last executing test programs:

6m22.531347201s ago: executing program 0 (id=218):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x8000)
read$alg(r1, &(0x7f0000000000)=""/35, 0x23)
sendmsg$alg(r1, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011)

6m22.150742578s ago: executing program 0 (id=222):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x11000)
vmsplice(r2, &(0x7f0000000280)=[{&(0x7f0000000200)="a5", 0x1}], 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x360, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1a0, 0x1c8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)

6m21.792330651s ago: executing program 0 (id=227):
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
write$cgroup_int(r1, &(0x7f0000000540), 0xfffffdd8)

6m20.825293401s ago: executing program 0 (id=235):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
umount2(&(0x7f0000000040)='./file0/file0\x00', 0x8)

6m20.523844554s ago: executing program 0 (id=237):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x6, 0xa9613, 0x17e5e9})

6m19.848161183s ago: executing program 0 (id=242):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", <r1=>0xffffffffffffffff})
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45bebe3f5b53e0ca34dd02a01cdc67d5e3126668168", r1, <r4=>0xffffffffffffffff})
close(r0)
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000000)={"4dbe8107b1f9fffd161b4e5659fb89fc0600", r4})

6m18.801225269s ago: executing program 32 (id=242):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", <r1=>0xffffffffffffffff})
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45bebe3f5b53e0ca34dd02a01cdc67d5e3126668168", r1, <r4=>0xffffffffffffffff})
close(r0)
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000000)={"4dbe8107b1f9fffd161b4e5659fb89fc0600", r4})

6m4.016713004s ago: executing program 4 (id=323):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_any}], [], 0x6b}})

6m3.613662327s ago: executing program 4 (id=324):
r0 = syz_io_uring_setup(0x7440, &(0x7f00000004c0)={0x0, 0xa6e9, 0x10100, 0x2, 0xfffffffb}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0x3, 0x0, 0x1})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='!'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

6m2.90505052s ago: executing program 4 (id=328):
keyctl$session_to_parent(0x12)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xff, 0x240, &(0x7f00000002c0)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r1, &(0x7f0000000000)='2', 0x1, 0x4fed0)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)

6m1.792510812s ago: executing program 4 (id=334):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x19cc5, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

6m1.053362589s ago: executing program 4 (id=339):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
connect$vsock_stream(r2, 0x0, 0x0)

5m59.86287958s ago: executing program 4 (id=346):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000005c0), 0x1000000, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
lseek(r0, 0x0, 0x3)

5m59.013044143s ago: executing program 33 (id=346):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000005c0), 0x1000000, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
lseek(r0, 0x0, 0x3)

4m4.875249193s ago: executing program 1 (id=796):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = gettid()
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r0, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x97}], 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg0\x00'})

4m4.243001755s ago: executing program 1 (id=800):
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000440)={0x1, 0x7f, 0x1, 0x0, 0x10001000})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r1, 0x0, 0x43)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xe042, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4m3.486956591s ago: executing program 1 (id=803):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x2, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000380)=r2, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000140)=r2, 0x4)

4m2.80883758s ago: executing program 1 (id=808):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f0000001040)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000240)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x58)

4m1.909201363s ago: executing program 1 (id=810):
r0 = fsopen(&(0x7f0000000140)='debugfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000240)=""/205, 0xcd)
lseek(r2, 0x1, 0x0)

4m0.510771171s ago: executing program 1 (id=816):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x18)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r1, 0x711, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), r0)

3m59.497934253s ago: executing program 34 (id=816):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x18)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r1, 0x711, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), r0)

3m44.420030629s ago: executing program 2 (id=890):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12)

3m43.650508018s ago: executing program 2 (id=895):
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x189)
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

3m43.266022526s ago: executing program 2 (id=896):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="004cd2fba6"], 0x50)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2101, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x4e00, 0x0, 0x730, 0xbdff, 0x10, "fdffffffffffffff"})
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

3m41.88722348s ago: executing program 2 (id=899):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000180)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x167)

3m41.432112379s ago: executing program 2 (id=900):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

3m40.462742573s ago: executing program 2 (id=901):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x4c3b, 0x4)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7b, 0x4)
recvfrom$inet(r0, 0x0, 0x0, 0x2043, 0x0, 0x0)

3m39.64965104s ago: executing program 35 (id=901):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x4c3b, 0x4)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7b, 0x4)
recvfrom$inet(r0, 0x0, 0x0, 0x2043, 0x0, 0x0)

1m19.794924922s ago: executing program 6 (id=1507):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2, 0x0, @void, @value}, 0x10)
socketpair(0x2, 0x3, 0x1, &(0x7f0000000300))

1m19.566127857s ago: executing program 6 (id=1511):
r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x408, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = getpgid(0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x0, 0x0, 0x4)

1m18.995522292s ago: executing program 6 (id=1519):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x8})
ioctl$DRM_IOCTL_GET_UNIQUE(r2, 0xc0106401, &(0x7f00000001c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14)

54.470166296s ago: executing program 6 (id=1519):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x8})
ioctl$DRM_IOCTL_GET_UNIQUE(r2, 0xc0106401, &(0x7f00000001c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14)

32.166860144s ago: executing program 6 (id=1519):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x8})
ioctl$DRM_IOCTL_GET_UNIQUE(r2, 0xc0106401, &(0x7f00000001c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14)

18.840331394s ago: executing program 7 (id=1883):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)

18.16261104s ago: executing program 7 (id=1885):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x30)

17.08849449s ago: executing program 7 (id=1890):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
r1 = socket$kcm(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0)
r2 = socket$kcm(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='veth1\x00', 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x10)

16.532009108s ago: executing program 7 (id=1904):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
socket$packet(0x11, 0x3, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x10, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80)

9.286260151s ago: executing program 3 (id=1927):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c7", 0x1}], 0x1, 0x0, 0x0, 0x8054}}], 0x1, 0x4000045)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x2}, 0x8)
close(r1)

8.656267433s ago: executing program 3 (id=1929):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x6, 0x2, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x48, 0x4007, @fd_index=0x3, 0x88, 0x0, 0x0, 0x6, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f046, 0x100000})

7.831487996s ago: executing program 3 (id=1931):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x2, 0x2d9b, 0x7, 0x1, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

7.188809458s ago: executing program 5 (id=1933):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000600)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_io_uring_setup(0x121d, &(0x7f0000000380)={0x0, 0x7d10, 0x80, 0x3, 0x1000034e}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457})
io_uring_enter(r0, 0x107a, 0x85c4, 0x0, 0x0, 0x0)

6.286420877s ago: executing program 5 (id=1935):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x200)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r2 = socket(0x28, 0x5, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
ioctl$NBD_DISCONNECT(r1, 0xab08)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
close_range(r0, 0xffffffffffffffff, 0x0)

6.067220922s ago: executing program 8 (id=1936):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r0 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r0, &(0x7f0000000040)="0600", 0x2)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r0, r0, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10)

5.847031352s ago: executing program 5 (id=1937):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200001f, 0x12, r1, 0x0)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)

5.5141723s ago: executing program 9 (id=1938):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r1, 0x28, 0x6, &(0x7f0000000100), 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)

5.245841776s ago: executing program 5 (id=1939):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000200)=[{r1, 0x6600}], 0x1, 0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000340)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

4.830357227s ago: executing program 8 (id=1940):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", ' \x00'}, 0x28)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000001700)="e3", 0x1}], 0x1}, 0x0)

4.624143312s ago: executing program 9 (id=1941):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x20048000)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="600000001000110f00000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="04010000000000003000128009000100766c616e00000000200002800c0002001b0000001d00000006000100000000000600050088a8000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x60}}, 0x0)

4.523020819s ago: executing program 6 (id=1519):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x8})
ioctl$DRM_IOCTL_GET_UNIQUE(r2, 0xc0106401, &(0x7f00000001c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14)

4.454445117s ago: executing program 3 (id=1942):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x1, @remote}, 0xa}}, 0x26)
sendmmsg$inet(r3, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040)

4.422311938s ago: executing program 8 (id=1943):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="8500000008000000760000000000000027000000000000009500000000000000d9e029f8c1652bc575bc1dc3a9fa16094393337a693d6504978ceb558b41537525a394249a1506da9ac69561c187afa3ba7ebc3af563e1e94ceec996695d1d26bbfb2feebab62478775a18852a3359fb20d4d020daf585b85d18b24cf00e3ac10552a5c9acddcb10eae4445de245fe9c7bf90262293683e504b59ef6d4568f30efe6465b5e0aeb3c6f9f5c6ad0a0891670e48b75f800"/192], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xf, &(0x7f00000016c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014100000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r1}, &(0x7f0000000700), &(0x7f0000000740)=r0}, 0x20)

3.207635907s ago: executing program 8 (id=1944):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', <r3=>0x0})
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f0000000280)="4dfb0cf0d556f1327d5b4982ac97bb29bd14f7719b28fe0c", 0x18}}, 0xee)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r3, {0x6, 0xfff2}, {0x5, 0xfff3}, {0xd, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4)

3.203876001s ago: executing program 9 (id=1945):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)
dup3(r2, r0, 0x0)
close(0x3)

3.202875407s ago: executing program 5 (id=1946):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x7, 0x5b, "bd7340"}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="21003300d0800000080211000000080211000001505050505050"], 0x40}}, 0x0)

2.858649138s ago: executing program 9 (id=1947):
syz_open_dev$usbmon(&(0x7f0000000280), 0x80000000000000, 0x0)
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
getpid()
unshare(0x8000000)
r0 = mq_open(&(0x7f00000000c0)='${ \x00', 0x840, 0x8, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x5, 0x4}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.213643649s ago: executing program 7 (id=1948):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

1.713689785s ago: executing program 3 (id=1949):
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
close(0x3)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)=ANY=[], 0x0)

1.681797836s ago: executing program 9 (id=1950):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000008c0)={<r1=>0xffffffffffffffff})
read(r1, &(0x7f0000032440)=""/102364, 0x18fdc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)

642.032402ms ago: executing program 3 (id=1951):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="b695239c08196411731fab0a53dff72d3b912a4c8c8ae6bfe7c7a41b2224bd9057314eaecc8b5ef1615c4de085d09dc96aa6f36060732826c0e3e473c0a25e7e2d0aa543b3ca73575cff431fef8c6e67a630e54ba2c6caae10cf00ad0b0ae4dad4bf1d7ae18a88a6d2708cba894deb38669e18ec5818acb3a51f7e2a773e1cdc22399f34a95753795c5acd9531caf27ffb707b980cc4cf895a2b45afc19e37628e2e41c6a13cf268f44b474eb1dfa40a3e94ae0bd61d4630f0cb71aeb4291d35a4ece94df5902bc4451367e71a1fbe024a670606630d07c7762686efb5937c7dd34123a3863dcf6e0dd5751028fe0c63a64a75f7", 0xf4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000500)="28e6ceb00e919b519d9c75d8fcf6370a0e5820a3ab6a48c49f564a91ccef167412e24838a1258d11365ba45a2f25b09276ee5b5f9480a756f4470ea61b2fb4efb8c84c471dc92c8123010cfdbdb58334fab843d30b6f1e0f4805c9a152b188a9f605b298e6f1", 0x66}, {&(0x7f00000001c0)="f2c0293a7f3c9fbf", 0x8}, {&(0x7f0000000640)="a56e36f21e5b3781a76eaf88293ba3631f4c249d6158a8f24521994342243ded321f5d6d4a3a8ed71abe4e83de427ca7f920c61b1538ef5718853cb9c00576a9e573caa79cea", 0x46}, {&(0x7f00000006c0)="52fad8a2f6e21b15aade9d6f12393327d118219aab8428e0f3480004e52eafe4592e182d4cd7f609834f6214afcceeaacdd3ce254ca8f3f4330db1ee806231cfa98b5736d6f3afbadd8022414c8613ac341b8d1538b6cf5d199b7f2b725c9353de81c0b1e0c8ac5d35b834fd06f4637e2507c227b801c6621964aaed5895438fd97d030cd34829f4c54b99d5efb7893f28f4847812f491f7de6864e4b1304dc35ff1759cef048b21bc4ec21a879978ac29ceced9e7d023469a1b06faaddfa976300f676404adb82ebf8ef4f568c33d880a7bb74fa0622a52", 0xd8}, {&(0x7f00000007c0)="1b3599cc95cb5e69b24ff9b2fd5b1d69d1f18403cf1373d55b65db231bdf20f8738ac39578900a2609508508529dc99cc2e0c7693ea42658dbbcd73a170fd94f4bb03c1de81e670864d13d54a2c849d4f16e19b50dee3f8a13b62dce9e5c32c212d938c5d3cbc7caaaed709c2eccd04150b7bcac12433a0e1aa6e14aae601f57ca4a27cba1e70edf4a99fd86f2a18e2a7c8ca9e9360d", 0x96}], 0x5}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000a80)="300c9fd7cbdc2b2f231d94cd6d13c6ea067c8650bb37ea7854a57cf0f7a972cb67dcc77042c0374d9deb15f82653bcca9269068593831548e731cd83a8b279070f5eebd2be", 0x45}, {&(0x7f0000000b00)="06cedc4940a621666d04c16c7bc82365a6c30f93012a61487c83f039ffe6e1f06f7b3e966de5ebb9c5f7619c3550cb59fb7880b62ef411bdf76f9fe495b036d68a34f5962b6540b7e38cd9d93e52a809c1aae88fe7214723ea2631f776ea5d951164aaf876436f8cbbae020dfbd3271a36146580128f83e60aa0442348c9d50601a6755eefc23d6b50967e2cba097651718e61e5943fffb8f020735c59dad677af425df8ea066e7b029e65d7b7701d7a1808826f3edfdaac51f2aa735330ae4c9c0089b88a5f99a52772882419d8779cf2226b7feea29a4250", 0xd9}, {&(0x7f00000005c0)="0b1b2c75d835f9", 0x7}, {&(0x7f0000000c00)="816bc87eac38491e86bdab5e121df6e8717fa17084c08e31af61c8d06574fb76b9d3be15b309853de22860e8d0adee0e3a379864db571e13475fd5a4efa1bdc85d0dd055e7c339989e3736c9497f31becba6db536fe5ac3cd18810cb134ca4e257a82a6388c45f9aa9b5dd71eb3664a800302244633df83b23af8b88106fe90ac7fda71296f8571e5c3d9f23aef6e23c2601d0589c8b9de4bd43b876d48f130f70f3e9a4cd87b3d306bfbb65e03ad44ed029921084e9d943811d0a7dac3c53f4c2c9bc254dc15106b29d", 0xca}], 0x4}}], 0x3, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

569.674906ms ago: executing program 5 (id=1952):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = epoll_create1(0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000400)={0xb})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x2000000, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

462.875364ms ago: executing program 8 (id=1953):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x8004010}, 0x20000000)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

399.057698ms ago: executing program 9 (id=1954):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f00000000c0)=0x40, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000280)=0x20, 0x4)
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x0, r2}, 0x2a)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000006c0)=0x1140, 0x4)

189.584918ms ago: executing program 8 (id=1955):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
socket$unix(0x1, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$kcm(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034888a809003200030030"], 0xfdef)

0s ago: executing program 7 (id=1956):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

kernel console output (not intermixed with test programs):

.7.857': attribute type 6 has an invalid length.
[  301.832779][ T8977] netlink: 'syz.7.857': attribute type 5 has an invalid length.
[  301.879892][ T8977] netlink: 'syz.7.857': attribute type 4 has an invalid length.
[  302.661369][ T8987] Driver unsupported XDP return value 0 on prog  (id 133) dev N/A, expect packet loss!
[  302.689167][ T5841] Bluetooth: hci0: command tx timeout
[  302.881591][ T5948] bond1 (unregistering): Released all slaves
[  303.310252][ T5938] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  303.370664][ T5938] usb 3-1: USB disconnect, device number 9
[  303.465214][ T5938] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  303.869549][ T8932] chnl_net:caif_netlink_parms(): no params data found
[  304.347727][ T9004] netlink: 'syz.5.853': attribute type 13 has an invalid length.
[  304.487294][ T9007] loop2: detected capacity change from 0 to 2048
[  304.651944][ T9007] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.773169][ T5841] Bluetooth: hci0: command tx timeout
[  304.889792][ T5948] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.924814][ T5948] batman_adv: batadv0: Removing interface: batadv_slave_0
[  305.027528][ T5948] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  305.059753][ T5948] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.273615][ T5948] veth1_macvtap: left promiscuous mode
[  305.323441][ T5948] veth0_macvtap: left promiscuous mode
[  305.346444][ T5948] veth1_vlan: left promiscuous mode
[  305.367793][ T5948] veth0_vlan: left promiscuous mode
[  306.299396][ T9016] loop5: detected capacity change from 0 to 32768
[  306.349996][ T9016] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  306.488945][ T9016] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  306.852973][ T5841] Bluetooth: hci0: command tx timeout
[  306.922459][ T5838] ocfs2: Unmounting device (7,5) on (node local)
[  307.238020][ T9059] netlink: 4 bytes leftover after parsing attributes in process `syz.3.870'.
[  307.482432][ T5948] team0 (unregistering): Port device team_slave_1 removed
[  307.611505][ T5948] team0 (unregistering): Port device team_slave_0 removed
[  308.167249][ T9035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.864'.
[  308.740472][ T9084] netlink: 'syz.7.879': attribute type 1 has an invalid length.
[  308.765168][ T9081] loop2: detected capacity change from 0 to 512
[  308.829458][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.7.879'.
[  309.021184][ T9081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.021389][ T9081] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  309.106191][ T9084] 8021q: adding VLAN 0 to HW filter on device bond1
[  309.178204][   T30] audit: type=1800 audit(1749279917.271:64): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.877" name="file1" dev="loop2" ino=15 res=0 errno=0
[  309.200568][   T30] audit: type=1800 audit(1749279917.301:65): pid=9097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.877" name="file2" dev="loop2" ino=16 res=0 errno=0
[  309.483095][ T5851] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.392940][ T9116] loop6: detected capacity change from 0 to 128
[  310.718245][ T9088] bond1 (unregistering): Released all slaves
[  310.899546][ T8932] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.985721][ T8932] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.035451][ T8932] bridge_slave_0: entered allmulticast mode
[  311.101117][ T8932] bridge_slave_0: entered promiscuous mode
[  311.180291][ T8932] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.231872][ T8932] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.289288][ T8932] bridge_slave_1: entered allmulticast mode
[  311.349365][ T8932] bridge_slave_1: entered promiscuous mode
[  312.333398][ T8932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  312.465542][ T8932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  312.480032][ T9110] loop3: detected capacity change from 0 to 262144
[  312.570850][ T9110] F2FS-fs (loop3): invalid crc value
[  312.690166][ T9110] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  313.119138][ T5938] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  313.202701][ T8932] team0: Port device team_slave_0 added
[  313.303862][ T8932] team0: Port device team_slave_1 added
[  313.310100][ T5938] usb 7-1: Using ep0 maxpacket: 32
[  313.399828][ T5938] usb 7-1: unable to get BOS descriptor or descriptor too short
[  313.420719][ T5938] usb 7-1: no configurations
[  313.441813][ T5938] usb 7-1: can't read configurations, error -22
[  313.657282][ T8932] batman_adv: batadv0: Adding interface: batadv_slave_0
[  313.657313][ T8932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.657391][ T8932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  313.671092][ T8932] batman_adv: batadv0: Adding interface: batadv_slave_1
[  313.671122][ T8932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.671199][ T8932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  313.958945][ T8932] hsr_slave_0: entered promiscuous mode
[  313.961537][ T8932] hsr_slave_1: entered promiscuous mode
[  313.962323][ T8932] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  313.962417][ T8932] Cannot create hsr debugfs directory
[  314.653535][ T5938] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  314.833629][ T5938] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  314.879122][ T5938] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  314.939221][ T5938] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  315.010046][ T5938] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.069657][ T5938] usb 7-1: config 0 descriptor??
[  315.406399][ T9164] Bluetooth: MGMT ver 1.23
[  315.495976][ T5938] usb 7-1: string descriptor 0 read error: -71
[  315.530579][ T5938] usb 7-1: USB disconnect, device number 10
[  315.818546][ T9180] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  315.907652][   T66] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.458635][   T66] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.733867][   T66] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.779614][ T8932] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  316.809313][ T9192] sd 0:0:1:0: PR command failed: 1026
[  316.817617][ T9192] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  316.829990][ T9192] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  316.857684][ T8932] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  317.202799][ T9202] loop7: detected capacity change from 0 to 128
[  317.944341][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  317.959923][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  317.975216][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  317.986388][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  317.997055][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  318.089813][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.078960][   T66] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.122071][ T8932] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  319.247248][ T8932] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  319.350821][ T5903] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  319.539815][ T5903] usb 8-1: Using ep0 maxpacket: 32
[  319.618701][ T5903] usb 8-1: config 0 has an invalid interface number: 85 but max is 0
[  319.684981][ T5903] usb 8-1: config 0 has no interface number 0
[  319.700810][ T9200] loop5: detected capacity change from 0 to 262144
[  319.736354][ T9200] F2FS-fs (loop5): invalid crc value
[  319.795739][ T9233] netlink: 104 bytes leftover after parsing attributes in process `syz.3.914'.
[  319.845323][ T5903] usb 8-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  320.235884][ T5845] Bluetooth: hci5: command tx timeout
[  320.421646][ T5903] usb 8-1: config 0 interface 85 has no altsetting 0
[  320.841814][ T5903] usb 8-1: string descriptor 0 read error: -71
[  320.848221][ T5903] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  320.939949][ T5903] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.997643][ T5903] usb 8-1: config 0 descriptor??
[  321.030976][ T9241] input: syz0 as /devices/virtual/input/input10
[  321.041196][ T9245] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'.
[  321.060128][ T5903] usb 8-1: can't set config #0, error -71
[  321.140683][ T5903] usb 8-1: USB disconnect, device number 5
[  321.641966][   T66] bridge_slave_1: left allmulticast mode
[  321.673213][   T66] bridge_slave_1: left promiscuous mode
[  321.699710][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.802471][   T66] bridge_slave_0: left allmulticast mode
[  321.812240][   T66] bridge_slave_0: left promiscuous mode
[  321.831267][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.132354][ T9246] loop5: detected capacity change from 0 to 32768
[  322.187696][ T9246] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.915 (9246)
[  322.291287][ T5841] Bluetooth: hci5: command tx timeout
[  322.303564][ T9246] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  322.348026][ T9265] loop6: detected capacity change from 0 to 512
[  322.374576][ T9246] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm
[  322.535822][ T9265] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  322.606093][ T9265] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  322.609256][   T44] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  322.737566][   T30] audit: type=1800 audit(1749279930.841:66): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.930" name="file1" dev="loop6" ino=15 res=0 errno=0
[  322.781390][   T30] audit: type=1800 audit(1749279930.891:67): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.930" name="file2" dev="loop6" ino=16 res=0 errno=0
[  322.790616][ T9246] BTRFS info (device loop5): rebuilding free space tree
[  322.830169][   T44] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  322.862166][   T44] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  322.892950][   T44] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  322.926590][ T9246] BTRFS info (device loop5): disabling free space tree
[  322.943962][   T44] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.953292][ T9246] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  323.002568][ T9246] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  323.025809][   T44] usb 8-1: config 0 descriptor??
[  323.119159][ T6682] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.318095][   T44] usb 8-1: string descriptor 0 read error: -71
[  323.362339][   T44] usb 8-1: USB disconnect, device number 6
[  323.800178][ T5838] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  324.320836][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  324.369751][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  324.448174][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  324.578723][   T66] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  324.624867][ T9305] loop7: detected capacity change from 0 to 512
[  324.691282][ T9305] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.769150][   T66] bond0 (unregistering): Released all slaves
[  324.819823][ T9305] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.883373][ T9311] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  325.022902][ T9257] netlink: 'syz.3.918': attribute type 5 has an invalid length.
[  325.062211][ T9305] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  325.109895][   T44] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  325.196147][ T8932] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.321201][   T44] usb 7-1: Using ep0 maxpacket: 8
[  325.353349][   T44] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.395081][   T44] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.426004][   T44] usb 7-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  325.466438][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.477396][ T7032] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.505928][   T44] usb 7-1: config 0 descriptor??
[  325.766199][ T8932] 8021q: adding VLAN 0 to HW filter on device team0
[  325.797122][ T9323] xt_hashlimit: size too large, truncated to 1048576
[  326.150872][ T5995] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  326.334175][ T5995] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.380657][ T5995] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.419185][ T5995] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  326.428426][ T5995] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.450753][ T5845] Bluetooth: hci5: command 0x040f tx timeout
[  326.512821][ T5995] usb 8-1: config 0 descriptor??
[  326.855436][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  326.877811][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  327.025100][ T5995] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  327.047147][ T5995] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  327.121984][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.127691][ T5995] pyra 0003:1E7D:2CF6.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.7-1/input0
[  327.129330][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  327.230128][ T9208] chnl_net:caif_netlink_parms(): no params data found
[  327.518389][   T66] hsr_slave_0: left promiscuous mode
[  327.556601][   T66] hsr_slave_1: left promiscuous mode
[  327.599221][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  327.615502][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  327.632193][   T44] usbhid 7-1:0.0: can't add hid device: -71
[  327.638421][   T44] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  327.660051][   T44] usb 7-1: USB disconnect, device number 11
[  327.672556][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  327.726825][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  327.836025][ T5995] pyra 0003:1E7D:2CF6.000A: couldn't init struct pyra_device
[  327.860950][ T5995] pyra 0003:1E7D:2CF6.000A: couldn't install mouse
[  327.877139][   T66] veth1_macvtap: left promiscuous mode
[  327.880282][ T5995] pyra 0003:1E7D:2CF6.000A: probe with driver pyra failed with error -71
[  327.902596][   T66] veth0_macvtap: left promiscuous mode
[  327.924382][ T5995] usb 8-1: USB disconnect, device number 7
[  327.927692][   T66] veth1_vlan: left promiscuous mode
[  327.978549][   T66] veth0_vlan: left promiscuous mode
[  328.389496][   T44] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  328.530920][ T5845] Bluetooth: hci5: command 0x040f tx timeout
[  328.583564][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.622308][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.632854][   T44] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  328.642645][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.670289][   T44] usb 6-1: config 0 descriptor??
[  329.142722][   T44] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  329.178223][   T44] cp2112 0003:10C4:EA90.000B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  329.346601][   T44] cp2112 0003:10C4:EA90.000B: Part Number: 0x82 Device Version: 0xFE
[  329.967374][   T44] cp2112 0003:10C4:EA90.000B: error reading lock byte: -71
[  330.008761][   T44] usb 6-1: USB disconnect, device number 10
[  330.107619][   T66] team0 (unregistering): Port device team_slave_1 removed
[  330.267420][   T66] team0 (unregistering): Port device team_slave_0 removed
[  330.470411][ T5910] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  330.650496][ T5910] usb 8-1: Using ep0 maxpacket: 32
[  330.688501][ T5910] usb 8-1: config 0 has an invalid interface number: 184 but max is 11
[  330.698299][ T5910] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 12
[  330.716055][ T5910] usb 8-1: config 0 has no interface number 0
[  330.722323][ T5910] usb 8-1: config 0 interface 184 has no altsetting 0
[  330.744276][ T5910] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  330.763438][ T5910] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.772057][ T5910] usb 8-1: Product: syz
[  330.776273][ T5910] usb 8-1: Manufacturer: syz
[  330.791790][ T5910] usb 8-1: SerialNumber: syz
[  330.804976][ T5910] usb 8-1: config 0 descriptor??
[  330.818414][ T5910] smsc75xx v1.0.0
[  331.484005][ T5910] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  331.497023][ T5910] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  332.028918][ T9425] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input11
[  332.365678][ T5910] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  332.391070][ T5910] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  332.402647][ T5910] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  332.412929][ T5910] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -71
[  332.482936][ T5910] usb 8-1: USB disconnect, device number 8
[  332.701725][ T9365] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.709446][ T9365] bridge0: port 2(bridge_slave_1) entered forwarding state
[  332.792232][ T9434] loop9: detected capacity change from 0 to 8
[  332.880806][ T9434]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  332.962254][ T9434] loop9: partition table partially beyond EOD, truncated
[  333.020512][ T9434] loop9: p1 size 81768186 extends beyond EOD, truncated
[  333.127855][ T6339] Dev loop9: unable to read RDB block 8
[  333.159104][ T6339]  loop9: unable to read partition table
[  333.165183][ T6339] loop9: partition table beyond EOD, truncated
[  333.304846][ T9439] Dev loop9: unable to read RDB block 8
[  333.346653][ T9439]  loop9: unable to read partition table
[  333.399611][ T9439] loop9: partition table beyond EOD, truncated
[  333.408211][ T9439] loop_reread_partitions: partition scan of loop9 (þ被xüÿÿÿÿÿÿÿ ) failed (rc=-5)
[  333.454121][ T9208] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.487044][ T9208] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.560764][ T9208] bridge_slave_0: entered allmulticast mode
[  333.724766][ T9448] program syz.7.952 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  333.756001][ T9448] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  334.028275][ T9208] bridge_slave_0: entered promiscuous mode
[  334.246911][ T6339] udevd[6339]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  334.302473][ T9450] evm: overlay not supported
[  334.694966][ T9457] netlink: 12 bytes leftover after parsing attributes in process `syz.7.955'.
[  335.484175][ T9464] loop3: detected capacity change from 0 to 32768
[  335.494306][ T9464] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.957 (9464)
[  335.587478][ T9464] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  335.641176][ T9464] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  335.779099][ T5910] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  335.923650][ T9464] BTRFS info (device loop3): rebuilding free space tree
[  335.972627][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.990797][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.011072][ T5910] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  336.015099][ T9464] BTRFS info (device loop3): disabling free space tree
[  336.033041][ T9464] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  336.039064][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.043064][ T9464] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  336.094790][ T5910] usb 7-1: config 0 descriptor??
[  336.489273][ T5842] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  336.533862][ T5910] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  336.566737][ T5910] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[  336.739184][ T5910] cp2112 0003:10C4:EA90.000C: Part Number: 0x82 Device Version: 0xFE
[  337.353521][ T9474] cp2112 0003:10C4:EA90.000C: Multi-message I2C transactions not supported
[  337.375040][ T5910] cp2112 0003:10C4:EA90.000C: error reading lock byte: -71
[  337.388503][ T9509] loop3: detected capacity change from 0 to 4096
[  337.415286][ T5910] usb 7-1: USB disconnect, device number 12
[  337.661843][ T9509] ntfs3(loop3): failed to convert "0080" to koi8-ru
[  337.692382][ T9509] ntfs3(loop3): failed to convert name for inode 1e.
[  337.715721][ T9509] ntfs3(loop3): ino=1f, mi_enum_attr
[  338.132258][    C0] vkms_vblank_simulate: vblank timer overrun
[  339.897661][ T9208] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.909497][ T9208] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.919522][ T9208] bridge_slave_1: entered allmulticast mode
[  339.945244][ T9208] bridge_slave_1: entered promiscuous mode
[  340.413878][ T9208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  340.501938][ T9532] 9pnet: p9_errstr2errno: server reported unknown error ../file0
[  340.586058][ T8932] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  340.620315][ T8932] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  340.674736][ T9208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  341.414605][ T9540] loop7: detected capacity change from 0 to 32768
[  341.499742][ T9540] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  341.580421][ T9540] XFS (loop7): Ending clean mount
[  341.776400][ T7032] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  341.844439][ T9555] loop5: detected capacity change from 0 to 2048
[  341.856891][ T9555] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  341.873946][ T9555] UDF-fs: Scanning with blocksize 512 failed
[  341.976031][ T9555] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  343.171773][ T9569] netlink: 'syz.5.978': attribute type 4 has an invalid length.
[  343.254667][ T9570] netlink: 'syz.5.978': attribute type 4 has an invalid length.
[  343.520625][ T9574] netlink: 186232 bytes leftover after parsing attributes in process `syz.6.979'.
[  344.906900][ T9583] loop7: detected capacity change from 0 to 2048
[  344.938950][ T9583] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  347.494462][ T9208] team0: Port device team_slave_0 added
[  347.878317][ T9587] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.889720][ T9587] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.247178][ T9587] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.322771][ T9587] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.800686][ T9587] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  348.818451][ T9587] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  348.844626][ T9587] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  348.865560][ T9587] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  349.206443][ T9634] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  349.254900][ T9208] team0: Port device team_slave_1 added
[  349.616839][ T9643] cgroup: Invalid name
[  349.643937][ T9208] batman_adv: batadv0: Adding interface: batadv_slave_0
[  349.657761][ T9208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.701815][ T9208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.724376][ T9208] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.746551][ T9208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.789199][ T9208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  349.894318][   T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  350.012352][ T9208] hsr_slave_0: entered promiscuous mode
[  350.031213][ T9208] hsr_slave_1: entered promiscuous mode
[  350.037477][ T9208] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  350.054825][ T9208] Cannot create hsr debugfs directory
[  350.072304][ T8932] 8021q: adding VLAN 0 to HW filter on device batadv0
[  350.103407][   T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  350.130346][   T10] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  350.176924][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  350.209214][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  350.241470][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  350.291376][   T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  350.309277][   T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  350.317434][   T10] usb 6-1: Product: syz
[  350.360832][   T10] usb 6-1: Manufacturer: syz
[  350.428199][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  350.449418][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  350.479809][   T10] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  350.508580][   T10] cdc_wdm 6-1:1.0: Unknown control protocol
[  351.041108][    C1] cdc_wdm 6-1:1.0: Unexpected error -71
[  351.042754][   T10] usb 6-1: USB disconnect, device number 11
[  351.049944][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  351.060121][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  351.066230][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  351.139690][ T9671] program syz.3.1006 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  351.150815][ T9671] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  353.970047][ T9711] netlink: 'syz.7.1017': attribute type 1 has an invalid length.
[  354.299300][ T5938] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  354.459223][ T5938] usb 8-1: Using ep0 maxpacket: 8
[  354.468046][ T5938] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.480986][ T5938] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  354.494447][ T5938] usb 8-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  354.505019][ T5938] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.520445][ T5938] usb 8-1: config 0 descriptor??
[  354.559485][ T5910] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  354.731586][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.749248][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.761097][ T5910] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  354.771250][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.801120][ T5910] usb 6-1: config 0 descriptor??
[  354.970240][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  354.978383][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  354.987965][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  354.995735][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.002937][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.021694][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.029348][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.036553][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.043875][ T5938] hid-rmi 0003:06CB:81A7.000D: unknown main item tag 0x0
[  355.051160][ T5938] hid-rmi 0003:06CB:81A7.000D: unbalanced collection at end of report description
[  355.061621][ T5938] hid-rmi 0003:06CB:81A7.000D: parse failed
[  355.070748][ T5938] hid-rmi 0003:06CB:81A7.000D: probe with driver hid-rmi failed with error -22
[  355.204569][ T5917] usb 8-1: USB disconnect, device number 9
[  355.251517][ T5910] sony 0003:054C:024B.000E: unexpected long global item
[  355.270178][ T5910] sony 0003:054C:024B.000E: parse failed
[  355.275982][ T5910] sony 0003:054C:024B.000E: probe with driver sony failed with error -22
[  355.486003][ T5917] usb 6-1: USB disconnect, device number 12
[  356.221924][ T9726] loop7: detected capacity change from 0 to 32768
[  356.230576][ T9726] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1021 (9726)
[  356.267415][ T9726] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  356.277736][ T9726] BTRFS info (device loop7): using sha256 (sha256-x86_64) checksum algorithm
[  356.286781][ T9726] BTRFS info (device loop7): using free-space-tree
[  357.153559][ T7032] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  359.943604][ T9208] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  360.093206][ T9208] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  360.134653][ T5841] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  360.149268][ T5841] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  360.158183][ T5841] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  360.173387][ T5841] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  360.184737][ T9208] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  360.202684][ T5841] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  361.392032][ T9208] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  362.299395][ T5841] Bluetooth: hci6: command tx timeout
[  362.610425][   T10] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  362.782060][   T10] usb 8-1: config 0 has no interfaces?
[  362.829144][   T10] usb 8-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51
[  362.838270][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.877105][   T10] usb 8-1: Product: syz
[  362.900686][   T10] usb 8-1: Manufacturer: syz
[  362.911979][   T10] usb 8-1: SerialNumber: syz
[  362.963876][   T10] usb 8-1: config 0 descriptor??
[  363.337279][   T44] usb 8-1: USB disconnect, device number 10
[  363.471156][   T66] bridge_slave_1: left allmulticast mode
[  363.476908][   T66] bridge_slave_1: left promiscuous mode
[  363.506863][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.565661][   T66] bridge_slave_0: left allmulticast mode
[  363.586831][   T66] bridge_slave_0: left promiscuous mode
[  363.594067][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.008497][ T9837] loop5: detected capacity change from 0 to 32768
[  364.021339][ T9837] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1047 (9837)
[  364.046188][ T9837] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  364.056516][ T9837] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm
[  364.270126][ T9837] BTRFS info (device loop5): rebuilding free space tree
[  364.297990][ T9837] BTRFS info (device loop5): disabling free space tree
[  364.305605][ T9837] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  364.315534][ T9837] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  364.369394][ T5841] Bluetooth: hci6: command tx timeout
[  364.986451][ T5838] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  365.900762][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  365.978706][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.034830][   T66] bond0 (unregistering): Released all slaves
[  366.345875][ T9772] chnl_net:caif_netlink_parms(): no params data found
[  366.460089][ T5841] Bluetooth: hci6: command tx timeout
[  366.502727][   T66] hsr_slave_0: left promiscuous mode
[  366.661417][   T66] hsr_slave_1: left promiscuous mode
[  366.673209][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  366.700446][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  366.824619][ T9873] loop7: detected capacity change from 0 to 32768
[  366.963977][ T9873] JBD2: Ignoring recovery information on journal
[  367.028638][ T9873] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  367.147135][   T30] audit: type=1800 audit(1749279975.251:68): pid=9873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1055" name="file1" dev="loop7" ino=17058 res=0 errno=0
[  367.336073][ T9895] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1062'.
[  367.537458][ T7032] ocfs2: Unmounting device (7,7) on (node local)
[  367.829095][   T44] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  367.939942][   T66] team0 (unregistering): Port device team_slave_1 removed
[  367.995593][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.029356][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.065263][   T44] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  368.078200][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.095925][   T44] usb 4-1: config 0 descriptor??
[  368.099277][   T66] team0 (unregistering): Port device team_slave_0 removed
[  368.529590][ T5841] Bluetooth: hci6: command tx timeout
[  368.558402][   T44] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  368.603710][   T44] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  368.756791][   T44] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE
[  368.780108][ T5197] udevd[5197]: worker [6073] terminated by signal 33 (Unknown signal 33)
[  368.809905][ T5197] udevd[5197]: worker [6073] failed while handling '/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:10C4:EA90.000F/hidraw/hidraw0'
[  369.286380][ T9927] loop5: detected capacity change from 0 to 512
[  369.405514][ T9899] cp2112 0003:10C4:EA90.000F: Error starting transaction: -38
[  369.416308][   T44] cp2112 0003:10C4:EA90.000F: error reading lock byte: -71
[  369.486968][ T9927] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  369.505026][   T44] usb 4-1: USB disconnect, device number 9
[  369.611324][ T9927] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  369.900793][ T5838] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  371.615879][ T9955] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1079'.
[  372.063988][ T9208] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.413192][ T9208] 8021q: adding VLAN 0 to HW filter on device team0
[  372.484151][ T9973] wg2: entered allmulticast mode
[  372.554861][ T9974] wg2: entered promiscuous mode
[  372.625373][ T9772] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.666279][ T9772] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.712612][ T9772] bridge_slave_0: entered allmulticast mode
[  372.725493][ T9976] loop7: detected capacity change from 0 to 40427
[  372.740081][ T9976] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  372.747885][ T9976] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  372.768240][ T9772] bridge_slave_0: entered promiscuous mode
[  372.862050][ T9976] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  372.869398][ T9976] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  372.979535][ T9772] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.984791][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  372.986719][ T9772] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.994772][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.009509][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.017120][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.024792][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.033274][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.041800][ T9976] F2FS-fs (loop7): invalid namelen(0), ino:0, run fsck to fix.
[  373.058540][ T9772] bridge_slave_1: entered allmulticast mode
[  373.089601][ T9772] bridge_slave_1: entered promiscuous mode
[  373.099123][ T9378] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.106350][ T9378] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.125749][ T9378] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.133039][ T9378] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.187552][ T9976] syz.7.1083: attempt to access beyond end of device
[  373.187552][ T9976] loop7: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  373.338950][ T9772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.475896][ T9772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  373.677678][ T9772] team0: Port device team_slave_0 added
[  373.714553][ T9772] team0: Port device team_slave_1 added
[  374.163668][ T9772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.180768][ T9772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.259116][ T9772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.301262][ T9772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.323412][T10003] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1089'.
[  374.359228][ T9772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.466966][ T9772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.638297][T10003] ipvlan2: entered promiscuous mode
[  375.158131][ T9993] loop6: detected capacity change from 0 to 32768
[  375.272628][ T9993] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  375.616275][ T9772] hsr_slave_0: entered promiscuous mode
[  375.640863][ T9772] hsr_slave_1: entered promiscuous mode
[  375.654204][ T9993] XFS (loop6): Ending clean mount
[  375.685282][ T9772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  375.752341][ T9772] Cannot create hsr debugfs directory
[  376.427615][ T6682] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  378.491390][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  378.503087][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  378.511722][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  378.535382][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  378.556130][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  380.689753][ T5841] Bluetooth: hci0: command tx timeout
[  381.029129][ T5917] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  381.199265][ T5917] usb 6-1: Using ep0 maxpacket: 16
[  381.229250][ T5917] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  381.272227][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  381.366918][ T5917] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  381.403141][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.452214][ T5917] usb 6-1: Product: syz
[  381.472830][ T5917] usb 6-1: Manufacturer: syz
[  381.477517][ T5917] usb 6-1: SerialNumber: syz
[  381.511010][ T5917] usb 6-1: config 0 descriptor??
[  381.569668][ T5917] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  381.631122][ T5917] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  381.668330][T10077] chnl_net:caif_netlink_parms(): no params data found
[  381.834867][ T9772] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  381.937480][T10128] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  382.064594][ T9772] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  382.144089][ T9772] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  382.160553][ T5917] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  382.180873][ T5917] em28xx 6-1:0.0: Config register raw data: 0x2f
[  382.209486][ T5917] em28xx 6-1:0.0: I2S Audio (1 sample rate(s))
[  382.222779][ T5917] em28xx 6-1:0.0: No AC97 audio processor
[  382.403393][ T9772] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  382.453127][   T66] bridge_slave_1: left allmulticast mode
[  382.465945][   T66] bridge_slave_1: left promiscuous mode
[  382.483824][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.537961][   T66] bridge_slave_0: left allmulticast mode
[  382.553492][   T66] bridge_slave_0: left promiscuous mode
[  382.574301][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.769375][ T5841] Bluetooth: hci0: command tx timeout
[  383.068933][   T44] usb 6-1: USB disconnect, device number 13
[  383.528698][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  383.552498][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  383.565415][   T66] bond0 (unregistering): Released all slaves
[  384.447929][   T66] hsr_slave_0: left promiscuous mode
[  384.849169][ T5841] Bluetooth: hci0: command tx timeout
[  384.854998][   T66] hsr_slave_1: left promiscuous mode
[  384.884499][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  385.065583][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  385.266426][T10184] Set syz1 is full, maxelem 1038 reached
[  385.470285][T10188] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1133'.
[  385.850036][   T66] team0 (unregistering): Port device team_slave_1 removed
[  385.947209][   T66] team0 (unregistering): Port device team_slave_0 removed
[  386.641359][T10077] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.650963][T10077] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.658255][T10077] bridge_slave_0: entered allmulticast mode
[  386.674162][T10077] bridge_slave_0: entered promiscuous mode
[  386.691224][T10175] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  386.713708][T10183] batman_adv: batadv0: Adding interface: dummy0
[  386.727765][T10183] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.761122][T10183] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  386.792013][T10188] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.802973][T10188] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.926513][T10077] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.939509][ T5841] Bluetooth: hci0: command tx timeout
[  386.959282][T10077] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.968298][T10077] bridge_slave_1: entered allmulticast mode
[  387.009846][T10077] bridge_slave_1: entered promiscuous mode
[  387.243401][T10077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.309695][ T5938] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  387.447698][T10077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.549910][ T5938] usb 7-1: Using ep0 maxpacket: 32
[  387.569684][   T10] page_pool_release_retry() stalled pool shutdown: id 52, 2 inflight 60 sec
[  387.572087][ T5938] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  388.320478][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  388.331463][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  388.406157][ T5938] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  388.415322][ T5938] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  388.424037][ T5938] usb 7-1: Product: syz
[  388.428257][ T5938] usb 7-1: Manufacturer: syz
[  388.439254][ T5938] usb 7-1: SerialNumber: syz
[  388.447628][ T5938] usb 7-1: config 0 descriptor??
[  388.454266][T10202] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  388.564542][T10077] team0: Port device team_slave_0 added
[  388.669827][T10077] team0: Port device team_slave_1 added
[  388.865381][ T5938] usb 7-1: USB disconnect, device number 13
[  388.977286][T10077] batman_adv: batadv0: Adding interface: batadv_slave_0
[  389.000281][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.047934][T10077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  389.075723][T10077] batman_adv: batadv0: Adding interface: batadv_slave_1
[  389.098151][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.183438][T10077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  389.202556][   T30] audit: type=1326 audit(1749279997.311:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.377050][   T30] audit: type=1326 audit(1749279997.311:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.463185][   T30] audit: type=1326 audit(1749279997.311:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.577945][   T30] audit: type=1326 audit(1749279997.311:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.681814][   T30] audit: type=1326 audit(1749279997.311:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.779104][   T30] audit: type=1326 audit(1749279997.311:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.789605][T10077] hsr_slave_0: entered promiscuous mode
[  389.891319][   T30] audit: type=1326 audit(1749279997.351:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.920222][T10077] hsr_slave_1: entered promiscuous mode
[  389.989423][   T30] audit: type=1326 audit(1749279997.381:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  389.990346][T10077] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  390.101289][T10077] Cannot create hsr debugfs directory
[  390.160626][   T30] audit: type=1326 audit(1749279997.381:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  390.271403][   T30] audit: type=1326 audit(1749279997.381:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  390.620626][T10255] loop6: detected capacity change from 0 to 512
[  390.632884][ T9772] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.673711][T10255] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  390.834713][T10255] EXT4-fs (loop6): 1 orphan inode deleted
[  390.846574][T10255] EXT4-fs (loop6): 1 truncate cleaned up
[  390.877803][T10255] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.983691][T10255] EXT4-fs error (device loop6): ext4_search_dir:1473: inode #12: block 7: comm syz.6.1154: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  391.093829][T10255] EXT4-fs (loop6): Remounting filesystem read-only
[  391.160817][T10266] netlink: 'syz.6.1154': attribute type 11 has an invalid length.
[  391.214942][T10267] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  391.318679][ T6682] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.552454][ T9772] 8021q: adding VLAN 0 to HW filter on device team0
[  391.597486][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.604781][ T9370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.706388][ T9220] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.713688][ T9220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.221853][T10077] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  392.263523][T10077] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  392.361803][T10077] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  392.397940][T10077] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  392.951566][T10280] loop6: detected capacity change from 0 to 32768
[  393.020381][T10280] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1170 (10280)
[  393.090877][T10280] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  393.194519][T10280] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm
[  393.294727][ T9772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  393.582639][T10077] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.630326][ T9394] BTRFS warning (device loop6): checksum verify failed on logical 5267456 mirror 1 wanted 0xb8512a1d2916df35de1eb979e5409d57680a9623aa14e80f6c4e3536403d44d6 found 0x245990729936af8dc1db6a7152d699424caece9a5cd1ea06336869bff6fe8d65 level 0
[  393.697366][T10077] 8021q: adding VLAN 0 to HW filter on device team0
[  393.751558][T10280] BTRFS warning (device loop6): failed to read fs tree: -5
[  393.803987][ T9373] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.811275][ T9373] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.917652][ T9373] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.924898][ T9373] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.965276][T10280] BTRFS error (device loop6): open_ctree failed: -5
[  394.625363][T10340] loop5: detected capacity change from 0 to 1024
[  394.633577][T10340] hfsplus: unable to find HFS+ superblock
[  394.814448][ T9772] veth0_vlan: entered promiscuous mode
[  394.901417][ T9772] veth1_vlan: entered promiscuous mode
[  395.112801][ T9772] veth0_macvtap: entered promiscuous mode
[  395.157577][T10077] 8021q: adding VLAN 0 to HW filter on device batadv0
[  395.196370][ T9772] veth1_macvtap: entered promiscuous mode
[  395.291674][ T9772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.358236][ T9772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.397935][ T9772] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.429050][ T9772] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.459186][ T9772] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.485355][ T9772] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  396.334069][ T9373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.435364][ T9373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.460395][T10372] netlink: 2028 bytes leftover after parsing attributes in process `syz.7.1178'.
[  396.522568][T10372] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1178'.
[  396.655026][ T9911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.695963][ T9911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.814034][T10360] loop5: detected capacity change from 0 to 131072
[  397.146933][T10382] loop8: detected capacity change from 0 to 512
[  397.196616][T10077] veth0_vlan: entered promiscuous mode
[  397.208818][T10382] EXT4-fs: Ignoring removed nobh option
[  397.287274][T10077] veth1_vlan: entered promiscuous mode
[  397.298725][T10360] F2FS-fs (loop5): Test dummy encryption mode enabled
[  397.311053][T10360] F2FS-fs (loop5): invalid crc value
[  397.319484][T10382] EXT4-fs error (device loop8): ext4_orphan_get:1393: inode #15: comm syz.8.818: iget: bad i_size value: 38620345925642
[  397.456096][T10382] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.818: couldn't read orphan inode 15 (err -117)
[  397.457267][T10360] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  397.544069][T10382] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  397.624319][T10360] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  397.647546][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  397.647572][   T30] audit: type=1800 audit(1749280005.751:81): pid=10360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1176" name="file1" dev="loop5" ino=10 res=0 errno=0
[  397.703718][T10077] veth0_macvtap: entered promiscuous mode
[  397.769633][T10077] veth1_macvtap: entered promiscuous mode
[  397.893684][T10077] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.984297][   T30] audit: type=1804 audit(1749280006.091:82): pid=10399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1184" name="file0" dev="tmpfs" ino=1274 res=1 errno=0
[  398.028756][T10077] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.080923][T10077] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.089831][T10077] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.101383][T10077] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.119029][T10077] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  398.200588][ T9915] EXT4-fs error (device loop8): ext4_validate_block_bitmap:431: comm kworker/u8:59: bg 0: block 5: invalid block bitmap
[  398.278926][ T9915] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 23 with error 28
[  398.313029][ T9915] EXT4-fs (loop8): This should not happen!! Data will be lost
[  398.313029][ T9915] 
[  398.355910][ T9915] EXT4-fs (loop8): Total free blocks count 0
[  398.370693][ T9915] EXT4-fs (loop8): Free/Dirty block details
[  398.389229][T10403] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1186'.
[  398.417889][ T9915] EXT4-fs (loop8): free_blocks=0
[  398.429229][ T9915] EXT4-fs (loop8): dirty_blocks=23
[  398.437073][ T9915] EXT4-fs (loop8): Block reservation details
[  398.463351][ T9915] EXT4-fs (loop8): i_reserved_data_blocks=23
[  398.478694][ T9772] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.569750][ T5903] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  398.579206][ T9911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.589518][ T9911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.762764][ T9911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.779557][ T5903] usb 8-1: Using ep0 maxpacket: 16
[  398.805660][ T5903] usb 8-1: config 0 has an invalid interface number: 180 but max is 0
[  398.826065][ T9911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.843798][ T5903] usb 8-1: config 0 has no interface number 0
[  398.881663][ T5903] usb 8-1: config 0 interface 180 has no altsetting 0
[  398.965967][ T5903] usb 8-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f
[  398.985592][ T5903] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.022647][ T5903] usb 8-1: Product: syz
[  399.047354][ T5903] usb 8-1: Manufacturer: syz
[  399.064777][ T5903] usb 8-1: SerialNumber: syz
[  399.088626][ T5903] usb 8-1: config 0 descriptor??
[  399.251670][T10418] loop9: detected capacity change from 0 to 512
[  399.295090][T10418] EXT4-fs error (device loop9): ext4_orphan_get:1393: inode #15: comm syz.9.904: casefold flag without casefold feature
[  399.323192][T10418] EXT4-fs error (device loop9): ext4_orphan_get:1396: comm syz.9.904: couldn't read orphan inode 15 (err -117)
[  399.376080][T10421] netlink: 168 bytes leftover after parsing attributes in process `syz.6.1193'.
[  399.376774][T10418] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.511021][ T5903] viperboard 8-1:0.180: version 0.f2 found at bus 008 address 011
[  399.613369][ T5903] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  399.650554][ T5903] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  399.662322][T10424] EXT4-fs (loop9): shut down requested (0)
[  399.726565][ T5903] usb 8-1: USB disconnect, device number 11
[  400.037878][T10077] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.191545][T10440] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1200'.
[  402.558512][T10430] loop9: detected capacity change from 0 to 32768
[  402.789972][T10430] JBD2: Ignoring recovery information on journal
[  403.008640][T10430] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  403.159014][   T30] audit: type=1800 audit(1749280011.241:83): pid=10430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1196" name="file1" dev="loop9" ino=17058 res=0 errno=0
[  404.004254][T10077] ocfs2: Unmounting device (7,9) on (node local)
[  405.177828][T10480] loop5: detected capacity change from 0 to 2048
[  405.390014][T10490] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  405.583871][T10490] NILFS (loop5): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  405.636115][T10490] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=2)
[  405.724019][T10490] Remounting filesystem read-only
[  405.733869][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  405.756436][T10480] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  405.778644][T10497] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1221'.
[  405.999679][T10501] loop8: detected capacity change from 0 to 2048
[  406.137542][T10501] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  407.357041][ T9772] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.183507][T10542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.283694][T10536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.523672][T10547] loop8: detected capacity change from 0 to 4096
[  408.563767][T10547] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[  408.738656][T10555] netlink: 'syz.5.1240': attribute type 3 has an invalid length.
[  409.521894][T10569] batman_adv: batadv0: Adding interface: dummy0
[  409.528201][T10569] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.694443][T10569] batman_adv: batadv0: Interface activated: dummy0
[  409.828490][T10579] Set syz1 is full, maxelem 1038 reached
[  409.936483][T10582] sd 0:0:1:0: PR command failed: 1026
[  409.947084][T10582] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  409.957401][T10582] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  409.969228][   T10] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  410.160002][   T10] usb 8-1: Using ep0 maxpacket: 32
[  410.178285][   T10] usb 8-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  410.208446][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.251385][   T10] usb 8-1: config 0 descriptor??
[  410.286159][   T10] gspca_main: nw80x-2.14.0 probing 055f:d001
[  410.749157][ T5930] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  410.823658][T10604] netlink: 'syz.6.1261': attribute type 1 has an invalid length.
[  410.858565][T10604] netlink: 'syz.6.1261': attribute type 4 has an invalid length.
[  410.882113][T10605] netlink: 'syz.6.1261': attribute type 1 has an invalid length.
[  410.887496][T10604] netlink: 9462 bytes leftover after parsing attributes in process `syz.6.1261'.
[  410.917857][T10605] netlink: 'syz.6.1261': attribute type 4 has an invalid length.
[  410.946779][T10605] netlink: 9462 bytes leftover after parsing attributes in process `syz.6.1261'.
[  410.959262][ T5930] usb 9-1: Using ep0 maxpacket: 32
[  410.967582][ T5930] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  410.988937][ T5930] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  411.011896][ T5930] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  411.045181][ T5930] usb 9-1: Product: syz
[  411.064256][ T5930] usb 9-1: Manufacturer: syz
[  411.074580][ T5930] usb 9-1: SerialNumber: syz
[  411.110765][ T5930] usb 9-1: config 0 descriptor??
[  411.138429][T10598] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  411.503290][ T5903] usb 9-1: USB disconnect, device number 2
[  411.804540][   T10] usb 8-1: USB disconnect, device number 12
[  413.298570][T10648] netlink: 'syz.7.1276': attribute type 7 has an invalid length.
[  413.331189][T10648] netlink: 'syz.7.1276': attribute type 8 has an invalid length.
[  413.749868][T10657] netlink: 2036 bytes leftover after parsing attributes in process `syz.7.1278'.
[  413.809394][T10657] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1278'.
[  413.969681][ T5910] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  414.119904][ T5938] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  414.139236][ T5910] usb 9-1: Using ep0 maxpacket: 8
[  414.162871][ T5910] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  414.199216][ T5910] usb 9-1: config 179 has no interface number 0
[  414.229428][ T5910] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  414.276425][ T5910] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  414.324773][ T5910] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  414.345796][ T5938] usb 10-1: Using ep0 maxpacket: 32
[  414.369622][ T5910] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  414.381424][ T5938] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[  414.399005][ T5938] usb 10-1: config 0 has no interface number 0
[  414.418309][ T5938] usb 10-1: config 0 interface 184 has no altsetting 0
[  414.425350][ T5910] usb 9-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  414.453520][ T5938] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  414.469479][ T5910] usb 9-1: config 179 interface 65 has no altsetting 0
[  414.484486][ T5938] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.493333][ T5910] usb 9-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  414.529460][ T5938] usb 10-1: Product: syz
[  414.533908][ T5938] usb 10-1: Manufacturer: syz
[  414.538626][ T5938] usb 10-1: SerialNumber: syz
[  414.549044][ T5910] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.577241][ T5938] usb 10-1: config 0 descriptor??
[  414.589638][T10655] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  414.626541][ T5938] smsc75xx v1.0.0
[  414.715869][ T5910] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:179.65/input/input12
[  414.928641][ T5910] usb 9-1: USB disconnect, device number 3
[  414.934809][    C1] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  415.001329][ T5910] xpad 9-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  415.264316][ T5938] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  415.316983][ T5938] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  416.168399][ T5938] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  416.198403][T10665] loop6: detected capacity change from 0 to 32768
[  416.241199][ T5938] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  416.288075][ T5938] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  416.348889][ T5938] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -71
[  416.382763][T10665] JBD2: Ignoring recovery information on journal
[  416.521067][ T5938] usb 10-1: USB disconnect, device number 2
[  416.670786][T10665] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  416.873136][   T30] audit: type=1800 audit(1749280024.961:84): pid=10665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1283" name="file1" dev="loop6" ino=17058 res=0 errno=0
[  417.419425][ T6682] ocfs2: Unmounting device (7,6) on (node local)
[  418.555712][T10709] futex_wake_op: syz.9.1293 tries to shift op by -1; fix this program
[  419.092688][T10721] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1302'.
[  421.417751][T10724] loop7: detected capacity change from 0 to 32768
[  421.536542][T10724] ocfs2: Mounting device (7,7) on (node local, slot 0) with writeback data mode.
[  421.644765][T10744] process 'syz.6.1312' launched './file1' with NULL argv: empty string added
[  421.850159][T10748] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1313'.
[  422.103197][ T7032] ocfs2: Unmounting device (7,7) on (node local)
[  422.586148][T10752] loop9: detected capacity change from 0 to 65536
[  422.667702][T10752] XFS (loop9): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  422.726368][T10737] loop8: detected capacity change from 0 to 32768
[  422.729809][T10752] XFS (loop9): Ending clean mount
[  422.973028][T10737] JBD2: Ignoring recovery information on journal
[  423.036303][T10077] XFS (loop9): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  423.211140][T10737] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  423.416882][   T30] audit: type=1800 audit(1749280031.511:85): pid=10737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1308" name="file1" dev="loop8" ino=17058 res=0 errno=0
[  423.975979][ T9772] ocfs2: Unmounting device (7,8) on (node local)
[  425.055414][T10788] loop7: detected capacity change from 0 to 1024
[  425.076530][T10788] EXT4-fs: Ignoring removed nobh option
[  425.082431][T10788] EXT4-fs: Ignoring removed bh option
[  425.113489][T10788] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  425.292434][T10788] EXT4-fs (loop7): shut down requested (1)
[  425.461453][ T7032] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.000747][T10801] af_packet: tpacket_rcv: packet too big, clamped from 65512 to 2928. macoff=96
[  427.369116][ T5910] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  427.548402][T10829] loop8: detected capacity change from 0 to 512
[  427.567623][T10829] EXT4-fs: Ignoring removed nobh option
[  427.578151][ T5910] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.596872][T10829] EXT4-fs: Ignoring removed orlov option
[  427.621937][ T5910] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.625292][T10829] EXT4-fs: Invalid want_extra_isize 188
[  427.712226][ T5910] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  427.789131][ T5910] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  427.798252][ T5910] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.887854][ T5910] usb 8-1: config 0 descriptor??
[  427.919215][   T10] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  428.101359][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4
[  428.149824][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023
[  428.194287][   T10] usb 9-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[  428.214042][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.254721][   T10] usb 9-1: Product: syz
[  428.271608][   T10] usb 9-1: Manufacturer: syz
[  428.286535][   T10] usb 9-1: SerialNumber: syz
[  428.311128][   T10] usb 9-1: config 0 descriptor??
[  428.353323][ T5910] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  428.381833][ T5910] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  428.544872][   T10] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input13
[  428.862312][ T5917] usb 9-1: USB disconnect, device number 4
[  429.066285][T10849] loop9: detected capacity change from 0 to 1024
[  429.192863][ T9924] hfsplus: b-tree write err: -5, ino 4
[  429.358166][T10851] netlink: 'syz.9.1348': attribute type 2 has an invalid length.
[  429.376587][T10851] netlink: 199836 bytes leftover after parsing attributes in process `syz.9.1348'.
[  429.388103][T10851] nbd: must specify a device to reconfigure
[  429.664804][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  429.750350][    C0] plantronics 0003:047F:FFFF.0010: usb_submit_urb(ctrl) failed: -1
[  430.300453][T10865] loop6: detected capacity change from 0 to 128
[  431.016203][ T5930] usb 8-1: USB disconnect, device number 13
[  431.308565][ T5910] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  431.857100][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.894726][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.919210][ T5910] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  431.985671][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.027080][ T5910] usb 7-1: config 0 descriptor??
[  432.484909][ T5910] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  432.536388][ T5910] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[  432.683453][ T5910] cp2112 0003:10C4:EA90.0011: Part Number: 0x82 Device Version: 0xFE
[  433.210109][T10904] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1369'.
[  433.308035][T10906] loop9: detected capacity change from 0 to 2048
[  433.308565][T10875] cp2112 0003:10C4:EA90.0011: Error starting transaction: -38
[  433.357829][ T5910] cp2112 0003:10C4:EA90.0011: error reading lock byte: -71
[  433.378883][T10908] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  433.407659][ T5910] usb 7-1: USB disconnect, device number 14
[  433.530017][T10908] NILFS (loop9): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  433.549249][T10908] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=2)
[  433.572048][T10908] Remounting filesystem read-only
[  433.584590][T10906] NILFS (loop9): disposed unprocessed dirty file(s) when stopping log writer
[  434.388784][T10926] netlink: 'syz.6.1375': attribute type 5 has an invalid length.
[  434.390642][T10904] team0 (unregistering): Port device team_slave_0 removed
[  434.602946][T10904] team0 (unregistering): Port device team_slave_1 removed
[  437.164549][T10962] loop8: detected capacity change from 0 to 2048
[  437.265160][T10967] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  437.406761][T10967] NILFS (loop8): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  437.439114][T10967] NILFS error (device loop8): nilfs_bmap_propagate: broken bmap (inode number=2)
[  437.468895][T10967] Remounting filesystem read-only
[  437.483954][T10962] NILFS (loop8): disposed unprocessed dirty file(s) when stopping log writer
[  437.993649][T10981] netlink: 'syz.9.1393': attribute type 4 has an invalid length.
[  438.636559][T10986] loop7: detected capacity change from 0 to 1024
[  438.717187][T10986] EXT4-fs (loop7): Test dummy encryption mode enabled
[  438.785202][T10986] EXT4-fs (loop7): stripe (9) is not aligned with cluster size (16), stripe is disabled
[  438.906657][T10986] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  439.171457][T10996] geneve2: entered promiscuous mode
[  439.177870][T10996] geneve2: entered allmulticast mode
[  441.057638][ T7032] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.470534][T11022] netlink: 2020 bytes leftover after parsing attributes in process `syz.5.1410'.
[  441.545016][T11022] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1410'.
[  441.629111][T11027] netlink: 'syz.6.1411': attribute type 4 has an invalid length.
[  442.137132][T11033] sd 0:0:1:0: PR command failed: 1026
[  442.176068][T11033] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  442.207880][T11033] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  442.567227][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1417'.
[  443.089665][T11046] netlink: 'syz.5.1419': attribute type 13 has an invalid length.
[  443.407383][T11046] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.417184][T11046] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.735594][T11046] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.784651][T11046] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  444.519161][T11046] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  444.558473][T11046] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  444.569456][T11046] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  444.626658][T11046] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  445.039162][T11046] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  445.185341][T11094] netlink: 'syz.6.1432': attribute type 4 has an invalid length.
[  446.130816][T11092] IPVS: starting estimator thread 0...
[  446.138749][T11122] tipc: Started in network mode
[  446.160864][T11122] tipc: Node identity ac1414aa, cluster identity 4711
[  446.166075][T11125] loop7: detected capacity change from 0 to 64
[  446.228543][T11122] tipc: Enabled bearer <udp:s>, priority 10
[  446.259144][T11123] IPVS: using max 23 ests per chain, 55200 per kthread
[  446.929162][T11052] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  447.117253][T11148] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1452'.
[  447.119627][T11052] usb 7-1: Using ep0 maxpacket: 8
[  447.258662][T11052] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  447.268097][T11052] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.334462][T11052] usb 7-1: config 0 descriptor??
[  447.352467][T11092] tipc: Node number set to 2886997162
[  447.368072][   T30] audit: type=1804 audit(1749280055.471:86): pid=11153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.1453" name="file0" dev="tmpfs" ino=239 res=1 errno=0
[  448.031215][T11148] team0 (unregistering): Port device team_slave_0 removed
[  448.046115][T11148] team0 (unregistering): Port device team_slave_1 removed
[  449.062156][T11052] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  449.093008][T11052] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  449.132589][T11052] asix 7-1:0.0: probe with driver asix failed with error -71
[  449.190344][T11052] usb 7-1: USB disconnect, device number 15
[  449.733777][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  449.742070][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  450.007421][T11172] loop6: detected capacity change from 0 to 64
[  450.586180][T11177] netlink: 'syz.3.1464': attribute type 4 has an invalid length.
[  450.776732][   T30] audit: type=1326 audit(1749280058.871:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11178 comm="syz.7.1466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f78e929 code=0x0
[  450.789395][T11181] loop6: detected capacity change from 0 to 128
[  450.928533][T11181] EXT4-fs: Ignoring removed nobh option
[  450.971538][T11181] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  450.985262][T11181] ext4 filesystem being mounted at /207/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  451.308365][ T6682] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  451.639484][T11200] bridge0: port 2(bridge_slave_1) entered disabled state
[  451.658522][T11200] bridge_slave_1: left allmulticast mode
[  451.666835][T11200] bridge_slave_1: left promiscuous mode
[  451.680808][T11200] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.907603][T11233] netdevsim netdevsim8 netdevsim0: entered promiscuous mode
[  453.037050][T11238] veth1_to_bond: entered allmulticast mode
[  453.070101][T11238] veth1_to_bond: entered promiscuous mode
[  453.118262][T11238] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1483'.
[  453.236897][T11240] netlink: 88 bytes leftover after parsing attributes in process `syz.8.1487'.
[  453.280741][T11240] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1487'.
[  453.507618][T11237] veth1_to_bond: left promiscuous mode
[  453.517803][T11237] veth1_to_bond: left allmulticast mode
[  454.424993][T11267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1495'.
[  454.629390][T11271] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1496'.
[  455.349389][   T30] audit: type=1800 audit(1749280063.451:88): pid=11280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1500" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  456.346305][T11292] tipc: Started in network mode
[  456.369530][T11292] tipc: Node identity ac141425, cluster identity 4711
[  456.387764][T11292] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  456.851632][T11306] binder: 11303:11306 ioctl c0306201 2000000000c0 returned -14
[  457.534792][T11322] batman_adv: batadv0: Interface deactivated: dummy0
[  457.544418][T11322] batman_adv: batadv0: Removing interface: dummy0
[  457.591341][T11322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  457.628153][T11322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.660116][T11322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  457.667551][T11322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  458.597553][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1529'.
[  458.623322][ T9361] bridge_slave_1: left allmulticast mode
[  458.639101][ T9361] bridge_slave_1: left promiscuous mode
[  458.664441][ T9361] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.716644][ T9361] bridge_slave_0: left allmulticast mode
[  458.730574][ T9361] bridge_slave_0: left promiscuous mode
[  458.763282][ T9361] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.940601][T11353] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  459.544224][    C0] vkms_vblank_simulate: vblank timer overrun
[  459.734920][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  459.755617][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  459.766294][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  459.783755][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  459.793393][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  459.843103][T11389] netlink: 'syz.3.1536': attribute type 4 has an invalid length.
[  459.901076][T11390] netlink: 'syz.3.1536': attribute type 4 has an invalid length.
[  459.981931][T11392] fuse: Bad value for 'fd'
[  460.477516][    C0] vkms_vblank_simulate: vblank timer overrun
[  460.936142][ T9361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  460.968334][ T9361] bond_slave_0: left promiscuous mode
[  461.000299][ T9361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.030612][ T9361] bond_slave_1: left promiscuous mode
[  461.036770][ T9361] bond0 (unregistering): Released all slaves
[  461.306475][T11414] tipc: Started in network mode
[  461.325156][T11414] tipc: Node identity ac141425, cluster identity 4711
[  461.353962][T11414] tipc: New replicast peer: 0.0.0.0
[  461.373850][T11414] tipc: Enabled bearer <udp:syz2>, priority 10
[  461.523459][T11420] tipc: New replicast peer: 10.1.1.0
[  461.889850][ T5841] Bluetooth: hci1: command tx timeout
[  462.307607][ T9361] hsr_slave_0: left promiscuous mode
[  462.327124][ T9361] hsr_slave_1: left promiscuous mode
[  462.390272][ T9361] batman_adv: batadv0: Removing interface: dummy0
[  462.430538][ T9361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.499249][T11092] tipc: Node number set to 2886997029
[  462.513291][ T9361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  463.467008][T11447] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  463.969326][ T5841] Bluetooth: hci1: command tx timeout
[  464.791663][   T30] audit: type=1326 audit(1749280072.871:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa16b92ab19 code=0x7ffc0000
[  464.869306][   T30] audit: type=1326 audit(1749280072.871:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  465.046013][   T30] audit: type=1326 audit(1749280072.871:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa16b92ab19 code=0x7ffc0000
[  465.179169][   T30] audit: type=1326 audit(1749280072.871:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  465.349169][   T30] audit: type=1326 audit(1749280072.881:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  465.427836][   T30] audit: type=1326 audit(1749280072.881:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  465.516223][   T30] audit: type=1326 audit(1749280072.881:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa16b92ab19 code=0x7ffc0000
[  465.595678][   T30] audit: type=1326 audit(1749280072.881:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  465.715613][   T30] audit: type=1326 audit(1749280072.881:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa16b92ab19 code=0x7ffc0000
[  465.859270][   T30] audit: type=1326 audit(1749280072.881:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16b98e929 code=0x7ffc0000
[  466.050427][ T5841] Bluetooth: hci1: command tx timeout
[  466.165500][T11468] capability: warning: `syz.3.1566' uses 32-bit capabilities (legacy support in use)
[  466.640208][ T9361] team0 (unregistering): Port device team_slave_1 removed
[  467.057491][ T9361] team0 (unregistering): Port device team_slave_0 removed
[  467.259221][T11092] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  467.479415][T11092] usb 8-1: Using ep0 maxpacket: 16
[  467.491415][T11092] usb 8-1: config 0 has an invalid interface number: 243 but max is 0
[  467.511245][T11092] usb 8-1: config 0 has no interface number 0
[  467.590271][T11092] usb 8-1: config 0 interface 243 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  467.648113][T11092] usb 8-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice=d0.ce
[  467.667455][T11092] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.706323][T11092] usb 8-1: Product: syz
[  467.742751][T11092] usb 8-1: Manufacturer: syz
[  467.747443][T11092] usb 8-1: SerialNumber: syz
[  467.794718][T11092] usb 8-1: config 0 descriptor??
[  467.835715][T11496] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  467.864361][T11092] keyspan 8-1:0.243: Keyspan 1 port adapter converter detected
[  467.901864][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 84
[  467.945648][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 82
[  468.016063][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 1
[  468.076814][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 2
[  468.094258][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 83
[  468.112598][T11092] keyspan 8-1:0.243: found no endpoint descriptor for endpoint 3
[  468.129818][ T5841] Bluetooth: hci1: command tx timeout
[  468.149490][T11092] usb 8-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  468.175883][T11092] usb 8-1: USB disconnect, device number 14
[  468.197646][T11092] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  468.210233][T11092] keyspan 8-1:0.243: device disconnected
[  468.368859][T11515] overlayfs: failed to clone upperpath
[  470.554697][T11384] chnl_net:caif_netlink_parms(): no params data found
[  471.265893][T11384] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.299554][T11384] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.306901][T11384] bridge_slave_0: entered allmulticast mode
[  471.344072][T11384] bridge_slave_0: entered promiscuous mode
[  471.392684][T11384] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.428770][T11384] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.466762][T11384] bridge_slave_1: entered allmulticast mode
[  471.501647][T11384] bridge_slave_1: entered promiscuous mode
[  471.516117][T11568] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  471.973837][T11384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  472.003796][T11384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  472.262424][T11384] team0: Port device team_slave_0 added
[  472.537287][T11384] team0: Port device team_slave_1 added
[  472.733029][T11591] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1610'.
[  472.747548][T11590] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1612'.
[  473.020484][T11597] sch_tbf: burst 511 is lower than device veth5 mtu (1514) !
[  473.036074][T11384] batman_adv: batadv0: Adding interface: batadv_slave_0
[  473.064423][T11384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  473.139060][T11384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  473.161530][T11384] batman_adv: batadv0: Adding interface: batadv_slave_1
[  473.168525][T11384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  473.229015][T11384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  473.442324][T11384] hsr_slave_0: entered promiscuous mode
[  473.482950][T11384] hsr_slave_1: entered promiscuous mode
[  474.819161][T11060] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  475.009257][T11060] usb 8-1: Using ep0 maxpacket: 16
[  475.029938][T11060] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  475.070679][T11060] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  475.126212][T11060] usb 8-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00
[  475.220537][T11060] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.287204][T11060] usb 8-1: config 0 descriptor??
[  475.491283][T11384] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  475.600660][T11384] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  475.699562][T11384] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  475.874463][T11060] usbhid 8-1:0.0: can't add hid device: -71
[  475.901621][T11060] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  475.968518][T11060] usb 8-1: USB disconnect, device number 15
[  475.970849][T11384] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  476.435499][T11384] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.488575][T11661] netlink: 1276 bytes leftover after parsing attributes in process `syz.8.1634'.
[  476.616984][T11384] 8021q: adding VLAN 0 to HW filter on device team0
[  476.727102][ T9916] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.734372][ T9916] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.767143][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.774406][ T9916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  476.836222][T11665] loop7: detected capacity change from 0 to 2048
[  476.901660][T11665] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  476.957932][   T30] kauditd_printk_skb: 442 callbacks suppressed
[  476.957959][   T30] audit: type=1800 audit(1749280085.061:541): pid=11665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1636" name="file1" dev="loop7" ino=15 res=0 errno=0
[  477.001879][   T30] audit: type=1800 audit(1749280085.111:542): pid=11665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1636" name="file1" dev="loop7" ino=15 res=0 errno=0
[  477.226845][T11676] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1639'.
[  477.277169][ T7032] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.711208][T11690] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1645'.
[  477.725177][T11686] loop7: detected capacity change from 0 to 2048
[  477.798081][T11686] UDF-fs: error (device loop7): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  477.858116][T11686] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  477.970261][   T30] audit: type=1804 audit(1749280086.061:543): pid=11686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.1642" name="/newroot/220/file1/file0" dev="loop7" ino=1367 res=1 errno=0
[  477.974543][T11384] 8021q: adding VLAN 0 to HW filter on device batadv0
[  478.244001][T11705] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1649'.
[  478.399094][T11710] overlayfs: failed to clone upperpath
[  478.881963][T11724] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1656'.
[  480.244943][T11384] veth0_vlan: entered promiscuous mode
[  480.266498][T11384] veth1_vlan: entered promiscuous mode
[  480.368174][T11384] veth0_macvtap: entered promiscuous mode
[  480.412812][T11384] veth1_macvtap: entered promiscuous mode
[  480.450668][T11744] batadv0: entered promiscuous mode
[  480.460088][T11744] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  480.479329][T11748] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.1665'.
[  480.495083][T11748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1665'.
[  480.539112][T11748] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1665'.
[  480.550522][T11744] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  480.661284][T11384] batman_adv: batadv0: Interface activated: batadv_slave_0
[  480.703133][T11384] batman_adv: batadv0: Interface activated: batadv_slave_1
[  480.741380][T11384] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  480.768846][T11384] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  480.798096][T11384] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  480.817199][T11384] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.039248][T11759] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1671'.
[  481.093378][ T9361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  481.126745][ T9361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  481.269563][ T9361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  481.300430][ T9361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  481.458460][T11770] overlayfs: failed to clone upperpath
[  482.076614][ T9916] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.421669][ T9916] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.535569][ T5841] Bluetooth: hci6: command 0x0406 tx timeout
[  482.801523][ T9916] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.225620][ T9916] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.026618][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  484.040380][T11807] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[  484.051615][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  484.068470][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  484.083833][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  484.092714][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  484.192022][ T9916] bridge_slave_1: left allmulticast mode
[  484.198773][ T9916] bridge_slave_1: left promiscuous mode
[  484.204892][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.271488][ T9916] bridge_slave_0: left allmulticast mode
[  484.277212][ T9916] bridge_slave_0: left promiscuous mode
[  484.283968][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.551259][   T30] audit: type=1326 audit(1749280092.661:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.7.1692" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f78e929 code=0x0
[  484.622161][T11823] overlayfs: failed to clone upperpath
[  486.132015][ T5845] Bluetooth: hci1: command tx timeout
[  486.298319][T11847] overlayfs: failed to clone upperpath
[  486.307521][ T9916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  486.426162][ T9916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  486.451634][ T9916] bond0 (unregistering): Released all slaves
[  486.493862][T11851] syz_tun: entered allmulticast mode
[  486.571032][T11850] dvmrp1: entered allmulticast mode
[  486.810837][T11854] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1703'.
[  487.269174][T11053] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  487.296542][ T9916] hsr_slave_0: left promiscuous mode
[  487.333730][ T9916] hsr_slave_1: left promiscuous mode
[  487.373501][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  487.407501][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  487.438894][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  487.457322][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  487.472810][T11053] usb 8-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  487.486160][T11053] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.495533][T11053] usb 8-1: Product: syz
[  487.544184][T11053] usb 8-1: Manufacturer: syz
[  487.562893][T11053] usb 8-1: SerialNumber: syz
[  487.580048][T11053] usb 8-1: config 0 descriptor??
[  487.642268][T11053] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  487.650188][ T9916] veth1_macvtap: left promiscuous mode
[  487.661773][T11053] usb 8-1: setting power ON
[  487.662797][ T9916] veth0_macvtap: left promiscuous mode
[  487.687129][T11053] dvb-usb: bulk message failed: -22 (2/0)
[  487.717453][ T9916] veth1_vlan: left promiscuous mode
[  487.729935][ T9916] veth0_vlan: left promiscuous mode
[  487.822871][T11053] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  487.947358][T11053] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19)
[  487.990750][T11053] dvb_usb_cxusb 8-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  488.209271][ T5845] Bluetooth: hci1: command tx timeout
[  489.664610][T11887] xt_hashlimit: size too large, truncated to 1048576
[  489.933236][T11888] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1729'.
[  490.293753][ T5845] Bluetooth: hci1: command tx timeout
[  491.365069][ T9916] team0 (unregistering): Port device team_slave_1 removed
[  491.639582][ T9916] team0 (unregistering): Port device team_slave_0 removed
[  491.730248][T11903] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1722'.
[  492.379130][ T5845] Bluetooth: hci1: command tx timeout
[  493.439307][T11903] vcan0: entered promiscuous mode
[  493.444441][T11903] vcan0: entered allmulticast mode
[  493.505558][T11092] usb 8-1: USB disconnect, device number 16
[  493.626436][T11920] loop7: detected capacity change from 0 to 512
[  493.717596][T11920] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  493.793491][T11920] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  493.889529][T11811] chnl_net:caif_netlink_parms(): no params data found
[  493.912422][   T30] audit: type=1800 audit(1749280102.021:545): pid=11920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1730" name="file1" dev="loop7" ino=15 res=0 errno=0
[  494.019336][   T30] audit: type=1800 audit(1749280102.041:546): pid=11920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1730" name="file2" dev="loop7" ino=16 res=0 errno=0
[  494.050073][T11932] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1732'.
[  494.105586][   T30] audit: type=1800 audit(1749280102.151:547): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1730" name="file1" dev="loop7" ino=15 res=0 errno=0
[  494.260705][ T7032] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.606410][T11811] bridge0: port 1(bridge_slave_0) entered blocking state
[  494.629305][T11811] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.642968][T11811] bridge_slave_0: entered allmulticast mode
[  494.661996][T11811] bridge_slave_0: entered promiscuous mode
[  494.700965][T11811] bridge0: port 2(bridge_slave_1) entered blocking state
[  494.708176][T11811] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.736202][T11811] bridge_slave_1: entered allmulticast mode
[  494.758563][T11811] bridge_slave_1: entered promiscuous mode
[  494.809883][T11950] netlink: 'syz.8.1737': attribute type 4 has an invalid length.
[  494.845995][T11952] overlayfs: failed to clone upperpath
[  494.893764][T11949] netlink: 'syz.8.1737': attribute type 4 has an invalid length.
[  494.978904][T11811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  495.047119][T11811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  495.257368][T11811] team0: Port device team_slave_0 added
[  495.341784][T11811] team0: Port device team_slave_1 added
[  495.458133][T11811] batman_adv: batadv0: Adding interface: batadv_slave_0
[  495.465531][T11811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  495.536047][T11811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  495.578169][T11811] batman_adv: batadv0: Adding interface: batadv_slave_1
[  495.610054][T11811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  495.724987][T11811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  496.062483][T11811] hsr_slave_0: entered promiscuous mode
[  496.080936][T11811] hsr_slave_1: entered promiscuous mode
[  497.232966][T11993] overlayfs: failed to clone upperpath
[  498.360678][T12015] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1761'.
[  498.564253][T11811] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  498.611238][T11811] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  498.674568][T11811] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  498.692458][T12022] netlink: 2048 bytes leftover after parsing attributes in process `syz.9.1764'.
[  498.732365][T11811] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  498.785576][T12022] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1764'.
[  499.168082][T11811] 8021q: adding VLAN 0 to HW filter on device bond0
[  499.251586][T11811] 8021q: adding VLAN 0 to HW filter on device team0
[  499.301898][ T9920] bridge0: port 1(bridge_slave_0) entered blocking state
[  499.309183][ T9920] bridge0: port 1(bridge_slave_0) entered forwarding state
[  499.381793][ T9920] bridge0: port 2(bridge_slave_1) entered blocking state
[  499.389186][ T9920] bridge0: port 2(bridge_slave_1) entered forwarding state
[  500.365909][T12064] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1779'.
[  500.625715][T11811] 8021q: adding VLAN 0 to HW filter on device batadv0
[  500.711575][T12078] overlayfs: failed to clone upperpath
[  500.945166][T12085] overlayfs: failed to clone upperpath
[  501.282914][T12096] overlayfs: failed to resolve './file0': -2
[  501.546768][T11811] veth0_vlan: entered promiscuous mode
[  501.577146][T11811] veth1_vlan: entered promiscuous mode
[  501.714149][T11811] veth0_macvtap: entered promiscuous mode
[  501.745853][T11811] veth1_macvtap: entered promiscuous mode
[  501.828366][T11811] batman_adv: batadv0: Interface activated: batadv_slave_0
[  501.882213][T11811] batman_adv: batadv0: Interface activated: batadv_slave_1
[  501.946390][T12110] trusted_key: encrypted_key: master key parameter '' is invalid
[  502.018843][T11811] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  502.080113][T11811] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  502.115832][T11811] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  502.168646][T11811] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.598843][ T9350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  502.624448][ T9350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.756002][ T9383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  502.787124][ T9383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.010550][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  504.274800][ T9916] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.447889][ T9916] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.663771][ T9916] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.683834][T12148] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1808'.
[  505.155283][ T9916] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.547273][ T9916] bridge_slave_1: left allmulticast mode
[  505.559045][ T9916] bridge_slave_1: left promiscuous mode
[  505.564860][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.691585][ T9916] bridge_slave_0: left allmulticast mode
[  505.697469][ T9916] bridge_slave_0: left promiscuous mode
[  505.710153][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  505.724821][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  505.728128][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.742455][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  505.759335][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  505.772898][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  507.149303][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1824'.
[  507.250520][ T9916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  507.274074][ T9916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  507.288527][ T9916] bond0 (unregistering): Released all slaves
[  507.320641][T12162] syz_tun: entered allmulticast mode
[  507.326284][T12162] syz_tun: left allmulticast mode
[  507.401094][T11085] libceph: connect (1)[c::]:6789 error -101
[  507.416319][T12171] dvmrp1: entered allmulticast mode
[  507.437994][T11085] libceph: mon0 (1)[c::]:6789 connect error
[  507.471699][T12197] ceph: No mds server is up or the cluster is laggy
[  507.484682][T11085] libceph: connect (1)[c::]:6789 error -101
[  507.515458][T11085] libceph: mon0 (1)[c::]:6789 connect error
[  507.542087][T12195] vcan0: entered promiscuous mode
[  507.563465][T12195] vcan0: entered allmulticast mode
[  507.897219][ T5845] Bluetooth: hci1: command tx timeout
[  508.343027][T12211] uprobe: syz.8.1832:12211 failed to unregister, leaking uprobe
[  508.585789][ T9916] hsr_slave_0: left promiscuous mode
[  508.595115][ T9916] hsr_slave_1: left promiscuous mode
[  508.608251][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  508.630194][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  508.648473][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  508.667343][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  508.719819][ T9916] veth1_macvtap: left promiscuous mode
[  508.744660][ T9916] veth0_macvtap: left promiscuous mode
[  508.754391][ T9916] veth1_vlan: left promiscuous mode
[  508.761298][ T9916] veth0_vlan: left promiscuous mode
[  509.969450][ T5845] Bluetooth: hci1: command tx timeout
[  511.183834][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  511.190991][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  511.930290][   T30] audit: type=1326 audit(1749280120.031:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.013051][   T30] audit: type=1326 audit(1749280120.071:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.062045][ T5845] Bluetooth: hci1: command tx timeout
[  512.088500][   T30] audit: type=1326 audit(1749280120.071:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.165922][   T30] audit: type=1326 audit(1749280120.071:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.233325][   T30] audit: type=1326 audit(1749280120.071:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.301223][T12280] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  512.305350][   T30] audit: type=1326 audit(1749280120.071:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.420497][   T30] audit: type=1326 audit(1749280120.071:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.507017][   T30] audit: type=1326 audit(1749280120.081:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.587857][   T30] audit: type=1326 audit(1749280120.081:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  512.648181][ T9916] team0 (unregistering): Port device team_slave_1 removed
[  512.693014][   T30] audit: type=1326 audit(1749280120.081:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12273 comm="syz.5.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb29f58e929 code=0x7ffc0000
[  513.056656][T12286] loop7: detected capacity change from 0 to 32768
[  513.064315][T12286] XFS: attr2 mount option is deprecated.
[  513.153950][T12286] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  513.185505][T12286] XFS (loop7): Ending clean mount
[  513.197898][T12286] XFS (loop7): Quotacheck needed: Please wait.
[  513.299822][T12286] XFS (loop7): Quotacheck: Done.
[  513.342337][ T9916] team0 (unregistering): Port device team_slave_0 removed
[  513.386354][T12286] XFS (loop7): Metadata CRC error detected at xfs_refcountbt_read_verify+0x26/0xe0, xfs_refcountbt block 0x28 
[  513.399009][T12286] XFS (loop7): Unmount and run xfs_repair
[  513.404770][T12286] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  513.412652][T12286] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff  R...............
[  513.421604][T12286] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00  .......(........
[  513.431847][T12286] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  513.440827][T12286] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00  .......]........
[  513.449784][T12286] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  513.458778][T12286] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  513.467706][T12286] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  513.476723][T12286] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  513.486120][T12286] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x28 len 8 error 74
[  513.517757][T12286] XFS (loop7): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  513.532724][T12286] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  513.753971][ T7032] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  514.179007][ T5845] Bluetooth: hci1: command tx timeout
[  514.962628][T12321] loop7: detected capacity change from 0 to 128
[  515.070906][T12321] EXT4-fs: Ignoring removed oldalloc option
[  515.168737][T12321] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  515.266313][T12321] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  516.057702][ T7032] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  518.352577][T12167] chnl_net:caif_netlink_parms(): no params data found
[  518.916023][T12376] overlayfs: failed to clone upperpath
[  518.926932][T12378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1889'.
[  519.038892][T12167] bridge0: port 1(bridge_slave_0) entered blocking state
[  519.068906][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  519.086278][   T30] audit: type=1804 audit(1749280127.161:574): pid=12379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1888" name="bus" dev="tmpfs" ino=1989 res=1 errno=0
[  519.108203][T12167] bridge0: port 1(bridge_slave_0) entered disabled state
[  519.156951][T12167] bridge_slave_0: entered allmulticast mode
[  519.191430][T12167] bridge_slave_0: entered promiscuous mode
[  519.289383][T12167] bridge0: port 2(bridge_slave_1) entered blocking state
[  519.303946][T12167] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.328707][T12167] bridge_slave_1: entered allmulticast mode
[  519.354630][T12167] bridge_slave_1: entered promiscuous mode
[  519.663800][T12167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  519.713090][T12167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  520.500300][T12167] team0: Port device team_slave_0 added
[  520.546196][T12167] team0: Port device team_slave_1 added
[  520.844973][T12394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1908'.
[  520.859785][T12167] batman_adv: batadv0: Adding interface: batadv_slave_0
[  520.877090][T12167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  520.924110][T12396] trusted_key: encrypted_key: master key parameter '' is invalid
[  520.946019][T12167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  521.005610][T12167] batman_adv: batadv0: Adding interface: batadv_slave_1
[  521.024093][T12167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  521.149027][T12167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  521.478637][T12167] hsr_slave_0: entered promiscuous mode
[  521.506049][T12167] hsr_slave_1: entered promiscuous mode
[  523.131200][T11060] libceph: connect (1)[c::]:6789 error -101
[  523.137368][T11060] libceph: mon0 (1)[c::]:6789 connect error
[  523.143675][T12422] ceph: No mds server is up or the cluster is laggy
[  523.355548][T12167] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  523.380053][T12167] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  523.455960][T12167] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  523.504937][T12167] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  523.961223][T12167] 8021q: adding VLAN 0 to HW filter on device bond0
[  524.024628][T11052] kernel write not supported for file [eventfd] (pid: 11052 comm: kworker/1:2)
[  524.118063][T12167] 8021q: adding VLAN 0 to HW filter on device team0
[  524.135487][T12445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1913'.
[  524.283014][T12445] batman_adv: batadv0: Removing interface: batadv_slave_1
[  524.580610][ T9914] bridge0: port 1(bridge_slave_0) entered blocking state
[  524.587860][ T9914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  524.675430][ T9914] bridge0: port 2(bridge_slave_1) entered blocking state
[  524.682673][ T9914] bridge0: port 2(bridge_slave_1) entered forwarding state
[  525.179618][T12461] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1918'.
[  526.314607][T12478] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1922'.
[  526.478566][T12167] 8021q: adding VLAN 0 to HW filter on device batadv0
[  526.708838][T12485] overlayfs: failed to clone upperpath
[  528.475750][T12167] veth0_vlan: entered promiscuous mode
[  528.558607][T12167] veth1_vlan: entered promiscuous mode
[  528.958358][T12167] veth0_macvtap: entered promiscuous mode
[  529.004158][T12167] veth1_macvtap: entered promiscuous mode
[  529.162995][T12167] batman_adv: batadv0: Interface activated: batadv_slave_0
[  529.216705][T12167] batman_adv: batadv0: Interface activated: batadv_slave_1
[  529.274618][T12167] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  529.356933][T12167] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  529.359926][T12517] tipc: Failed to remove unknown binding: 66,1,1/2886997029:1223759307/1223759309
[  529.579022][T12167] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  529.629043][T12167] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.190603][ T9386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.198504][ T9386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.638823][T12526] overlayfs: failed to clone upperpath
[  530.751394][ T9383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.767070][ T9383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  531.725976][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1941'.
[  531.777430][T12538] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1941'.
[  532.146587][ T9917] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.237525][T12542] vlan2: entered promiscuous mode
[  532.242868][T12542] bridge2: entered promiscuous mode
[  532.248646][T12542] bridge2: port 1(vlan2) entered blocking state
[  532.255384][T12542] bridge2: port 1(vlan2) entered disabled state
[  532.262108][T12542] vlan2: entered allmulticast mode
[  532.271565][T12542] bridge2: entered allmulticast mode
[  532.297631][T12542] vlan2: left allmulticast mode
[  532.337365][T12542] bridge2: left allmulticast mode
[  532.470243][ T9917] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.604754][ T9917] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.696491][ T9917] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.039941][ T9917] bridge_slave_1: left allmulticast mode
[  533.045679][ T9917] bridge_slave_1: left promiscuous mode
[  533.106405][ T9917] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.157628][T12552] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1944'.
[  533.176845][ T9917] bridge_slave_0: left allmulticast mode
[  533.222423][ T9917] bridge_slave_0: left promiscuous mode
[  533.255207][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.489977][   T30] audit: type=1326 audit(1749280141.591:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12554 comm="syz.9.1947" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f889098e929 code=0x0
[  533.767398][T12386] Set syz1 is full, maxelem 65536 reached
[  534.036866][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  534.056829][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  534.099508][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  534.108665][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  534.117865][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  534.406816][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807c173000: rx timeout, send abort
[  534.417841][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c172800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  534.917084][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807c173000: abort rx timeout. Force session deactivation
[  535.254570][ T9917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  535.274790][ T9917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  535.290567][ T9917] bond0 (unregistering): Released all slaves
[  536.168269][T12576] 
[  536.170659][T12576] ======================================================
[  536.177871][T12576] WARNING: possible circular locking dependency detected
[  536.184912][T12576] 6.15.0-syzkaller-13526-g7a912d04415b #0 Not tainted
[  536.191879][T12576] ------------------------------------------------------
[  536.198894][T12576] syz.9.1954/12576 is trying to acquire lock:
[  536.204961][T12576] ffff888035d60d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: xsk_bind+0x37c/0x1570
[  536.214608][T12576] 
[  536.214608][T12576] but task is already holding lock:
[  536.221972][T12576] ffff88802a25d6b0 (&xs->mutex){+.+.}-{4:4}, at: xsk_bind+0x1f1/0x1570
[  536.230314][T12576] 
[  536.230314][T12576] which lock already depends on the new lock.
[  536.230314][T12576] 
[  536.240730][T12576] 
[  536.240730][T12576] the existing dependency chain (in reverse order) is:
[  536.249749][T12576] 
[  536.249749][T12576] -> #2 (&xs->mutex){+.+.}-{4:4}:
[  536.257002][T12576]        __mutex_lock+0x199/0xb90
[  536.262056][T12576]        xsk_notifier+0x101/0x280
[  536.267115][T12576]        notifier_call_chain+0xbc/0x410
[  536.272700][T12576]        call_netdevice_notifiers_info+0xbe/0x140
[  536.279144][T12576]        unregister_netdevice_many_notify+0xf9d/0x2700
[  536.286031][T12576]        rtnl_dellink+0x3cb/0xa80
[  536.291093][T12576]        rtnetlink_rcv_msg+0x95e/0xe90
[  536.296584][T12576]        netlink_rcv_skb+0x158/0x420
[  536.301889][T12576]        netlink_unicast+0x53d/0x7f0
[  536.307193][T12576]        netlink_sendmsg+0x8d1/0xdd0
[  536.312504][T12576]        ____sys_sendmsg+0xa98/0xc70
[  536.317819][T12576]        ___sys_sendmsg+0x134/0x1d0
[  536.323046][T12576]        __sys_sendmsg+0x16d/0x220
[  536.328191][T12576]        do_syscall_64+0xcd/0x4c0
[  536.333230][T12576]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.339662][T12576] 
[  536.339662][T12576] -> #1 (&net->xdp.lock){+.+.}-{4:4}:
[  536.347257][T12576]        __mutex_lock+0x199/0xb90
[  536.352300][T12576]        xsk_notifier+0xa4/0x280
[  536.357259][T12576]        notifier_call_chain+0xbc/0x410
[  536.362829][T12576]        call_netdevice_notifiers_info+0xbe/0x140
[  536.369360][T12576]        unregister_netdevice_many_notify+0xf9d/0x2700
[  536.376234][T12576]        unregister_netdevice_queue+0x305/0x3f0
[  536.382490][T12576]        register_netdevice+0x18f1/0x2270
[  536.388224][T12576]        lapbeth_device_event+0x5b1/0xbe0
[  536.393958][T12576]        notifier_call_chain+0xbc/0x410
[  536.399530][T12576]        call_netdevice_notifiers_info+0xbe/0x140
[  536.405966][T12576]        __dev_notify_flags+0x12c/0x2e0
[  536.411552][T12576]        netif_change_flags+0x108/0x160
[  536.417148][T12576]        dev_change_flags+0xba/0x250
[  536.422453][T12576]        devinet_ioctl+0x11d5/0x1f50
[  536.427759][T12576]        inet_ioctl+0x3a7/0x3f0
[  536.432639][T12576]        sock_do_ioctl+0x118/0x280
[  536.437767][T12576]        sock_ioctl+0x227/0x6b0
[  536.442646][T12576]        __x64_sys_ioctl+0x18e/0x210
[  536.447951][T12576]        do_syscall_64+0xcd/0x4c0
[  536.453006][T12576]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.459459][T12576] 
[  536.459459][T12576] -> #0 (&dev_instance_lock_key#20){+.+.}-{4:4}:
[  536.468021][T12576]        __lock_acquire+0x126f/0x1c90
[  536.473433][T12576]        lock_acquire+0x179/0x350
[  536.478492][T12576]        __mutex_lock+0x199/0xb90
[  536.483561][T12576]        xsk_bind+0x37c/0x1570
[  536.488354][T12576]        __sys_bind+0x1a7/0x260
[  536.493239][T12576]        __x64_sys_bind+0x72/0xb0
[  536.498295][T12576]        do_syscall_64+0xcd/0x4c0
[  536.503340][T12576]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.509790][T12576] 
[  536.509790][T12576] other info that might help us debug this:
[  536.509790][T12576] 
[  536.520020][T12576] Chain exists of:
[  536.520020][T12576]   &dev_instance_lock_key#20 --> &net->xdp.lock --> &xs->mutex
[  536.520020][T12576] 
[  536.533467][T12576]  Possible unsafe locking scenario:
[  536.533467][T12576] 
[  536.540918][T12576]        CPU0                    CPU1
[  536.546286][T12576]        ----                    ----
[  536.551686][T12576]   lock(&xs->mutex);
[  536.555683][T12576]                                lock(&net->xdp.lock);
[  536.562565][T12576]                                lock(&xs->mutex);
[  536.569081][T12576]   lock(&dev_instance_lock_key#20);
[  536.574394][T12576] 
[  536.574394][T12576]  *** DEADLOCK ***
[  536.574394][T12576] 
[  536.582562][T12576] 2 locks held by syz.9.1954/12576:
[  536.587773][T12576]  #0: ffffffff9034f1a8 (rtnl_mutex){+.+.}-{4:4}, at: xsk_bind+0x1dc/0x1570
[  536.596567][T12576]  #1: ffff88802a25d6b0 (&xs->mutex){+.+.}-{4:4}, at: xsk_bind+0x1f1/0x1570
[  536.605585][T12576] 
[  536.605585][T12576] stack backtrace:
[  536.611483][T12576] CPU: 0 UID: 0 PID: 12576 Comm: syz.9.1954 Not tainted 6.15.0-syzkaller-13526-g7a912d04415b #0 PREEMPT(full) 
[  536.611527][T12576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  536.611548][T12576] Call Trace:
[  536.611558][T12576]  <TASK>
[  536.611570][T12576]  dump_stack_lvl+0x116/0x1f0
[  536.611607][T12576]  print_circular_bug+0x275/0x350
[  536.611660][T12576]  check_noncircular+0x14c/0x170
[  536.611717][T12576]  __lock_acquire+0x126f/0x1c90
[  536.611779][T12576]  lock_acquire+0x179/0x350
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  536.611830][T12576]  ? xsk_bind+0x37c/0x1570
[  536.611874][T12576]  ? __pfx___might_resched+0x10/0x10
[  536.611921][T12576]  __mutex_lock+0x199/0xb90
[  536.611953][T12576]  ? xsk_bind+0x37c/0x1570
[  536.611993][T12576]  ? srso_alias_return_thunk+0x5/0xfbef5
[  536.612033][T12576]  ? ref_tracker_alloc+0x305/0x5b0
[  536.612087][T12576]  ? xsk_bind+0x37c/0x1570
[  536.612129][T12576]  ? __pfx___mutex_lock+0x10/0x10
[  536.612169][T12576]  ? srso_alias_return_thunk+0x5/0xfbef5
[  536.612214][T12576]  ? xsk_bind+0x37c/0x1570
[  536.612254][T12576]  ? srso_alias_return_thunk+0x5/0xfbef5
[  536.612293][T12576]  xsk_bind+0x37c/0x1570
[  536.612337][T12576]  ? __pfx_aa_sk_perm+0x10/0x10
[  536.612376][T12576]  ? __pfx_xsk_bind+0x10/0x10
[  536.612425][T12576]  __sys_bind+0x1a7/0x260
[  536.612472][T12576]  ? __pfx___sys_bind+0x10/0x10
[  536.612524][T12576]  ? srso_alias_return_thunk+0x5/0xfbef5
[  536.612562][T12576]  ? xfd_validate_state+0x61/0x180
[  536.612608][T12576]  ? __sys_setsockopt+0x1c0/0x230
[  536.612663][T12576]  __x64_sys_bind+0x72/0xb0
[  536.612707][T12576]  ? lockdep_hardirqs_on+0x7c/0x110
[  536.612760][T12576]  do_syscall_64+0xcd/0x4c0
[  536.612799][T12576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.612832][T12576] RIP: 0033:0x7f889098e929
[  536.612857][T12576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.612890][T12576] RSP: 002b:00007f88918b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  536.612920][T12576] RAX: ffffffffffffffda RBX: 00007f8890bb5fa0 RCX: 00007f889098e929
[  536.612942][T12576] RDX: 000000000000002a RSI: 00002000000001c0 RDI: 0000000000000004
[  536.612963][T12576] RBP: 00007f8890a10b39 R08: 0000000000000000 R09: 0000000000000000
[  536.612983][T12576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  536.613003][T12576] R13: 0000000000000000 R14: 00007f8890bb5fa0 R15: 00007ffeb1964dd8
[  536.613035][T12576]  </TASK>
[  536.623641][ T5841] Bluetooth: hci1: command tx timeout
[  537.459714][ T9917] hsr_slave_0: left promiscuous mode
[  537.470935][ T9917] hsr_slave_1: left promiscuous mode
[  537.491436][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  537.529034][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_0
[  537.553919][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  537.562137][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_1
[  537.587992][ T9917] veth1_macvtap: left promiscuous mode
[  537.593651][ T9917] veth0_macvtap: left promiscuous mode
[  537.599875][ T9917] veth1_vlan: left promiscuous mode
[  537.605210][ T9917] veth0_vlan: left promiscuous mode
[  537.783769][ T9917] team0 (unregistering): Port device team_slave_1 removed
[  537.809875][ T9917] team0 (unregistering): Port device team_slave_0 removed
[  537.991819][T12572] syz_tun (unregistering): left allmulticast mode
[  538.353714][ T9917] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.405864][ T9917] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.446190][ T9917] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.510533][ T9917] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.595018][ T9917] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.634092][ T9917] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.694008][ T9917] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.743722][ T9917] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.824302][ T9917] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.864018][ T9917] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.914746][ T9917] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.981006][ T9917] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.242493][ T9917] bridge_slave_1: left allmulticast mode
[  539.248174][ T9917] bridge_slave_1: left promiscuous mode
[  539.254007][ T9917] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.264282][ T9917] bridge_slave_0: left allmulticast mode
[  539.270713][ T9917] bridge_slave_0: left promiscuous mode
[  539.276405][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.287204][ T9917] bridge_slave_1: left allmulticast mode
[  539.293271][ T9917] bridge_slave_1: left promiscuous mode
[  539.299001][ T9917] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.307088][ T9917] bridge_slave_0: left allmulticast mode
[  539.312859][ T9917] bridge_slave_0: left promiscuous mode
[  539.318519][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.328001][ T9917] bridge_slave_0: left allmulticast mode
[  539.335758][ T9917] bridge_slave_0: left promiscuous mode
[  539.343424][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.352705][ T9917] bridge_slave_1: left allmulticast mode
[  539.358341][ T9917] bridge_slave_1: left promiscuous mode
[  539.364115][ T9917] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.372658][ T9917] bridge_slave_0: left allmulticast mode
[  539.378296][ T9917] bridge_slave_0: left promiscuous mode
[  539.384461][ T9917] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.644685][ T9917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  539.656464][ T9917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  539.666880][ T9917] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  539.676976][ T9917] batadv0: left promiscuous mode
[  539.684575][ T9917] bond0 (unregistering): Released all slaves
[  539.805155][ T9917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  539.817155][ T9917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  539.827393][ T9917] bond0 (unregistering): Released all slaves
[  539.878572][ T9917] dvmrp1 (unregistering): left allmulticast mode
[  539.924093][ T9917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  539.936035][ T9917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  539.946519][ T9917] bond0 (unregistering): Released all slaves
[  539.993753][ T9917] batman_adv: batadv0: Removing interface: ip6gretap1
[  540.113378][ T9917] dvmrp1 (unregistering): left allmulticast mode
[  540.264919][ T9917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  540.274455][ T9917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  540.284460][ T9917] bond0 (unregistering): Released all slaves
[  540.370663][ T9917] tipc: Disabling bearer <udp:s>
[  540.375944][ T9917] tipc: Left network mode
[  540.381237][ T9917] tipc: Left network mode
[  540.395986][ T9917] tipc: Disabling bearer <udp:syz2>
[  540.401423][ T9917] tipc: Left network mode
[  540.905257][ T9917] hsr_slave_0: left promiscuous mode
[  540.911036][ T9917] hsr_slave_1: left promiscuous mode
[  540.916717][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  540.925643][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_0
[  540.933477][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  540.941054][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_1
[  540.951358][ T9917] hsr_slave_0: left promiscuous mode
[  540.957067][ T9917] hsr_slave_1: left promiscuous mode
[  540.962802][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  540.970255][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_0
[  540.978146][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  540.985587][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_1
[  540.995646][ T9917] hsr_slave_0: left promiscuous mode
[  541.001990][ T9917] hsr_slave_1: left promiscuous mode
[  541.007713][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  541.015276][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_0
[  541.022957][ T9917] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  541.030402][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_1
[  541.041348][ T9917] batman_adv: batadv0: Removing interface: batadv_slave_0
[  541.073534][ T9917] veth1_vlan: left promiscuous mode
[  541.079498][ T9917] veth0_vlan: left promiscuous mode
[  541.085409][ T9917] veth1_macvtap: left promiscuous mode
[  541.091140][ T9917] veth0_macvtap: left promiscuous mode
[  541.096678][ T9917] veth1_vlan: left promiscuous mode
[  541.102073][ T9917] veth0_vlan: left promiscuous mode
[  541.108124][ T9917] veth1_vlan: left promiscuous mode
[  541.113838][ T9917] veth0_vlan: left promiscuous mode
[  541.556325][ T9917] team0 (unregistering): Port device team_slave_1 removed
[  541.573703][ T9917] team0 (unregistering): Port device team_slave_0 removed
[  541.783416][ T9917] team0 (unregistering): Port device team_slave_1 removed
[  541.804545][ T9917] team0 (unregistering): Port device team_slave_0 removed
[  543.329212][ T9917] IPVS: stop unused estimator thread 0...