread
[  126.920681][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.061623][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.200605][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.350552][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.500638][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.650551][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  127.791809][  T786] tipc: Node number set to 2886997007
[  127.940553][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  128.735086][ T7234] loop4: detected capacity change from 0 to 64
[  129.064350][ T7247] loop3: detected capacity change from 0 to 512
[  129.129561][ T7247] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.400: inode has both inline data and extents flags
[  129.266280][ T7247] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.400: couldn't read orphan inode 15 (err -117)
[  129.305921][ T7257] netlink: 'syz.5.403': attribute type 2 has an invalid length.
[  129.332316][ T7257] netlink: 16 bytes leftover after parsing attributes in process `syz.5.403'.
[  129.336474][ T7247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.537897][ T7265] netlink: 8 bytes leftover after parsing attributes in process `syz.5.405'.
[  129.780602][    C1] net_ratelimit: 2 callbacks suppressed
[  129.780618][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  129.868082][ T7271] loop4: detected capacity change from 0 to 4096
[  130.019333][ T7271] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  130.060855][ T7271] ntfs3: loop4: Failed to initialize $Extend/$ObjId.
[  130.214768][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.291785][   T12] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22.
[  130.340132][ T6593] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  130.360492][ T6593] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  130.430974][ T6593] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  130.450646][   T12] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22.
[  130.627969][   T60] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.823267][    C1] IPVS: ovf: UDP 224.0.0.1:0 - no destination available
[  130.882037][   T60] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.079062][   T60] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.204371][   T60] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.570621][   T60] tipc: Disabling bearer <udp:syz2>
[  131.592386][   T60] tipc: Left network mode
[  131.646924][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  131.670485][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  131.681315][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  131.695490][ T5776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  131.726738][ T5776] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  131.750150][ T5776] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  132.425013][ T7305] chnl_net:caif_netlink_parms(): no params data found
[  133.006090][ T7305] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.023135][ T7305] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.055450][ T7305] bridge_slave_0: entered allmulticast mode
[  133.090030][ T7305] bridge_slave_0: entered promiscuous mode
[  133.164534][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  133.171700][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  133.173094][ T7305] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.186206][ T7305] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.198709][ T7305] bridge_slave_1: entered allmulticast mode
[  133.213545][ T7305] bridge_slave_1: entered promiscuous mode
[  133.291521][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  133.406645][ T7305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.436728][ T7305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.530646][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.560616][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.579848][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  133.609155][    T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  133.619307][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.636215][   T60] hsr_slave_0: left promiscuous mode
[  133.649082][   T60] hsr_slave_1: left promiscuous mode
[  133.686563][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.687190][    T9] usb 5-1: config 0 descriptor??
[  133.711625][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.734683][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.746658][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.759895][   T60] bridge_slave_1: left allmulticast mode
[  133.768613][   T60] bridge_slave_1: left promiscuous mode
[  133.781580][ T5765] Bluetooth: hci3: command tx timeout
[  133.790982][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.815515][   T60] bridge_slave_0: left allmulticast mode
[  133.830502][   T60] bridge_slave_0: left promiscuous mode
[  133.836349][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.939945][   T60] veth1_macvtap: left promiscuous mode
[  133.949890][   T60] veth0_macvtap: left promiscuous mode
[  133.971146][   T60] veth1_vlan: left promiscuous mode
[  133.976579][   T60] veth0_vlan: left promiscuous mode
[  134.214951][    T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  134.291677][    T9] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  134.696799][    T8] usb 5-1: USB disconnect, device number 2
[  135.201339][   T60] team0 (unregistering): Port device team_slave_1 removed
[  135.332282][   T60] team0 (unregistering): Port device team_slave_0 removed
[  135.356761][ T7389] loop8: detected capacity change from 0 to 8
[  135.389456][ T7389] Dev loop8: unable to read RDB block 8
[  135.395685][ T7389]  loop8: unable to read partition table
[  135.408577][ T7389] loop8: partition table beyond EOD, truncated
[  135.426188][ T7389] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  135.474759][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.556327][ T7393] loop4: detected capacity change from 0 to 128
[  135.588931][ T7393] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  135.607516][ T7393] hpfs: filesystem error: improperly stopped
[  135.614463][ T7393] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  135.629910][ T7393] hpfs: You really don't want any checks? You are crazy...
[  135.630058][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.637727][ T7393] hpfs: Code page index out of array
[  135.653154][ T7393] hpfs: code page support is disabled
[  135.658757][ T7393] hpfs: hpfs_map_4sectors(): unaligned read
[  135.666237][ T7393] hpfs: hpfs_map_4sectors(): unaligned read
[  135.677001][ T7393] hpfs: filesystem error: unable to find root dir
[  135.860823][ T5765] Bluetooth: hci3: command tx timeout
[  136.133673][   T60] bond0 (unregistering): Released all slaves
[  136.260110][ T7305] team0: Port device team_slave_0 added
[  136.275738][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.439'.
[  136.388001][ T7394] hsr_slave_1 (unregistering): left promiscuous mode
[  136.406368][ T7305] team0: Port device team_slave_1 added
[  136.531519][ T7305] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.545383][ T7305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.581601][ T7305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.618821][ T7305] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.626502][ T7305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.661462][ T7305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  136.825715][ T7305] hsr_slave_0: entered promiscuous mode
[  136.859540][ T7305] hsr_slave_1: entered promiscuous mode
[  136.902995][ T7305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  136.910900][ T7305] Cannot create hsr debugfs directory
[  137.113767][   T60] IPVS: stop unused estimator thread 0...
[  137.295288][ T7403] loop5: detected capacity change from 0 to 40427
[  137.340569][ T7403] F2FS-fs (loop5): Fix alignment : internally, start(4096) end(16896) block(12288)
[  137.352604][ T7403] F2FS-fs (loop5): invalid crc value
[  137.353821][ T5802] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  137.364106][ T7403] F2FS-fs (loop5): Found nat_bits in checkpoint
[  137.503691][ T7305] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  137.511472][ T7403] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  137.544318][ T7305] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  137.566965][ T7305] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  137.591628][ T7305] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  137.592467][ T5802] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.626149][ T5802] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.644937][ T5802] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  137.687058][ T5802] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.746575][ T5802] usb 5-1: config 0 descriptor??
[  137.892449][ T7305] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.946159][ T7305] 8021q: adding VLAN 0 to HW filter on device team0
[  137.950578][ T5765] Bluetooth: hci3: command tx timeout
[  137.967476][ T6372] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.974738][ T6372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.039460][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.046708][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.196901][ T7305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  138.201451][ T5802] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  138.256203][ T5802] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  138.330740][ T5802] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0002/input/input8
[  138.481426][ T5802] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  138.575438][ T5802] usb 5-1: USB disconnect, device number 3
[  138.746538][ T7441] fido_id[7441]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  139.005847][ T7305] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.125428][ T7456] loop5: detected capacity change from 0 to 1024
[  139.171552][ T7456] EXT4-fs: inline encryption not supported
[  139.213037][ T7456] EXT4-fs (loop5): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  139.304737][ T7456] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.494765][   T27] kauditd_printk_skb: 21 callbacks suppressed
[  139.494781][   T27] audit: type=1804 audit(1777508896.053:82): pid=7456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.452" name="/newroot/19/file1/bus" dev="loop5" ino=18 res=1 errno=0
[  139.799284][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.024330][ T5765] Bluetooth: hci3: command tx timeout
[  140.029797][ T7475] loop4: detected capacity change from 0 to 8192
[  140.095772][ T7475] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  140.143874][ T7475] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  140.210776][ T7475] REISERFS (device loop4): using ordered data mode
[  140.260904][ T7475] reiserfs: using flush barriers
[  140.280512][ T7475] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  140.329810][ T7305] veth0_vlan: entered promiscuous mode
[  140.331040][ T7475] REISERFS (device loop4): checking transaction log (loop4)
[  140.376585][ T7475] REISERFS (device loop4): Using r5 hash to sort names
[  140.384055][ T7305] veth1_vlan: entered promiscuous mode
[  140.412153][ T7475] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  140.460159][ T7305] veth0_macvtap: entered promiscuous mode
[  140.496543][ T7305] veth1_macvtap: entered promiscuous mode
[  140.566056][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.601631][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.617373][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.629043][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.639218][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.657728][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.674462][ T7305] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.718351][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.760457][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.777849][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.789337][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.801405][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.844249][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.869399][ T7305] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.900320][ T7305] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.942756][ T7305] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.975769][ T7305] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.001747][ T7305] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.048917][ T7514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.464'.
[  141.088660][ T7514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.464'.
[  141.354111][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.376823][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.454169][ T1073] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.486358][ T1073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.914041][   T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  142.989263][ T7589] loop5: detected capacity change from 0 to 128
[  143.016063][ T7591] loop4: detected capacity change from 0 to 1024
[  143.074717][ T7591] EXT4-fs: inline encryption not supported
[  143.088274][ T7591] EXT4-fs (loop4): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  143.120520][   T23] usb 7-1: Using ep0 maxpacket: 32
[  143.135646][   T23] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  143.155133][   T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.189763][ T7591] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.240029][   T23] gspca_main: nw80x-2.14.0 probing 055f:d001
[  143.384332][   T27] audit: type=1804 audit(1777508899.933:83): pid=7591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.486" name="/newroot/53/file1/bus" dev="loop4" ino=18 res=1 errno=0
[  144.089715][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.471195][   T23] gspca_nw80x: reg_w err -71
[  144.476123][   T23] nw80x: probe of 7-1:3.0 failed with error -71
[  144.515071][   T23] usb 7-1: USB disconnect, device number 2
[  145.090578][ T7433] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  145.301484][ T7669] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  145.318431][ T7433] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  145.330716][ T7433] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.362772][ T7433] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.390564][ T7433] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  145.426524][ T7433] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  145.457844][ T7433] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.485404][ T7433] usb 6-1: config 0 descriptor??
[  145.724488][ T7667] loop4: detected capacity change from 0 to 32768
[  145.754475][ T7667] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.500 (7667)
[  145.811270][ T7667] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  145.834408][ T7667] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  145.862215][ T7667] BTRFS info (device loop4): using free space tree
[  145.880934][   T23] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  145.948065][ T7433] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd
[  145.985293][ T7433] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  146.038321][ T7433] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  146.091455][   T23] usb 7-1: Using ep0 maxpacket: 8
[  146.102603][ T7667] BTRFS info (device loop4): enabling ssd optimizations
[  146.104296][   T23] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  146.123005][ T7667] BTRFS info (device loop4): auto enabling async discard
[  146.158772][   T23] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  146.221075][   T23] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  146.237983][   T23] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  146.273727][   T23] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  146.327772][   T23] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  146.369832][   T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.381653][   T42] usb 6-1: USB disconnect, device number 2
[  146.500124][ T6593] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  146.589407][ T7713] overlayfs: failed to clone upperpath
[  146.672990][   T23] usb 7-1: usb_control_msg returned -32
[  146.700762][   T23] usbtmc 7-1:16.0: can't read capabilities
[  147.095367][ T7726] netlink: 'syz.5.511': attribute type 1 has an invalid length.
[  147.826792][ T5802] usb 7-1: USB disconnect, device number 3
[  148.140437][    C0] sched: RT throttling activated
[  148.221730][ T7730] loop4: detected capacity change from 0 to 131072
[  148.274935][ T7730] F2FS-fs (loop4): Found nat_bits in checkpoint
[  148.346641][ T7730] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  148.386840][ T7730] F2FS-fs (loop4): Stopped filesystem due to reason: 0
[  148.422676][ T7730] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix
[  148.564700][ T7753] loop6: detected capacity change from 0 to 256
[  148.723789][ T7757] loop5: detected capacity change from 0 to 512
[  148.786233][   T27] audit: type=1800 audit(1777508905.343:84): pid=7759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.518" name="file2" dev="loop6" ino=1048605 res=0 errno=0
[  148.833083][ T7757] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  148.909278][ T7757] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.051902][ T7757] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  149.516999][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.850676][ T7792] netlink: 64 bytes leftover after parsing attributes in process `syz.5.523'.
[  150.098151][ T7803] loop4: detected capacity change from 0 to 128
[  150.116241][ T7803] EXT4-fs (loop4): Test dummy encryption mode enabled
[  150.152065][ T7803] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  150.181419][ T7803] ext4 filesystem being mounted at /61/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  150.210800][ T1187] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  150.362898][ T7811] lo: entered promiscuous mode
[  150.374297][ T6593] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  150.440597][ T1187] usb 7-1: Using ep0 maxpacket: 8
[  150.468812][ T1187] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  150.490450][ T1187] usb 7-1: config 179 has no interface number 0
[  150.496791][ T1187] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  150.521941][ T1187] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  150.529087][ T7810] lo: left promiscuous mode
[  150.537581][ T1187] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  150.558034][ T1187] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  150.575841][ T1187] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  150.596890][ T1187] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  150.606809][ T1187] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.631712][ T7798] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  151.232863][ T1187] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input10
[  151.237559][ T7839] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  151.278349][ T7839] bond1: (slave lo): Enslaving as an active interface with an up link
[  151.295634][ T7839] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  151.356193][ T7840] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.365977][ T7840] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.627124][ T7798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.672621][ T7798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.786668][   T23] usb 7-1: USB disconnect, device number 4
[  151.786666][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  151.786798][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  151.813817][   T23] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  152.469013][ T7875] loop6: detected capacity change from 0 to 1024
[  152.484356][ T7875] EXT4-fs: inline encryption not supported
[  152.519996][ T7875] EXT4-fs (loop6): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  152.571527][ T7875] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.624449][   T27] audit: type=1804 audit(1777508909.183:85): pid=7875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.540" name="/newroot/11/file1/bus" dev="loop6" ino=18 res=1 errno=0
[  152.631035][ T7881] netlink: 12 bytes leftover after parsing attributes in process `syz.5.541'.
[  152.960788][   T27] audit: type=1326 audit(1777508909.513:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7889 comm="syz.2.543" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96a359cdd9 code=0x0
[  153.272840][ T7900] loop4: detected capacity change from 0 to 256
[  153.310827][ T7900] exfat: Deprecated parameter 'utf8'
[  153.333897][ T7900] exfat: Deprecated parameter 'namecase'
[  153.348866][ T7900] exfat: Deprecated parameter 'namecase'
[  153.429814][ T7900] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc3758327, utbl_chksum : 0xe619d30d)
[  153.742251][ T7305] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.227573][ T7926] overlayfs: failed to clone upperpath
[  154.869590][ T7945] loop5: detected capacity change from 0 to 256
[  154.886030][ T7945] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  155.008413][ T7945] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.619818][ T7957] netlink: 'syz.4.563': attribute type 3 has an invalid length.
[  155.710029][ T7963] netlink: 52 bytes leftover after parsing attributes in process `syz.5.564'.
[  155.812549][ T7963] netlink: 12 bytes leftover after parsing attributes in process `syz.5.564'.
[  156.425873][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  156.440634][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.463611][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  156.486761][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.513865][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  156.543819][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.574342][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  156.597402][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.625994][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  156.641628][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.683760][ T7973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  156.704231][ T7973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  156.742567][ T7975] loop6: detected capacity change from 0 to 32768
[  156.767637][ T7975] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  156.952880][ T7975] XFS (loop6): Ending clean mount
[  157.139251][ T7305] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  158.084774][ T7994] loop4: detected capacity change from 0 to 40427
[  158.121870][ T7994] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  158.157064][ T7994] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  158.232046][ T7994] F2FS-fs (loop4): Found nat_bits in checkpoint
[  158.448509][ T8043] netlink: 'syz.2.584': attribute type 1 has an invalid length.
[  158.471000][ T7994] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  158.490620][ T7994] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  158.630143][ T8043] 8021q: adding VLAN 0 to HW filter on device bond2
[  160.313131][  T786] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  160.531839][  T786] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  160.540035][  T786] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.590485][  T786] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.600288][  T786] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  160.661744][  T786] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  160.699433][  T786] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.722818][  T786] usb 7-1: config 0 descriptor??
[  161.143138][  T786] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd
[  161.196494][  T786] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  161.224491][ T8114] loop5: detected capacity change from 0 to 32768
[  161.240802][  T786] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  161.268926][ T8114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.598 (8114)
[  161.383535][ T8111] loop4: detected capacity change from 0 to 40427
[  161.445952][ T8114] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.450376][ T8111] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  161.495504][ T8114] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  161.539512][ T8111] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  161.543515][ T8114] BTRFS info (device loop5): setting nodatasum
[  161.572108][ T8111] F2FS-fs (loop4): invalid crc value
[  161.583239][ T8111] F2FS-fs (loop4): Ignore s_resuid=0, s_resgid=65535 w/o reserve_root
[  161.605056][ T8111] F2FS-fs (loop4): Found nat_bits in checkpoint
[  161.615530][ T8114] BTRFS info (device loop5): force zlib compression, level 3
[  161.635145][  T786] usb 7-1: USB disconnect, device number 5
[  161.671932][ T8114] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8)
[  161.735113][ T8114] BTRFS info (device loop5): use lzo compression, level 0
[  161.746172][ T8111] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  161.765480][ T8111] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  161.782060][ T8114] BTRFS info (device loop5): turning on flush-on-commit
[  161.807099][ T8114] BTRFS info (device loop5): enabling auto defrag
[  161.830903][ T8114] BTRFS info (device loop5): max_inline at 4096
[  161.851450][ T8114] BTRFS info (device loop5): using free space tree
[  161.916993][ T8111] syz.4.596: attempt to access beyond end of device
[  161.916993][ T8111] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  161.957964][ T8111] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  162.001175][ T8114] BTRFS info (device loop5): enabling ssd optimizations
[  162.333840][ T6922] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.799312][ T8154] loop6: detected capacity change from 0 to 512
[  162.825234][ T8154] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  162.893902][ T8156] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  162.919576][ T8154] EXT4-fs (loop6): 1 truncate cleaned up
[  162.930556][ T1187] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  162.941954][ T8154] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.086137][ T7305] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.172271][ T1187] usb 6-1: config 1 interface 0 has no altsetting 0
[  163.202096][ T1187] usb 6-1: string descriptor 0 read error: -22
[  163.230595][ T1187] usb 6-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.40
[  163.258307][ T1187] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.411163][ T8168] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  163.436682][ T8168] bond1: (slave lo): Enslaving as an active interface with an up link
[  163.473971][ T8168] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  163.614023][ T8175] loop4: detected capacity change from 0 to 1024
[  163.633611][ T8175] ext4: Bad value for 'max_dir_size_kb'
[  163.722247][ T1187] hid_mf 0003:0079:1801.0005: invalid report_count -606797794
[  163.754452][ T1187] hid_mf 0003:0079:1801.0005: item 0 4 1 9 parsing failed
[  163.784040][ T1187] hid_mf 0003:0079:1801.0005: HID parse failed.
[  163.790588][ T1187] hid_mf: probe of 0003:0079:1801.0005 failed with error -22
[  163.970367][ T1187] usb 6-1: USB disconnect, device number 3
[  163.975498][ T8183] syz_tun: entered allmulticast mode
[  163.999450][ T8183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.615'.
[  164.086791][ T8183] syz_tun (unregistering): left allmulticast mode
[  164.147968][ T8173] loop6: detected capacity change from 0 to 32768
[  164.185862][ T8173] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.406139][ T8173] XFS (loop6): Ending clean mount
[  164.432640][ T8173] XFS (loop6): Quotacheck needed: Please wait.
[  164.519760][ T8173] XFS (loop6): Quotacheck: Done.
[  165.081122][ T7305] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.844869][ T8234] loop5: detected capacity change from 0 to 8192
[  165.871014][ T8245] loop4: detected capacity change from 0 to 512
[  165.911687][ T8234] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  165.934963][ T8245] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  165.977173][ T8234] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  166.007652][ T8245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.031305][ T8234] REISERFS (device loop5): using journaled data mode
[  166.058169][ T8234] reiserfs: using flush barriers
[  166.079034][ T8245] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  166.121243][ T8234] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  166.197548][ T8234] REISERFS (device loop5): checking transaction log (loop5)
[  166.231452][ T8234] REISERFS (device loop5): Using r5 hash to sort names
[  166.249629][ T8234] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  166.305185][ T8234] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  166.444943][ T8234] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  166.461579][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.491792][ T8234] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  166.646771][ T8263] loop6: detected capacity change from 0 to 4096
[  166.745705][ T8263] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.086291][ T8281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.631'.
[  167.118958][ T7305] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.141581][ T8281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.631'.
[  167.557461][ T8301] loop6: detected capacity change from 0 to 1024
[  167.573718][ T8299] loop5: detected capacity change from 0 to 128
[  167.654533][ T8299] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  167.692468][ T8299] hpfs: filesystem error: improperly stopped
[  167.740569][ T8299] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  167.749349][ T8299] hpfs: You really don't want any checks? You are crazy...
[  167.791239][ T8299] hpfs: Code page index out of array
[  167.830342][ T8299] hpfs: code page support is disabled
[  167.852008][ T8299] hpfs: hpfs_map_4sectors(): unaligned read
[  167.863955][ T8305] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  167.898495][ T8299] hpfs: hpfs_map_4sectors(): unaligned read
[  167.911698][ T8299] hpfs: filesystem error: unable to find root dir
[  168.179158][   T41] hfsplus: b-tree write err: -5, ino 3
[  168.546423][ T8319] loop4: detected capacity change from 0 to 8192
[  168.596065][ T8325] netlink: 'syz.5.644': attribute type 7 has an invalid length.
[  168.624013][ T8325] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  168.633109][ T8325] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  168.642379][ T8325] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  168.651258][ T8325] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  168.672264][ T8325] netlink: 'syz.5.644': attribute type 7 has an invalid length.
[  168.839736][ T8319] FAT-fs (loop4): error, clusters badly computed (2 != 1)
[  168.869567][ T8319] FAT-fs (loop4): Filesystem has been set read-only
[  169.676194][ T8351] loop6: detected capacity change from 0 to 4096
[  169.835184][ T8357] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  170.080793][   T27] audit: type=1800 audit(1777508926.633:87): pid=8351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.649" name="file1" dev="loop6" ino=15 res=0 errno=0
[  170.482667][  T786] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  170.702178][  T786] usb 6-1: Using ep0 maxpacket: 32
[  170.732910][  T786] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  170.760718][  T786] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.787572][  T786] usb 6-1: config 0 descriptor??
[  170.817603][  T786] gspca_main: sunplus-2.14.0 probing 041e:400b
[  171.530528][   T42] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  171.740753][   T42] usb 5-1: Using ep0 maxpacket: 8
[  171.759959][   T42] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  171.778965][   T42] usb 5-1: config 179 has no interface number 0
[  171.789470][   T42] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  171.815856][   T42] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  171.828472][   T42] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  171.842763][  T786] gspca_sunplus: reg_w_riv err -71
[  171.848012][  T786] sunplus: probe of 6-1:0.0 failed with error -71
[  171.865416][   T42] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  171.887408][  T786] usb 6-1: USB disconnect, device number 4
[  171.893754][   T42] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  171.917534][   T42] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  171.927220][   T42] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.959185][ T8409] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  172.386464][  T786] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input12
[  172.801484][ T1187] usb 5-1: USB disconnect, device number 4
[  172.801545][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  172.816550][    C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending?
[  172.827061][ T1187] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  172.859271][ T8450] loop6: detected capacity change from 0 to 512
[  172.884419][ T8450] EXT4-fs: Ignoring removed orlov option
[  172.915521][ T8450] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  172.962864][ T8450] EXT4-fs error (device loop6): ext4_ext_check_inode:530: inode #16: comm syz.6.664: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 28(0), depth 0(0)
[  173.016500][ T8450] EXT4-fs error (device loop6): ext4_orphan_get:1409: comm syz.6.664: couldn't read orphan inode 16 (err -117)
[  173.035370][ T8450] EXT4-fs (loop6): 1 orphan inode deleted
[  173.062425][ T8450] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.123770][ T8450] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  173.257146][ T7305] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.571298][ T8468] loop4: detected capacity change from 0 to 128
[  173.696253][ T8468] syz.4.666: attempt to access beyond end of device
[  173.696253][ T8468] loop4: rw=2049, sector=138, nr_sectors = 112 limit=128
[  173.982109][ T8487] loop5: detected capacity change from 0 to 1024
[  174.049249][ T8487] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.276293][ T8498] loop4: detected capacity change from 0 to 1024
[  174.320291][ T8498] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  174.356177][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.454887][ T8498] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.677556][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.846218][ T8519] veth0: entered promiscuous mode
[  174.917522][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.678'.
[  175.086327][ T8526] loop5: detected capacity change from 0 to 8192
[  175.088227][ T8519] veth0 (unregistering): left promiscuous mode
[  175.148680][ T8526] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  175.182493][ T8526] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  175.193522][ T8526] REISERFS (device loop5): using ordered data mode
[  175.205418][ T8526] reiserfs: using flush barriers
[  175.225428][ T8526] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  175.249913][ T8526] REISERFS (device loop5): checking transaction log (loop5)
[  175.301353][ T8526] REISERFS (device loop5): Using r5 hash to sort names
[  175.319031][ T8526] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  175.398722][ T8526] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3633, free_space(entry_count) 2
[  175.430510][ T8526] REISERFS error (device loop5): vs-5150 search_by_key: invalid format found in block 532. Fsck?
[  175.453519][ T1187] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  175.477854][ T8526] REISERFS (device loop5): Remounting filesystem read-only
[  175.650631][ T1187] usb 7-1: Using ep0 maxpacket: 32
[  175.664664][ T1187] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.677216][ T1187] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.693825][ T1187] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  175.715545][ T1187] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.749563][ T1187] usb 7-1: config 0 descriptor??
[  175.765826][ T1187] hub 7-1:0.0: USB hub found
[  175.970116][ T1187] hub 7-1:0.0: 1 port detected
[  176.143394][ T8536] loop4: detected capacity change from 0 to 32768
[  176.197198][ T8536] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  176.301105][ T8536] XFS (loop4): Ending clean mount
[  176.610375][ T6593] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  176.633017][ T1187] hub 7-1:0.0: activate --> -90
[  176.835168][ T5869] usb 7-1: USB disconnect, device number 6
[  178.190516][ T8603] loop6: detected capacity change from 0 to 32768
[  178.324146][ T8603] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  178.485280][ T8603] XFS (loop6): Ending clean mount
[  178.535933][ T8649] vcan0: tx drop: invalid da for name 0x0000000000000002
[  178.790224][ T7305] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  178.909495][ T8659] netlink: 'syz.5.709': attribute type 20 has an invalid length.
[  178.929954][ T8659] netlink: 4 bytes leftover after parsing attributes in process `syz.5.709'.
[  178.965282][ T8659] netlink: 'syz.5.709': attribute type 20 has an invalid length.
[  178.980797][ T8659] netlink: 4 bytes leftover after parsing attributes in process `syz.5.709'.
[  179.761359][   T42] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  179.785669][    C0] vcan0: j1939_tp_rxtimer: 0xffff88801c783000: rx timeout, send abort
[  179.797308][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801c783000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  179.960741][   T42] usb 6-1: Using ep0 maxpacket: 16
[  179.971979][   T42] usb 6-1: config index 0 descriptor too short (expected 51443, got 18)
[  179.993241][   T42] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  180.016452][   T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.052678][   T42] usb 6-1: Product: syz
[  180.082625][   T42] usb 6-1: Manufacturer: syz
[  180.087288][   T42] usb 6-1: SerialNumber: syz
[  180.109864][   T42] r8152-cfgselector 6-1: config 0 descriptor??
[  180.349946][   T42] r8152-cfgselector 6-1: Needed 1 retries to read version
[  180.367061][   T42] usbip-host 6-1: 6-1 is not in match_busid table... skip!
[  180.622768][   T42] usb 6-1: USB disconnect, device number 5
[  181.324665][ T8749] 9pnet: p9_errstr2errno: server reported unknown error �00000000000000000005
[  181.874930][ T1187] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  181.982065][ T1187] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  182.954533][ T8806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.744'.
[  183.360089][ T8792] loop6: detected capacity change from 0 to 32768
[  183.377671][ T8792] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.741 (8792)
[  183.457668][ T8792] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  183.495227][ T8792] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  183.530524][ T8792] BTRFS info (device loop6): setting nodatasum
[  183.536753][ T8792] BTRFS info (device loop6): force zlib compression, level 3
[  183.560470][ T8792] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8)
[  183.569830][ T8792] BTRFS info (device loop6): use lzo compression, level 0
[  183.581266][ T5822] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  183.591890][ T8792] BTRFS info (device loop6): turning on flush-on-commit
[  183.598898][ T8792] BTRFS info (device loop6): enabling auto defrag
[  183.620553][ T8792] BTRFS info (device loop6): max_inline at 4096
[  183.626879][ T8792] BTRFS info (device loop6): using free space tree
[  183.692636][ T8792] BTRFS info (device loop6): enabling ssd optimizations
[  183.802580][ T5822] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  183.833223][ T5822] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  183.849973][ T7305] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  183.863577][ T5822] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  183.885953][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  183.904554][ T5822] usb 5-1: SerialNumber: syz
[  184.157165][ T5822] usb 5-1: 0:2 : does not exist
[  184.317520][ T5822] usb 5-1: USB disconnect, device number 5
[  184.477304][ T5758] udevd[5758]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  185.208285][ T8851] loop5: detected capacity change from 0 to 131072
[  185.217158][ T8851] F2FS-fs (loop5): Invalid log sectorsize (67108873)
[  185.224019][ T8851] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  185.234637][ T8851] F2FS-fs (loop5): invalid crc value
[  185.254752][ T8851] F2FS-fs (loop5): Found nat_bits in checkpoint
[  185.308542][ T8851] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  185.316472][ T8851] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  185.687472][ T8853] loop4: detected capacity change from 0 to 32768
[  185.710839][ T8853] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.752 (8853)
[  185.779087][ T8853] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  185.794879][ T8853] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  185.820542][ T8853] BTRFS info (device loop4): setting nodatacow, compression disabled
[  185.845291][ T8853] BTRFS info (device loop4): setting datasum, datacow enabled
[  185.892258][ T8853] BTRFS info (device loop4): force clearing of disk cache
[  185.907739][ T8853] BTRFS info (device loop4): enabling ssd optimizations
[  185.930814][ T8853] BTRFS info (device loop4): using spread ssd allocation scheme
[  185.938529][ T8853] BTRFS info (device loop4): turning on sync discard
[  185.970948][ T8853] BTRFS info (device loop4): turning off barriers
[  185.977463][ T8853] BTRFS info (device loop4): enabling auto defrag
[  186.020739][ T8853] BTRFS info (device loop4): not using ssd optimizations
[  186.027838][ T8853] BTRFS info (device loop4): not using spread ssd allocation scheme
[  186.073875][ T8853] BTRFS info (device loop4): using free space tree
[  186.337550][ T8853] BTRFS info (device loop4): rebuilding free space tree
[  186.500471][   T27] audit: type=1800 audit(1777508943.043:88): pid=8853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.752" name="file1" dev="loop4" ino=260 res=0 errno=0
[  186.591338][ T8901] capability: warning: `syz.2.758' uses 32-bit capabilities (legacy support in use)
[  186.840599][ T5822] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  187.054318][ T5822] usb 5-1: config 0 has no interfaces?
[  187.067792][ T5822] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  187.102932][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.151682][ T5822] usb 5-1: config 0 descriptor??
[  187.338302][ T8911] loop6: detected capacity change from 0 to 8192
[  187.374647][ T8911] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  187.419159][ T8911] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  187.465869][ T8911] REISERFS (device loop6): using ordered data mode
[  187.500616][ T8911] reiserfs: using flush barriers
[  187.510500][   T42] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  187.532544][ T8911] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  187.604766][ T8911] REISERFS (device loop6): checking transaction log (loop6)
[  187.636119][ T8911] REISERFS (device loop6): Using r5 hash to sort names
[  187.660873][ T8911] REISERFS (device loop6): using 3.5.x disk format
[  187.667787][ T8911] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  187.714489][   T42] usb 6-1: config 1 interface 0 has no altsetting 0
[  187.747352][   T42] usb 6-1: string descriptor 0 read error: -22
[  187.764911][   T42] usb 6-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.40
[  187.792401][ T8911] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3717, free_space(entry_count) 2
[  187.797272][   T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.838601][ T8911] REISERFS error (device loop6): vs-5150 search_by_key: invalid format found in block 532. Fsck?
[  187.869496][ T8911] REISERFS (device loop6): Remounting filesystem read-only
[  188.257924][   T42] hid (null): unknown global tag 0xe
[  188.374718][   T42] nzxt-kraken2 0003:1E71:170E.0007: unknown global tag 0xe
[  188.395473][   T42] nzxt-kraken2 0003:1E71:170E.0007: item 0 0 1 14 parsing failed
[  188.411737][   T42] nzxt-kraken2 0003:1E71:170E.0007: hid parse failed with -22
[  188.437762][   T42] nzxt-kraken2: probe of 0003:1E71:170E.0007 failed with error -22
[  188.582514][   T42] usb 6-1: USB disconnect, device number 6
[  189.039683][ T5869] usb 5-1: USB disconnect, device number 6
[  189.108999][ T8938] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input13
[  189.453243][ T8950] overlayfs: failed to clone upperpath
[  189.511053][ T6593] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  189.517834][ T8952] loop5: detected capacity change from 0 to 1024
[  189.563264][ T8952] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  189.951201][ T8965] loop7: detected capacity change from 0 to 7
[  189.966986][ T8965] Dev loop7: unable to read RDB block 7
[  189.978497][ T8965]  loop7: unable to read partition table
[  189.994833][ T8965] loop7: partition table beyond EOD, truncated
[  190.026966][ T8965] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  190.489302][ T8983] loop6: detected capacity change from 0 to 512
[  190.523681][ T8983] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  190.573694][ T8983] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.597162][ T8983] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  190.633241][ T8990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  190.813974][ T7305] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.913621][ T8999] loop4: detected capacity change from 0 to 4096
[  190.946710][ T8999] EXT4-fs: inline encryption not supported
[  190.976297][ T8999] EXT4-fs: Ignoring removed bh option
[  190.986058][ T9004] Bluetooth: MGMT ver 1.22
[  191.022221][ T8999] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  191.051147][ T8999] EXT4-fs (loop4): Test dummy encryption mode enabled
[  191.090847][ T8999] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  191.117002][ T8999] System zones: 0-5
[  191.161953][ T8999] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.517620][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.546879][ T5776] Bluetooth: hci1: command 0x0406 tx timeout
[  191.709437][ T9002] loop6: detected capacity change from 0 to 40427
[  191.723822][ T9002] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  191.741002][ T9002] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  191.782999][ T9002] F2FS-fs (loop6): invalid crc value
[  191.805688][ T9002] F2FS-fs (loop6): Found nat_bits in checkpoint
[  191.982861][ T9002] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  192.000239][ T9002] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  193.336268][ T9041] loop6: detected capacity change from 0 to 40427
[  193.349289][ T9041] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  193.365301][ T9041] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  193.379627][ T9041] F2FS-fs (loop6): invalid crc value
[  193.585849][ T9041] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  193.599894][ T9041] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  193.720221][   T27] audit: type=1800 audit(1777508950.273:89): pid=9041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.809" name="file1" dev="loop6" ino=10 res=0 errno=0
[  193.780049][ T7305] syz-executor: attempt to access beyond end of device
[  193.780049][ T7305] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.801767][ T7305] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  194.110716][ T5802] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  194.197832][ T9074] syz.2.823: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  194.215680][ T9074] CPU: 1 PID: 9074 Comm: syz.2.823 Not tainted syzkaller #0
[  194.223040][ T9074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  194.233208][ T9074] Call Trace:
[  194.236513][ T9074]  <TASK>
[  194.239458][ T9074]  dump_stack_lvl+0x18c/0x250
[  194.244188][ T9074]  ? show_regs_print_info+0x20/0x20
[  194.249412][ T9074]  ? load_image+0x420/0x420
[  194.253927][ T9074]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  194.260360][ T9074]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  194.266993][ T9074]  warn_alloc+0x246/0x340
[  194.272225][ T9074]  ? stack_trace_save+0xaa/0x100
[  194.277183][ T9074]  ? zone_watermark_ok_safe+0x230/0x230
[  194.282837][ T9074]  ? kasan_set_track+0x5f/0x70
[  194.287599][ T9074]  ? kasan_set_track+0x4e/0x70
[  194.292391][ T9074]  ? __kasan_kmalloc+0x8f/0xa0
[  194.297213][ T9074]  ? xsk_init_queue+0xad/0x100
[  194.302074][ T9074]  ? xsk_setsockopt+0x4e5/0x760
[  194.307040][ T9074]  ? do_sock_setsockopt+0x175/0x1a0
[  194.312234][ T9074]  ? __x64_sys_setsockopt+0x182/0x200
[  194.317615][ T9074]  __vmalloc_node_range+0x126/0x1330
[  194.323040][ T9074]  ? free_vm_area+0x50/0x50
[  194.327642][ T9074]  vmalloc_user+0x74/0x80
[  194.331978][ T9074]  ? xskq_create+0xbf/0x170
[  194.336482][ T9074]  xskq_create+0xbf/0x170
[  194.340817][ T9074]  xsk_init_queue+0xad/0x100
[  194.345407][ T9074]  xsk_setsockopt+0x4e5/0x760
[  194.350089][ T9074]  ? xsk_poll+0x680/0x680
[  194.354419][ T9074]  ? __fget_files+0x28/0x4b0
[  194.359016][ T9074]  ? __fget_files+0x28/0x4b0
[  194.363636][ T9074]  ? aa_sock_opt_perm+0x74/0x100
[  194.368578][ T9074]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  194.374129][ T9074]  ? security_socket_setsockopt+0x7e/0xa0
[  194.379849][ T9074]  ? xsk_poll+0x680/0x680
[  194.384255][ T9074]  do_sock_setsockopt+0x175/0x1a0
[  194.389285][ T9074]  ? __fdget+0x180/0x210
[  194.394054][ T9074]  __x64_sys_setsockopt+0x182/0x200
[  194.399348][ T9074]  do_syscall_64+0x55/0xa0
[  194.403762][ T9074]  ? clear_bhb_loop+0x40/0x90
[  194.408805][ T9074]  ? clear_bhb_loop+0x40/0x90
[  194.413491][ T9074]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  194.419391][ T9074] RIP: 0033:0x7f96a359cdd9
[  194.423844][ T9074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  194.443471][ T9074] RSP: 002b:00007f96a4472028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  194.451913][ T9074] RAX: ffffffffffffffda RBX: 00007f96a3815fa0 RCX: 00007f96a359cdd9
[  194.460180][ T9074] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004
[  194.468436][ T9074] RBP: 00007f96a3632d69 R08: 0000000000000004 R09: 0000000000000000
[  194.476434][ T9074] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  194.484503][ T9074] R13: 00007f96a3816038 R14: 00007f96a3815fa0 R15: 00007fff217d40a8
[  194.492514][ T9074]  </TASK>
[  194.495681][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.546600][ T5802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.567308][ T5802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.586940][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  194.597022][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  194.605647][ T5802] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  194.619421][ T5802] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  194.640373][ T9074] Mem-Info:
[  194.648323][ T9074] active_anon:7431 inactive_anon:0 isolated_anon:0
[  194.648323][ T9074]  active_file:1471 inactive_file:40060 isolated_file:0
[  194.648323][ T9074]  unevictable:768 dirty:285 writeback:0
[  194.648323][ T9074]  slab_reclaimable:10916 slab_unreclaimable:97455
[  194.648323][ T9074]  mapped:24978 shmem:1402 pagetables:850
[  194.648323][ T9074]  sec_pagetables:0 bounce:0
[  194.648323][ T9074]  kernel_misc_reclaimable:0
[  194.648323][ T9074]  free:1348874 free_pcp:8871 free_cma:0
[  194.697363][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.710890][ T5802] usb 6-1: Manufacturer: syz
[  194.721656][ T5802] usb 6-1: config 0 descriptor??
[  194.741008][ T9074] Node 0 active_anon:29824kB inactive_anon:0kB active_file:5884kB inactive_file:160040kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99912kB dirty:1136kB writeback:0kB shmem:4072kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11696kB pagetables:3500kB sec_pagetables:0kB all_unreclaimable? no
[  194.773371][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.784165][ T9074] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  194.814850][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.834744][ T9074] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  194.866611][ T9074] lowmem_reserve[]: 0 2521 2522 2522 2522
[  194.868248][ T9085] icmp: detected local route for 172.20.20.17 during ICMP sending, src 172.30.0.5
[  194.873338][ T9074] Node 0 DMA32 free:1479740kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:29888kB inactive_anon:0kB active_file:5884kB inactive_file:159204kB unevictable:1536kB writepending:1136kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:17336kB local_pcp:4208kB free_cma:0kB
[  194.899549][ T9085] icmp: detected local route for 172.20.20.17 during ICMP sending, src 172.30.0.5
[  194.921741][ T9074] lowmem_reserve[]: 0 0 0 0 0
[  194.927785][ T9074] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:836kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  194.972019][ T9074] lowmem_reserve[]: 0 0 0 0 0
[  194.976930][ T9074] Node 1 Normal free:3899920kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19008kB local_pcp:8896kB free_cma:0kB
[  195.006547][    C1] vkms_vblank_simulate: vblank timer overrun
[  195.035008][ T9074] lowmem_reserve[]: 0 0 0 0 0
[  195.039898][ T9074] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  195.057509][ T9074] Node 0 DMA32: 1991*4kB (UME) 1422*8kB (UM) 497*16kB (UME) 193*32kB (UME) 26*64kB (UM) 56*128kB (UME) 47*256kB (UME) 30*512kB (UME) 11*1024kB (ME) 5*2048kB (ME) 339*4096kB (UM) = 1479740kB
[  195.091575][ T9074] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  195.104973][ T9074] Node 1 Normal: 220*4kB (U) 52*8kB (UE) 36*16kB (UE) 72*32kB (UE) 17*64kB (UME) 3*128kB (UME) 2*256kB (UE) 1*512kB (M) 0*1024kB 1*2048kB (U) 950*4096kB (M) = 3899920kB
[  195.107277][ T5822] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  195.122704][ T9074] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  195.139920][ T9074] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  195.150058][ T9074] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  195.159838][ T9074] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  195.190738][ T9074] 42886 total pagecache pages
[  195.195540][ T9074] 0 pages in swap cache
[  195.199766][ T9074] Free swap  = 124452kB
[  195.204228][ T9074] Total swap = 124996kB
[  195.208456][ T9074] 2097051 pages RAM
[  195.213217][ T9074] 0 pages HighMem/MovableOnly
[  195.218080][ T9074] 416927 pages reserved
[  195.230494][ T9074] 0 pages cma reserved
[  195.320719][ T5822] usb 7-1: Using ep0 maxpacket: 32
[  195.327678][ T5822] usb 7-1: config 0 has no interfaces?
[  195.336240][ T5822] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[  195.358821][ T5822] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.379111][ T5822] usb 7-1: Product: syz
[  195.383770][ T5822] usb 7-1: Manufacturer: syz
[  195.388401][ T5822] usb 7-1: SerialNumber: syz
[  195.411255][ T5822] usb 7-1: config 0 descriptor??
[  195.422578][ T9097] loop4: detected capacity change from 0 to 4096
[  195.514086][ T9100] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  195.593090][ T5802] uclogic 0003:256C:006D.0008: interface is invalid, ignoring
[  195.824390][ T5822] usb 7-1: USB disconnect, device number 7
[  195.857948][ T5802] usb 6-1: USB disconnect, device number 7
[  196.627633][ T9126] netlink: 'syz.2.844': attribute type 25 has an invalid length.
[  196.635774][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.844'.
[  196.702139][ T9126] netlink: 'syz.2.844': attribute type 25 has an invalid length.
[  196.710245][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.844'.
[  196.750511][ T5822] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  196.955880][ T5822] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.987133][ T5822] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.016337][ T5822] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  197.049358][ T5822] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  197.069108][ T5822] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.090263][ T5822] usb 6-1: config 0 descriptor??
[  197.534508][ T5822] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  197.571042][ T5822] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  197.869455][ T9169] loop4: detected capacity change from 0 to 512
[  197.968352][ T9169] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e018, mo2=0002]
[  197.987076][ T9169] System zones: 1-12
[  197.998541][ T9169] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #12: comm syz.4.860: missing EA_INODE flag
[  198.027476][ T9169] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.860: error while reading EA inode 12 err=-117
[  198.066855][ T9169] EXT4-fs (loop4): 1 orphan inode deleted
[  198.099048][ T9169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.247068][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.467743][ T5822] usb 6-1: USB disconnect, device number 8
[  199.064266][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.865'.
[  199.073565][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.5.865'.
[  199.143754][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.865'.
[  199.156919][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.5.865'.
[  199.751005][ T5801] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  199.830498][  T786] kernel write not supported for file bpf-prog (pid: 786 comm: kworker/1:2)
[  199.970500][ T5801] usb 6-1: Using ep0 maxpacket: 32
[  199.982310][ T5801] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  199.999691][ T5801] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  200.021081][ T5801] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  200.030135][ T5801] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  200.060547][ T5801] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  200.070260][ T5801] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  200.101317][ T5801] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  200.120462][ T5801] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.151307][ T5801] usb 6-1: config 0 descriptor??
[  200.388400][ T5801] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  200.712456][ T1187] usb 6-1: USB disconnect, device number 9
[  200.735470][ T1187] usblp0: removed
[  200.989593][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.2.887'.
[  201.003937][ T9238] bridge: RTM_NEWNEIGH with invalid ether address
[  201.272685][ T9250] loop6: detected capacity change from 0 to 256
[  201.293631][ T9250] exfat: Deprecated parameter 'utf8'
[  201.344480][ T9250] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d)
[  202.390606][ T5802] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  202.642793][ T5802] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  202.679731][ T5802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.740631][ T5802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.761154][ T5802] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  202.794785][ T5802] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  202.813652][ T5802] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  202.839532][ T5802] usb 6-1: Manufacturer: syz
[  202.861552][ T5802] usb 6-1: config 0 descriptor??
[  203.326463][ T5802] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  203.359392][ T5802] appleir 0003:05AC:8243.000A: No inputs registered, leaving
[  203.388939][ T5802] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  203.467692][ T9286] netlink: 'syz.6.909': attribute type 10 has an invalid length.
[  203.505310][ T9286] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.513254][ T9286] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.545317][ T9286] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.552602][ T9286] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.561609][ T9286] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.568818][ T9286] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.624518][ T9286] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  203.634894][  T786] usb 6-1: USB disconnect, device number 10
[  203.771309][ T5869] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  203.851951][ T9295] 8021q: adding VLAN 0 to HW filter on device bond3
[  203.960567][ T5869] usb 5-1: Using ep0 maxpacket: 32
[  203.972621][ T5869] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  203.981050][ T5869] usb 5-1: config 0 has no interface number 0
[  203.987192][ T5869] usb 5-1: config 0 interface 184 has no altsetting 0
[  203.987582][ T9295] bond3: (slave vlan0): making interface the new active one
[  204.020899][ T5869] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  204.032350][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.051060][ T5869] usb 5-1: Product: syz
[  204.054744][ T9295] bond3: (slave vlan0): Enslaving as an active interface with an up link
[  204.056474][ T5869] usb 5-1: Manufacturer: syz
[  204.080518][ T5869] usb 5-1: SerialNumber: syz
[  204.088672][ T9301] netlink: 20 bytes leftover after parsing attributes in process `syz.6.915'.
[  204.103524][ T5869] usb 5-1: config 0 descriptor??
[  204.131965][ T5869] smsc75xx v1.0.0
[  204.281575][ T9303] sctp: [Deprecated]: syz.6.916 (pid 9303) Use of struct sctp_assoc_value in delayed_ack socket option.
[  204.281575][ T9303] Use struct sctp_sack_info instead
[  204.580151][ T9315] loop6: detected capacity change from 0 to 128
[  204.743907][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  204.776817][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  205.007038][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  205.025430][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  205.045865][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  205.067339][ T5869] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  205.107805][ T5869] smsc75xx: probe of 5-1:0.184 failed with error -71
[  205.145328][ T5869] usb 5-1: USB disconnect, device number 7
[  205.847229][ T9343] loop6: detected capacity change from 0 to 4096
[  205.868904][ T9343] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  207.241484][ T9387] netlink: 104 bytes leftover after parsing attributes in process `syz.2.950'.
[  207.381585][ T9393] netlink: 'syz.6.953': attribute type 1 has an invalid length.
[  207.395431][ T9393] netlink: 'syz.6.953': attribute type 4 has an invalid length.
[  207.412685][ T9393] netlink: 15334 bytes leftover after parsing attributes in process `syz.6.953'.
[  207.730527][ T7433] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  207.770600][ T5822] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  207.914482][ T7433] usb 5-1: Using ep0 maxpacket: 8
[  207.922583][ T7433] usb 5-1: config 0 has no interfaces?
[  207.924598][ T9409] loop5: detected capacity change from 0 to 1024
[  207.935219][ T7433] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  207.945425][ T7433] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.953775][ T5822] usb 7-1: Using ep0 maxpacket: 32
[  207.960268][ T7433] usb 5-1: Product: syz
[  207.965909][ T5822] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  207.976081][ T5822] usb 7-1: config 0 has no interface number 0
[  207.988046][ T7433] usb 5-1: Manufacturer: syz
[  207.994000][ T9409] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.006498][ T5822] usb 7-1: config 0 interface 12 has no altsetting 0
[  208.013420][ T7433] usb 5-1: SerialNumber: syz
[  208.022805][ T5822] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  208.033301][ T7433] usb 5-1: config 0 descriptor??
[  208.038431][ T5822] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.051177][ T5822] usb 7-1: Product: syz
[  208.055408][ T5822] usb 7-1: Manufacturer: syz
[  208.065509][ T5822] usb 7-1: SerialNumber: syz
[  208.072809][ T5822] usb 7-1: config 0 descriptor??
[  208.131583][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.208130][ T9414] gretap0: entered promiscuous mode
[  208.215884][ T9414] netlink: 8 bytes leftover after parsing attributes in process `syz.5.961'.
[  208.225366][ T9414] gretap0: left promiscuous mode
[  208.316282][ T5802] usb 5-1: USB disconnect, device number 8
[  209.331866][ T5822] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  209.339502][ T5822] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[  209.348494][ T5822] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  209.356288][ T5822] f81534: probe of 7-1:0.12 failed with error -71
[  209.368775][ T5822] usb 7-1: USB disconnect, device number 8
[  209.520551][ T5802] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  209.706110][ T5802] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  209.716464][ T5802] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  209.728420][ T5802] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  209.737571][ T5802] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  209.745705][ T5802] usb 6-1: SerialNumber: syz
[  209.965937][ T5802] usb 6-1: 0:2 : does not exist
[  209.997546][ T5802] usb 6-1: USB disconnect, device number 11
[  210.089158][ T5754] udevd[5754]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.210548][  T786] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  210.390536][  T786] usb 7-1: Using ep0 maxpacket: 8
[  210.397336][  T786] usb 7-1: config 0 has no interfaces?
[  210.414504][  T786] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  210.423768][  T786] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.431903][  T786] usb 7-1: Product: syz
[  210.436089][  T786] usb 7-1: Manufacturer: syz
[  210.442712][  T786] usb 7-1: SerialNumber: syz
[  210.452781][  T786] usb 7-1: config 0 descriptor??
[  210.480639][   T42] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  210.644414][ T9469] overlayfs: failed to resolve './file0': -2
[  210.670567][   T42] usb 5-1: Using ep0 maxpacket: 32
[  210.685907][   T42] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  210.699916][   T42] usb 5-1: config 0 has no interface number 0
[  210.712690][   T42] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  210.723829][ T1187] usb 7-1: USB disconnect, device number 9
[  210.725503][   T42] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  210.739573][   T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.754994][   T42] usb 5-1: Product: syz
[  210.759476][   T42] usb 5-1: Manufacturer: syz
[  210.767491][   T42] usb 5-1: SerialNumber: syz
[  210.776970][   T42] usb 5-1: config 0 descriptor??
[  210.785287][ T9455] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  211.003029][ T9455] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  211.767440][ T9492] vlan2: entered promiscuous mode
[  211.774879][ T9492] bond0: entered promiscuous mode
[  211.792645][ T9492] bond_slave_0: entered promiscuous mode
[  211.810124][ T9492] bond_slave_1: entered promiscuous mode
[  211.833933][   T42] asix 5-1:0.188 (unnamed net_device) (uninitialized): invalid PHY address: 124
[  211.935776][ T9496] loop5: detected capacity change from 0 to 1024
[  211.951475][ T9496] ext4: Unknown parameter 'nojournal'
[  212.061149][ T1187] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  212.127262][ T5822] usb 5-1: USB disconnect, device number 9
[  212.273290][ T1187] usb 7-1: Using ep0 maxpacket: 16
[  212.294774][ T1187] usb 7-1: config 0 has no interfaces?
[  212.306089][ T1187] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  212.315644][ T1187] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.324478][ T1187] usb 7-1: Product: syz
[  212.328839][ T1187] usb 7-1: Manufacturer: syz
[  212.334418][ T1187] usb 7-1: SerialNumber: syz
[  212.343240][ T1187] usb 7-1: config 0 descriptor??
[  212.570935][ T9490] netlink: 28 bytes leftover after parsing attributes in process `syz.6.995'.
[  212.585909][ T5822] usb 7-1: USB disconnect, device number 10
[  213.296072][ T9521] loop6: detected capacity change from 0 to 256
[  214.982458][ T9562] loop4: detected capacity change from 0 to 8192
[  214.997737][ T9562] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  215.020287][ T9562] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  215.030550][ T9562] REISERFS (device loop4): using journaled data mode
[  215.037274][ T9562] reiserfs: using flush barriers
[  215.097814][ T9573] loop6: detected capacity change from 0 to 4096
[  215.111930][ T9562] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  215.147449][ T9562] REISERFS (device loop4): checking transaction log (loop4)
[  215.171936][ T9562] REISERFS (device loop4): Using r5 hash to sort names
[  215.191598][ T9562] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  215.212710][ T9562] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  215.221975][ T9574] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  215.302974][ T9562] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  215.346069][ T9562] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  216.664505][ T9598] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  216.709896][ T9598] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  216.753968][ T9592] loop5: detected capacity change from 0 to 32768
[  216.980971][   T27] audit: type=1800 audit(1777508973.523:90): pid=9592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1034" name="file1" dev="loop5" ino=4 res=0 errno=0
[  217.727272][ T9618] bond1: option mode: unable to set because the bond device has slaves
[  217.759899][ T9618] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  218.109111][ T9629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1048'.
[  218.132578][ T9629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1048'.
[  218.475283][ T9641] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1056'.
[  218.580712][ T5765] Bluetooth: hci3: command tx timeout
[  218.680127][ T9636] loop4: detected capacity change from 0 to 32768
[  218.756079][ T9633] loop6: detected capacity change from 0 to 40427
[  218.774706][ T9633] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  218.784234][   T27] audit: type=1800 audit(1777508975.353:91): pid=9636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1053" name="file1" dev="loop4" ino=4 res=0 errno=0
[  218.809509][ T9633] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  218.823618][ T9633] F2FS-fs (loop6): invalid crc_offset: 33558524
[  218.845601][ T9633] F2FS-fs (loop6): Found nat_bits in checkpoint
[  218.950027][ T9633] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  218.958472][ T9633] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  219.414184][ T9652] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  219.505258][ T9652] bond1: (slave lo): Enslaving as an active interface with an up link
[  219.523851][ T9657] loop5: detected capacity change from 0 to 4096
[  219.578772][ T9652] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  219.617972][ T9660] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  219.667127][ T9662] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1063'.
[  219.729260][ T9662] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1063'.
[  220.317192][ T9664] loop4: detected capacity change from 0 to 32768
[  220.388688][ T9664] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.537453][ T9664] XFS (loop4): Ending clean mount
[  220.568142][ T9664] XFS (loop4): Quotacheck needed: Please wait.
[  220.648371][ T9664] XFS (loop4): Quotacheck: Done.
[  220.877842][ T6593] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.411587][ T9700] loop5: detected capacity change from 0 to 1024
[  221.422277][ T9702] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1075'.
[  221.490706][ T9702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1075'.
[  221.609273][   T60] hfsplus: b-tree write err: -5, ino 3
[  221.631268][  T786] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  221.867752][  T786] usb 7-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  221.888199][  T786] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.914824][  T786] usb 7-1: config 0 descriptor??
[  222.484248][ T9716] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1081'.
[  222.564002][ T1187] IPVS: starting estimator thread 0...
[  222.570846][ T9718] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  222.578741][    C0] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  222.660630][ T9719] IPVS: using max 24 ests per chain, 57600 per kthread
[  223.149818][ T9736] syz_tun: entered allmulticast mode
[  223.158561][ T9736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1088'.
[  223.176018][  T786] usb 7-1: Cannot set autoneg
[  223.185217][  T786] MOSCHIP usb-ethernet driver: probe of 7-1:0.0 failed with error -71
[  223.205360][  T786] usb 7-1: USB disconnect, device number 11
[  223.257435][ T9736] syz_tun (unregistering): left allmulticast mode
[  223.593960][ T9742] loop4: detected capacity change from 0 to 512
[  223.665005][ T9742] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.678930][ T9742] ext4 filesystem being mounted at /197/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.017626][ T9754] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1094'.
[  224.031246][ T9754] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1094'.
[  224.138976][ T9757] syz_tun: entered allmulticast mode
[  224.148714][ T9757] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1103'.
[  224.220900][ T9757] syz_tun (unregistering): left allmulticast mode
[  224.367753][ T9762] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  224.548626][ T6593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.559394][ T9797] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  225.783316][ T9801] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1115'.
[  226.263181][ T9810] syz_tun: entered allmulticast mode
[  226.281237][ T9810] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1117'.
[  226.365498][ T9810] syz_tun (unregistering): left allmulticast mode
[  226.409094][ T9814] vcan0: tx drop: invalid da for name 0x0000000000000002
[  227.380557][ T5776] Bluetooth: hci2: command 0x0406 tx timeout
[  227.658779][    C1] vcan0: j1939_tp_rxtimer: 0xffff88801f7ba400: rx timeout, send abort
[  227.667497][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88801f7ba400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  227.979911][ T9855] netlink: 'syz.5.1136': attribute type 1 has an invalid length.
[  227.996708][ T9855] netlink: 'syz.5.1136': attribute type 4 has an invalid length.
[  228.005995][ T9855] netlink: 15334 bytes leftover after parsing attributes in process `syz.5.1136'.
[  228.569545][ T6370] ------------[ cut here ]------------
[  228.571798][   T41] ------------[ cut here ]------------
[  228.575886][ T6370] WARNING: CPU: 0 PID: 6370 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.581477][   T41] WARNING: CPU: 1 PID: 41 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.581511][   T41] Modules linked in:
[  228.581537][   T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0
[  228.581556][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  228.581568][   T41] Workqueue: phy12 ieee80211_csa_finalize_work
[  228.581594][   T41] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.581617][   T41] Code: 48 89 df e8 2a 33 d6 f7 e9 dc fc ff ff e8 10 fc 7d f7 eb 24 e8 09 fc 7d f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 f8 fb 7d f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ea fb 7d f7 48 8b 7c 24 08 4c 8b 7c
[  228.592640][ T6370] Modules linked in:
[  228.592656][ T6370] CPU: 0 PID: 6370 Comm: kworker/u4:11 Not tainted syzkaller #0
[  228.592675][ T6370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  228.592687][ T6370] Workqueue: phy11 ieee80211_csa_finalize_work
[  228.603687][   T41] RSP: 0018:ffffc90000b1f9c0 EFLAGS: 00010293
[  228.607550][ T6370] 
[  228.607564][ T6370] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.615047][   T41] 
[  228.625469][ T6370] Code: 48 89 df e8 2a 33 d6 f7 e9 dc fc ff ff e8 10 fc 7d f7 eb 24 e8 09 fc 7d f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 f8 fb 7d f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ea fb 7d f7 48 8b 7c 24 08 4c 8b 7c
[  228.631552][   T41] RAX: ffffffff8a09220e RBX: 0000000000000001 RCX: ffff888018a90000
[  228.631569][   T41] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  228.631580][   T41] RBP: dffffc0000000000 R08: ffff8880586ad5af R09: 1ffff1100b0d5ab5
[  228.631592][   T41] R10: dffffc0000000000 R11: ffffed100b0d5ab6 R12: 0000000000000001
[  228.631603][   T41] R13: ffff8880586ae5d9 R14: ffff888021602c70 R15: ffff888021602ce8
[  228.631614][   T41] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  228.631628][   T41] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  228.631639][   T41] CR2: 00007ff369df0870 CR3: 00000000587b4000 CR4: 00000000003506e0
[  228.631655][   T41] Call Trace:
[  228.631668][   T41]  <TASK>
[  228.631689][   T41]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  228.631721][   T41]  ieee80211_csa_finalize+0x5a6/0xf20
[  228.639013][ T6370] RSP: 0018:ffffc9000ca879c0 EFLAGS: 00010293
[  228.658714][   T41]  ? mutex_lock_nested+0x20/0x20
[  228.658753][   T41]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  228.658775][   T41]  ? ieee80211_csa_finalize_work+0x140/0x140
[  228.658798][   T41]  ? read_lock_is_recursive+0x20/0x20
[  228.662739][ T6370] 
[  228.662748][ T6370] RAX: ffffffff8a09220e RBX: 0000000000000001 RCX: ffff888028c45a00
[  228.662762][ T6370] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  228.662774][ T6370] RBP: dffffc0000000000 R08: ffff88806bc155af R09: 1ffff1100d782ab5
[  228.671460][    C1] ------------[ cut here ]------------
[  228.681476][ T6370] R10: dffffc0000000000 R11: ffffed100d782ab6 R12: 0000000000000001
[  228.687277][    C1] WARNING: CPU: 1 PID: 41 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600
[  228.693419][ T6370] R13: ffff88806bc165d9 R14: ffff88802c822c70 R15: ffff88802c822ce8
[  228.695701][    C1] Modules linked in:
[  228.703047][ T6370] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  228.705326][    C1] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0
[  228.724986][ T6370] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  228.732952][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  228.732970][    C1] Workqueue: phy12 ieee80211_csa_finalize_work
[  228.741052][ T6370] CR2: 00007f0595be8158 CR3: 0000000064a9b000 CR4: 00000000003506f0
[  228.748927][    C1] 
[  228.756933][ T6370] Call Trace:
[  228.764922][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  228.774410][ T6370]  <TASK>
[  228.780491][    C1] Code: 24 4c 89 e7 e8 fe 69 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 f9 a7 82 f7 0f 0b e9 f6 f7 ff ff e8 ed a7 82 f7 <0f> 0b e9 48 fb ff ff e8 e1 a7 82 f7 48 c7 c7 60 89 64 8e 4c 89 e6
[  228.780512][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  228.780530][    C1] RAX: ffffffff8a047a13 RBX: ffffffff8a046816 RCX: ffff888018a90000
[  228.780545][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  228.780558][    C1] RBP: 0000000000000000 R08: ffff888018a90000 R09: 0000000000000003
[  228.780572][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff8880586ae3c0
[  228.780586][    C1] R13: dffffc0000000000 R14: ffff8880586ae8b0 R15: ffff88807e1bac24
[  228.780600][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  228.788588][ T6370]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  228.791886][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  228.791902][    C1] CR2: 00007ff369df0870 CR3: 00000000587b4000 CR4: 00000000003506e0
[  228.791922][    C1] Call Trace:
[  228.794845][ T6370]  ieee80211_csa_finalize+0x5a6/0xf20
[  228.801352][    C1]  <IRQ>
[  228.801363][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  228.801396][    C1]  ieee80211_beacon_get_tim+0xbf/0x580
[  228.801424][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  228.806882][ T6370]  ? mutex_lock_nested+0x20/0x20
[  228.812975][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  228.813007][    C1]  __iterate_interfaces+0x243/0x500
[  228.813036][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  228.817960][ T6370]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  228.823991][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  228.824037][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  228.824063][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  228.824098][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  228.830073][ T6370]  ? ieee80211_csa_finalize_work+0x140/0x140
[  228.835474][    C1]  __hrtimer_run_queues+0x520/0xc40
[  228.837806][ T6370]  ? read_lock_is_recursive+0x20/0x20
[  228.845795][    C1]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  228.845830][    C1]  ? hw_scan_work+0xf60/0xf60
[  228.853838][ T6370]  ieee80211_csa_finalize_work+0xf6/0x140
[  228.861819][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  228.867288][ T6370]  ? process_scheduled_works+0x96f/0x15d0
[  228.875283][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  228.875319][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  228.875344][    C1]  handle_softirqs+0x280/0x820
[  228.875370][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  228.875392][    C1]  ? do_softirq+0x1a0/0x1a0
[  228.875417][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  228.875447][    C1]  __irq_exit_rcu+0xd3/0x190
[  228.875467][    C1]  ? irq_exit_rcu+0x20/0x20
[  228.875497][    C1]  irq_exit_rcu+0x9/0x20
[  228.875515][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  228.875541][    C1]  </IRQ>
[  228.875550][    C1]  <TASK>
[  228.875559][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  228.875587][    C1] RIP: 0010:console_flush_all+0x8b1/0xd20
[  228.875615][    C1] Code: ed 01 00 00 e8 90 86 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 81 86 1b 00 eb 06 e8 7a 86 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 58 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f
[  228.875641][    C1] RSP: 0018:ffffc90000b1f2e0 EFLAGS: 00000293
[  228.875663][    C1] RAX: ffffffff816b9b86 RBX: ffffc90000b1f47f RCX: ffff888018a90000
[  228.875680][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  228.875694][    C1] RBP: ffffc90000b1f450 R08: ffffffff911c65c7 R09: 1ffffffff2238cb8
[  228.875711][    C1] R10: dffffc0000000000 R11: fffffbfff2238cb9 R12: ffffffff8d8b9540
[  228.875727][    C1] R13: 1ffffffff19f970c R14: ffffffff8d8b9598 R15: dffffc0000000000
[  228.875752][    C1]  ? console_flush_all+0x8a6/0xd20
[  228.875786][    C1]  ? __rwlock_init+0x150/0x150
[  228.875812][    C1]  ? console_flush_all+0x10a/0xd20
[  228.875848][    C1]  ? is_console_locked+0x20/0x20
[  228.885776][ T6370]  process_scheduled_works+0xa5d/0x15d0
[  228.893691][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  228.893731][    C1]  console_unlock+0xad/0x350
[  228.897637][ T6370]  ? worker_attach_to_pool+0x380/0x380
[  228.906601][    C1]  ? other_cpu_in_panic+0xf0/0xf0
[  228.906646][    C1]  ? vprintk_emit+0x467/0x610
[  228.906671][    C1]  ? vprintk_emit+0x30b/0x610
[  228.906692][    C1]  ? vprintk_emit+0x30b/0x610
[  228.906723][    C1]  vprintk_emit+0x497/0x610
[  228.914160][ T6370]  ? assign_work+0x3d2/0x5d0
[  228.920725][    C1]  ? vprintk_emit+0x30b/0x610
[  228.930889][ T6370]  worker_thread+0xa55/0xfc0
[  228.936948][    C1]  ? printk_sprint+0x460/0x460
[  228.944977][ T6370]  kthread+0x2fa/0x390
[  228.947318][    C1]  _printk+0xde/0x130
[  228.950656][ T6370]  ? pr_cont_work+0x560/0x560
[  228.956921][    C1]  ? read_lock_is_recursive+0x20/0x20
[  228.959849][ T6370]  ? kthread_blkcg+0xd0/0xd0
[  228.979490][    C1]  ? load_image+0x420/0x420
[  228.979524][    C1]  ? is_bpf_text_address+0x28f/0x2a0
[  228.979545][    C1]  ? is_bpf_text_address+0x26/0x2a0
[  228.979567][    C1]  ? read_lock_is_recursive+0x20/0x20
[  228.979591][    C1]  ? read_lock_is_recursive+0x20/0x20
[  228.979613][    C1]  __show_trace_log_lvl+0x485/0x6c0
[  228.979654][    C1]  ? ieee80211_csa_finalize_work+0xf6/0x140
[  228.979684][    C1]  __warn+0x160/0x470
[  228.979715][    C1]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.979744][    C1]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.979770][    C1]  report_bug+0x2be/0x4f0
[  228.979792][    C1]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.979821][    C1]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.979847][    C1]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  228.979872][    C1]  handle_bug+0xcf/0x120
[  228.979894][    C1]  exc_invalid_op+0x1a/0x50
[  228.979914][    C1]  asm_exc_invalid_op+0x1a/0x20
[  228.979938][    C1] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  228.979966][    C1] Code: 48 89 df e8 2a 33 d6 f7 e9 dc fc ff ff e8 10 fc 7d f7 eb 24 e8 09 fc 7d f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 f8 fb 7d f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ea fb 7d f7 48 8b 7c 24 08 4c 8b 7c
[  228.979985][    C1] RSP: 0018:ffffc90000b1f9c0 EFLAGS: 00010293
[  228.980008][    C1] RAX: ffffffff8a09220e RBX: 0000000000000001 RCX: ffff888018a90000
[  228.980024][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  228.980038][    C1] RBP: dffffc0000000000 R08: ffff8880586ad5af R09: 1ffff1100b0d5ab5
[  228.980055][    C1] R10: dffffc0000000000 R11: ffffed100b0d5ab6 R12: 0000000000000001
[  228.980070][    C1] R13: ffff8880586ae5d9 R14: ffff888021602c70 R15: ffff888021602ce8
[  228.980093][    C1]  ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0
[  228.986395][ T6370]  ret_from_fork+0x48/0x80
[  228.994294][    C1]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  229.002285][ T6370]  ? kthread_blkcg+0xd0/0xd0
[  229.010256][    C1]  ieee80211_csa_finalize+0x5a6/0xf20
[  229.018271][ T6370]  ret_from_fork_asm+0x11/0x20
[  229.026242][    C1]  ? mutex_lock_nested+0x20/0x20
[  229.026267][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  229.026290][    C1]  ? ieee80211_csa_finalize_work+0x140/0x140
[  229.026316][    C1]  ? read_lock_is_recursive+0x20/0x20
[  229.026346][    C1]  ieee80211_csa_finalize_work+0xf6/0x140
[  229.035344][ T6370]  </TASK>
[  229.041819][    C1]  ? process_scheduled_works+0x96f/0x15d0
[  229.048408][ T6370] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  229.048419][ T6370] CPU: 0 PID: 6370 Comm: kworker/u4:11 Not tainted syzkaller #0
[  229.048435][ T6370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  229.048451][ T6370] Workqueue: phy11 ieee80211_csa_finalize_work
[  229.048476][ T6370] Call Trace:
[  229.048484][ T6370]  <TASK>
[  229.048491][ T6370]  dump_stack_lvl+0x18c/0x250
[  229.048520][ T6370]  ? show_regs_print_info+0x20/0x20
[  229.048543][ T6370]  ? load_image+0x420/0x420
[  229.048577][ T6370]  panic+0x2dc/0x730
[  229.048601][ T6370]  ? bpf_jit_dump+0xd0/0xd0
[  229.048630][ T6370]  ? ret_from_fork_asm+0x11/0x20
[  229.048656][ T6370]  __warn+0x2e0/0x470
[  229.048673][ T6370]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  229.048694][ T6370]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  229.048713][ T6370]  report_bug+0x2be/0x4f0
[  229.048729][ T6370]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  229.048748][ T6370]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  229.048767][ T6370]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  229.048786][ T6370]  handle_bug+0xcf/0x120
[  229.048802][ T6370]  exc_invalid_op+0x1a/0x50
[  229.048819][ T6370]  asm_exc_invalid_op+0x1a/0x20
[  229.048838][ T6370] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  229.048858][ T6370] Code: 48 89 df e8 2a 33 d6 f7 e9 dc fc ff ff e8 10 fc 7d f7 eb 24 e8 09 fc 7d f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 f8 fb 7d f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ea fb 7d f7 48 8b 7c 24 08 4c 8b 7c
[  229.048871][ T6370] RSP: 0018:ffffc9000ca879c0 EFLAGS: 00010293
[  229.048884][ T6370] RAX: ffffffff8a09220e RBX: 0000000000000001 RCX: ffff888028c45a00
[  229.048895][ T6370] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  229.048905][ T6370] RBP: dffffc0000000000 R08: ffff88806bc155af R09: 1ffff1100d782ab5
[  229.048916][ T6370] R10: dffffc0000000000 R11: ffffed100d782ab6 R12: 0000000000000001
[  229.048927][ T6370] R13: ffff88806bc165d9 R14: ffff88802c822c70 R15: ffff88802c822ce8
[  229.048946][ T6370]  ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0
[  229.048985][ T6370]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  229.049008][ T6370]  ieee80211_csa_finalize+0x5a6/0xf20
[  229.049028][ T6370]  ? mutex_lock_nested+0x20/0x20
[  229.049046][ T6370]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  229.049065][ T6370]  ? ieee80211_csa_finalize_work+0x140/0x140
[  229.049085][ T6370]  ? read_lock_is_recursive+0x20/0x20
[  229.049111][ T6370]  ieee80211_csa_finalize_work+0xf6/0x140
[  229.049132][ T6370]  ? process_scheduled_works+0x96f/0x15d0
[  229.049151][ T6370]  process_scheduled_works+0xa5d/0x15d0
[  229.049198][ T6370]  ? worker_attach_to_pool+0x380/0x380
[  229.049223][ T6370]  ? assign_work+0x3d2/0x5d0
[  229.049249][ T6370]  worker_thread+0xa55/0xfc0
[  229.049294][ T6370]  kthread+0x2fa/0x390
[  229.049307][ T6370]  ? pr_cont_work+0x560/0x560
[  229.049327][ T6370]  ? kthread_blkcg+0xd0/0xd0
[  229.049342][ T6370]  ret_from_fork+0x48/0x80
[  229.049361][ T6370]  ? kthread_blkcg+0xd0/0xd0
[  229.049377][ T6370]  ret_from_fork_asm+0x11/0x20
[  229.049411][ T6370]  </TASK>
[  229.056757][ T6370] Kernel Offset: disabled