last executing test programs:

5m52.189130026s ago: executing program 0 (id=555):
r0 = syz_open_dev$loop(&(0x7f0000000200), 0x5, 0x86100)
r1 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000000)={r0, 0x4, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe, 0x14, "fee8a2ab78fc179fd1f809000100aca7ca44c6a4b3e00d9683dda1af01000000c0ff12001000000000000000000300", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e746000010200000000240440000002000000000000000000004008bd0b500", [0xe3]}})

5m52.04328859s ago: executing program 0 (id=556):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700ac14142808000a00", @ANYRES32=r5], 0x44}}, 0x804)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5)
sendto$packet(r6, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x48000, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
close(0x3)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

5m50.469652655s ago: executing program 0 (id=561):
syz_emit_vhci(0x0, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth1_to_bridge\x00'})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r4, 0x4000)
close(r4)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2284, &(0x7f0000000080))
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtaction={0xb4, 0x30, 0x48b, 0x0, 0x0, {}, [{0xa0, 0x1, [@m_ctinfo={0x48, 0x2, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x80, 0x5, 0x5, 0x1, 0x2}}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, @local, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)

5m49.455866741s ago: executing program 0 (id=562):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4804, 0x5}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4000400)
socket$kcm(0x29, 0x5, 0x0)
syz_io_uring_setup(0x38, &(0x7f0000000580)={0x0, 0xbbda, 0x13500}, 0x0, &(0x7f0000000480))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x1e, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)

5m48.848733091s ago: executing program 0 (id=566):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x0, 0x60000, 0x0, 0xfffffffb, 0x6, 0xfffffffc, 0x10000000, 0x0, 0x1})

5m45.110230473s ago: executing program 0 (id=573):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r3 = gettid()
r4 = syz_open_procfs(r3, &(0x7f0000000280)='timerslack_ns\x00')
write$binfmt_format(r4, &(0x7f0000000180)='1\x00', 0x2)

5m29.946146755s ago: executing program 32 (id=573):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r3 = gettid()
r4 = syz_open_procfs(r3, &(0x7f0000000280)='timerslack_ns\x00')
write$binfmt_format(r4, &(0x7f0000000180)='1\x00', 0x2)

22.546576765s ago: executing program 4 (id=1424):
r0 = gettid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(r0, &(0x7f0000000140)='net/mcfilter6\x00')
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000580)=""/118, 0x76}, {0x0}], 0x2, 0x9, 0x100)

15.774035838s ago: executing program 4 (id=1440):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1, 0x5}}}, 0x90)

11.789348136s ago: executing program 3 (id=1448):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, 0x0, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700ac14142808000a00", @ANYRES32=r5], 0x44}}, 0x804)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5)
sendto$packet(r6, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x48000, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
close(0x3)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

11.47993691s ago: executing program 3 (id=1450):
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2, 0x0, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0xc, 0xfc, 0x0, 0x1, [@typed={0x8, 0x5, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)

9.688849656s ago: executing program 5 (id=1453):
bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32=r0], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb3, 0x0, 0x0, 0x0}, 0x90)

9.499095321s ago: executing program 1 (id=1454):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000200)={0x0, 0xffffffffffffff0f, r3})
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3020, 0x1000004, 0x13, r4, 0x100000000)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)

9.427815958s ago: executing program 3 (id=1456):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3d03)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x801)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]})
kexec_load(0x0, 0x0, 0x0, 0xa0000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x7, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "41328ac33100", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xe)
r5 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00')
write$tcp_mem(r5, &(0x7f0000000180)={0x6, 0x20, 0x0, 0x20, 0x1}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, 0x0, 0x35)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3800000010000108fdffffff000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000010001a800c002d80080001"], 0x38}}, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x6, 0x20000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a300000000009"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000d97f7549acbd8989001800", [0x0, 0x2000000000001]}})

9.418958387s ago: executing program 5 (id=1457):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x2f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000000040))

8.383017359s ago: executing program 5 (id=1459):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240480d4}, 0x4040)
mount$9p_rdma(0x0, 0x0, &(0x7f0000000340), 0x10400, &(0x7f00000003c0)=ANY=[@ANYBLOB])
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80800, 0x10a)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = msgget(0x1, 0x244)
msgctl$MSG_STAT(r5, 0xb, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000280), 0x7fffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000000)={0x980914, 0x8})
connect$can_bcm(r4, &(0x7f00000005c0), 0x10)
sendmsg$can_raw(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x2}, 0x24000895)

8.382283199s ago: executing program 1 (id=1460):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700ac14142808000a00", @ANYRES32=r5], 0x44}}, 0x804)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5)
sendto$packet(r6, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x48000, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
close(0x3)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

7.958194152s ago: executing program 4 (id=1461):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(r0, 0x80045010, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$rtc(0x0, 0x80000001, 0x408000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000a00300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e27680000000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r4 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r5 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000040)={r4, r3})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000800, 0x0, 0x0)
syz_extract_tcp_res(0x0, 0x9801, 0x4e8dc768)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000000100))
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x1}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)

7.94547247s ago: executing program 1 (id=1462):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x0, 0x60000, 0x0, 0xfffffffb, 0x6, 0xfffffffc, 0x10000000, 0x0, 0x1})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000bc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x380, 0x0, 0x4c, 0x1a, 0x160, 0x73, 0x2b0, 0x258, 0x258, 0x2b0, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'dvmrp1\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x7}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@uncond, 0x0, 0x120, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@multiport={{0x50}, {0x1, 0x4, [0x4e22, 0x4e20, 0x4e24, 0x8, 0x4e21, 0x4e22, 0x4e23, 0x4e21, 0x4e21, 0x4e23, 0x4e22, 0x4e20, 0x4e23, 0x4e21, 0x4e24], [0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1], 0x1}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x5400}}, {0x28}}}}, 0x3e0)
r5 = dup(0xffffffffffffffff)
r6 = inotify_init()
fcntl$setstatus(r6, 0x4, 0x42800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000e40), 0x0, &(0x7f0000000e80)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x3)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000180)=@mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1}, @broadcast, @broadcast, @from_mac, {0x1, 0x9}, @value=@ver_80211n={0x0, 0x3, 0x1, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x1, @random=0x7, 0x1444, @val={0x0, 0x1a, @random="7a1ab81c3d562291c9020b7d2cd94797aaa0dcc1efd6421c0035"}, @val={0x1, 0x0, [{0xc, 0x1}, {0x1, 0x1}, {0x6c, 0x1}, {0x60, 0x1}, {0x30}, {0x3, 0x1}]}, @val={0x3, 0x0, 0xb8}, @void, @void, @void, @val={0x72, 0x6}, @void, [{0xdd, 0xc, "c3aa49838bf8de3789290622"}]}, 0x5a)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[], 0x1e)
nanosleep(0x0, &(0x7f0000000480))

7.304848554s ago: executing program 5 (id=1464):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[], 0x14}}, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000080, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20)

7.122322751s ago: executing program 4 (id=1465):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4804, 0x5}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4000400)
syz_io_uring_setup(0x38, &(0x7f0000000580)={0x0, 0xbbda, 0x13500}, 0x0, &(0x7f0000000480))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x1e, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)

6.342078159s ago: executing program 5 (id=1466):
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2, 0x0, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0xc, 0xfc, 0x0, 0x1, [@typed={0x8, 0x5, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)

5.914228922s ago: executing program 1 (id=1468):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setresuid(0xffffffffffffffff, 0x0, 0x0)
setgid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000080)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0x465d, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x6000, @fd=r2, 0x0, 0x0, 0x0, 0x0, 0x1})
r6 = syz_io_uring_setup(0x7dc9, 0x0, &(0x7f0000000140), &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = signalfd(0xffffffffffffffff, &(0x7f0000000040)={[0x7fffffff]}, 0x8)
r8 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r8}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
poll(&(0x7f00000000c0)=[{r7, 0x400}], 0x1, 0xfffffffa)
io_uring_enter(r6, 0x184c, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r3, 0x39fd, 0x2cf1, 0xa5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0xbf}]}}}]}, 0x40}}, 0x0)

4.588970782s ago: executing program 2 (id=1470):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000200)={0x0, 0xffffffffffffff0f, r3})
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3020, 0x1000004, 0x13, r4, 0x100000000)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)

4.558951336s ago: executing program 5 (id=1471):
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={[{@redirect_dir_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
socket$can_j1939(0x1d, 0x2, 0x7)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x5}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x32}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x21, 0x0)

4.232783347s ago: executing program 3 (id=1472):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700ac14142808000a00", @ANYRES32=r5], 0x44}}, 0x804)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5)
sendto$packet(r6, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x48000, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
close(0x3)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

4.231901007s ago: executing program 2 (id=1473):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r0, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x4, 0xffff, 0xc, 0x0, <r1=>0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4088}, 0x4000000)
sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x13a}, 0x1, 0x0, 0x0, 0x2000c880}, 0x48084)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000100)={r1})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, &(0x7f0000001440)=""/40, 0x0)
io_uring_setup(0x6f6, &(0x7f0000005100)={0x0, 0x9dcc, 0x802})
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x8b}, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000001880)={'pcm3724\x00', [0x24, 0x3, 0x4000000, 0x1, 0x3, 0x7, 0x100000c9, 0x5c952399, 0x0, 0x3ff, 0x802, 0xbc20, 0x1, 0x6, 0x100f069, 0x0, 0x1, 0x200004, 0xfffffff4, 0x10000, 0x0, 0xfffffffa, 0xfffffffd, 0xfffffff5, 0xffffead3, 0x3, 0x7ff, 0x7, 0x80002, 0x8000000, 0x4]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [], [0x4]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)

3.502224335s ago: executing program 1 (id=1474):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240480d4}, 0x4040)
mount$9p_rdma(0x0, 0x0, &(0x7f0000000340), 0x10400, &(0x7f00000003c0)=ANY=[@ANYBLOB])
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80800, 0x10a)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = msgget(0x1, 0x244)
msgctl$MSG_STAT(r5, 0xb, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000280), 0x7fffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000000)={0x980914, 0x8})
connect$can_bcm(r4, &(0x7f00000005c0), 0x10)
sendmsg$can_raw(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x2}, 0x24000895)

3.486383842s ago: executing program 2 (id=1475):
syz_emit_vhci(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth1_to_bridge\x00', <r0=>0x0})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
r1 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r5, 0x4000)
close(r5)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2284, &(0x7f0000000080))
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtaction={0xb4, 0x30, 0x48b, 0x0, 0x0, {}, [{0xa0, 0x1, [@m_ctinfo={0x48, 0x2, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x80, 0x5, 0x5, 0x1, 0x2}}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, @local, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, &(0x7f0000019580)=ANY=[@ANYBLOB="1000000000000000040000000000000010000000000000001401000003"], 0x20}, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYRESHEX=r4], 0x10)

3.423961771s ago: executing program 3 (id=1476):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r1, 0xd)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x36, 0x36}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
fsopen(0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, 0x0, 0x0)
listen(r5, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

2.20556353s ago: executing program 2 (id=1477):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x14}}, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000080, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20)

2.125205475s ago: executing program 1 (id=1478):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000380)})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xf7fffe0000000001, 0xfa11, 0xffffffff}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000200)="9c30fb", 0x3}], 0x1)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0xffffff7f, 0x80000000, 0x33565348, 0x4, 0xc, [{0x9, 0x48256d1d}, {0x3, 0xb}, {0x400, 0x1}, {0x4, 0x9}, {0x8, 0x6}, {0x2, 0x1}, {0x9, 0x9}, {0x3ff, 0x5}], 0xa, 0x3, 0x4, 0x2, 0x6}})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0))
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3, 0x80000})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='net/ip_tables_matches\x00')
preadv(r6, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000bc0)={{0xfd, 0x1}, {0xe}, 0x2005, 0xbfbf})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001240)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x804c}, 0xc080)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="28000000020183e7de22cd4285ba1741da9a0e040400028004000180"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4040)
r9 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r9, 0xc02c564a, &(0x7f0000000000)={0x0, 0x31384142, 0x0, @discrete={0x1, 0x3}})
r10 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r10, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x20041800}, 0x40004)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000005c0)={{0x7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xfffffffffffffff3, 0x0, 0x6, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x8001]})

2.117846384s ago: executing program 4 (id=1479):
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

1.927570389s ago: executing program 2 (id=1480):
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000040), 0x0, 0xfffffffffffffffe)
r0 = add_key(&(0x7f0000000300)='id_legacy\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40044}}], 0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x40)
ftruncate(r3, 0x2007ffd)
sendfile(0xffffffffffffffff, r2, 0x0, 0x1000a3)

936.87101ms ago: executing program 4 (id=1481):
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2, 0x0, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0xc, 0xfc, 0x0, 0x1, [@typed={0x8, 0x5, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)

636.896156ms ago: executing program 2 (id=1482):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3d03)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x801)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]})
kexec_load(0x0, 0x0, 0x0, 0xa0000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x7, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "41328ac33100", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xe)
r5 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00')
write$tcp_mem(r5, &(0x7f0000000180)={0x6, 0x20, 0x0, 0x20, 0x1}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, 0x0, 0x35)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3800000010000108fdffffff000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000010001a800c002d80080001"], 0x38}}, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x6, 0x20000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a300000000009"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000d97f7549acbd8989001800", [0x0, 0x2000000000001]}})

0s ago: executing program 3 (id=1483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getpid()
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r3, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  127.829258][ T4864] loop6: detected capacity change from 0 to 7
[  127.866087][ T4755] Dev loop6: unable to read RDB block 7
[  127.875208][ T4755]  loop6: AHDI p2 p3
[  127.879787][ T4755] loop6: partition table partially beyond EOD, truncated
[  127.888314][ T4755] loop6: p2 size 157513074 extends beyond EOD, truncated
[  127.905859][   T26] audit: type=1326 audit(1773177219.931:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  127.928738][    C1] vkms_vblank_simulate: vblank timer overrun
[  127.940201][   T26] audit: type=1326 audit(1773177219.931:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  127.963455][    C1] vkms_vblank_simulate: vblank timer overrun
[  128.115667][ T4864] Dev loop6: unable to read RDB block 7
[  129.242684][   T26] audit: type=1326 audit(1773177219.931:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.265339][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.713407][ T4864]  loop6: AHDI p2 p3
[  129.718378][ T4864] loop6: partition table partially beyond EOD, truncated
[  129.738164][   T26] audit: type=1326 audit(1773177219.931:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.788223][ T4864] loop6: p2 size 157513074 extends beyond EOD, truncated
[  129.798315][ T4873] netlink: 'syz.1.178': attribute type 1 has an invalid length.
[  129.806972][   T26] audit: type=1326 audit(1773177219.931:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.862560][   T26] audit: type=1326 audit(1773177219.931:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.886876][ T4873] 8021q: adding VLAN 0 to HW filter on device bond1
[  129.895007][   T26] audit: type=1326 audit(1773177219.931:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.914477][ T4877] bond1: (slave gretap1): making interface the new active one
[  129.933899][   T26] audit: type=1326 audit(1773177219.931:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  129.972278][   T26] audit: type=1326 audit(1773177219.931:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4857 comm="syz.2.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  130.008446][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  130.024117][ T4877] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  130.054687][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  130.092956][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  130.116124][ T4880] device syzkaller0 entered promiscuous mode
[  131.691916][ T4910] device syzkaller0 entered promiscuous mode
[  133.047491][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  133.053910][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  133.076349][ T4912] netlink: set zone limit has 8 unknown bytes
[  133.109662][ T4912] netlink: 104 bytes leftover after parsing attributes in process `syz.1.188'.
[  133.213694][ T4920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'.
[  133.358530][ T4920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'.
[  133.468296][ T4922] netlink: 'syz.1.192': attribute type 1 has an invalid length.
[  134.231563][ T4922] 8021q: adding VLAN 0 to HW filter on device bond2
[  134.269050][ T4929] device syzkaller0 entered promiscuous mode
[  137.100206][ T4964] ptrace attach of "./syz-executor exec"[4965] was attempted by "./syz-executor exec"[4964]
[  138.060880][ T4971] device syzkaller0 entered promiscuous mode
[  138.345032][ T4979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.207'.
[  138.537116][ T4981] netlink: 4 bytes leftover after parsing attributes in process `syz.4.207'.
[  138.979399][ T4985] device syzkaller0 entered promiscuous mode
[  139.142780][ T4987] bridge0: port 3(bond0) entered blocking state
[  139.168275][ T4987] bridge0: port 3(bond0) entered disabled state
[  139.186757][ T4987] device bond0 entered promiscuous mode
[  139.225182][ T4987] device bond_slave_0 entered promiscuous mode
[  139.273034][ T4987] device bond_slave_1 entered promiscuous mode
[  139.298609][ T4989] netlink: 32 bytes leftover after parsing attributes in process `syz.3.203'.
[  139.309195][ T4987] bridge0: port 3(bond0) entered blocking state
[  139.316022][ T4987] bridge0: port 3(bond0) entered forwarding state
[  139.328488][ T4989] netlink: 32 bytes leftover after parsing attributes in process `syz.3.203'.
[  141.850180][ T5005] netlink: 'syz.2.214': attribute type 1 has an invalid length.
[  142.030545][ T5005] 8021q: adding VLAN 0 to HW filter on device bond2
[  142.357637][ T5009] bond2: (slave vlan3): making interface the new active one
[  142.368344][ T5009] bond2: (slave vlan3): Enslaving as an active interface with an up link
[  142.383862][ T1239] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  142.503340][ T5024] netlink: 4 bytes leftover after parsing attributes in process `syz.3.220'.
[  142.706148][ T5028] device syzkaller0 entered promiscuous mode
[  142.836749][ T5030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.223'.
[  145.101711][   T26] kauditd_printk_skb: 24 callbacks suppressed
[  145.101735][   T26] audit: type=1326 audit(1773177237.191:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  145.321841][ T5051] loop6: detected capacity change from 0 to 7
[  145.334842][ T4755] Dev loop6: unable to read RDB block 7
[  145.345975][ T4755]  loop6: AHDI p2 p3
[  145.368056][ T4755] loop6: partition table partially beyond EOD, truncated
[  145.385704][ T5056] overlayfs: failed to resolve './file0': -2
[  145.423152][ T4755] loop6: p2 size 157513074 extends beyond EOD, truncated
[  145.555385][ T5051] Dev loop6: unable to read RDB block 7
[  145.564371][ T5051]  loop6: AHDI p2 p3
[  145.569615][ T5051] loop6: partition table partially beyond EOD, truncated
[  145.584069][ T5051] loop6: p2 size 157513074 extends beyond EOD, truncated
[  145.608890][   T26] audit: type=1326 audit(1773177237.271:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  145.631739][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.725620][   T26] audit: type=1326 audit(1773177237.271:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  145.749160][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.767984][ T5060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.233'.
[  145.835994][   T26] audit: type=1326 audit(1773177237.291:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  145.931217][   T26] audit: type=1326 audit(1773177237.291:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.052240][ T5061] netlink: 'syz.1.232': attribute type 1 has an invalid length.
[  146.116346][   T26] audit: type=1326 audit(1773177237.301:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.170558][ T5061] 8021q: adding VLAN 0 to HW filter on device bond3
[  146.175741][   T26] audit: type=1326 audit(1773177237.301:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.218099][   T26] audit: type=1326 audit(1773177237.301:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.223018][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  146.240651][   T26] audit: type=1326 audit(1773177237.311:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.240691][   T26] audit: type=1326 audit(1773177237.321:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.3.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  146.295730][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.312802][ T5062] bond3: (slave vlan2): making interface the new active one
[  146.386102][ T5062] bond3: (slave vlan2): Enslaving as an active interface with an up link
[  146.461260][ T5073] netlink: 32 bytes leftover after parsing attributes in process `syz.4.236'.
[  146.576766][ T4551] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  146.714164][ T5070] device syzkaller0 entered promiscuous mode
[  146.731781][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  149.051343][ T5102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.245'.
[  149.314087][ T5108] netlink: 'syz.1.247': attribute type 1 has an invalid length.
[  149.379593][ T5110] netlink: 32 bytes leftover after parsing attributes in process `syz.3.248'.
[  149.420843][ T5110] netlink: 32 bytes leftover after parsing attributes in process `syz.3.248'.
[  149.468027][ T5108] 8021q: adding VLAN 0 to HW filter on device bond4
[  149.494240][ T5113] device syzkaller0 entered promiscuous mode
[  152.694826][ T5138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.257'.
[  152.830702][   T26] kauditd_printk_skb: 24 callbacks suppressed
[  152.830719][   T26] audit: type=1326 audit(1773177244.941:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5139 comm="syz.4.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  153.371131][ T5145] ptrace attach of "./syz-executor exec"[5146] was attempted by "./syz-executor exec"[5145]
[  154.411977][   T26] audit: type=1326 audit(1773177246.391:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5139 comm="syz.4.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  154.518873][   T26] audit: type=1326 audit(1773177246.391:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5139 comm="syz.4.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  154.679993][   T26] audit: type=1326 audit(1773177246.391:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5139 comm="syz.4.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  155.296642][ T5158] binder: 5157:5158 ioctl c0306201 0 returned -14
[  155.422881][ T5161] (syz.3.262,5161,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  155.433016][ T5161] (syz.3.262,5161,0):ocfs2_fill_super:1177 ERROR: status = -22
[  155.796402][ T5164] netlink: 'syz.2.266': attribute type 1 has an invalid length.
[  155.914069][ T5164] 8021q: adding VLAN 0 to HW filter on device bond3
[  155.947733][ T5168] netlink: 'syz.3.267': attribute type 1 has an invalid length.
[  155.994572][ T5168] 8021q: adding VLAN 0 to HW filter on device bond1
[  156.071645][ T5169] bond1: (slave vlan3): making interface the new active one
[  156.147193][ T5173] netlink: 32 bytes leftover after parsing attributes in process `syz.1.261'.
[  156.200630][ T5169] bond1: (slave vlan3): Enslaving as an active interface with an up link
[  156.223374][ T1239] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  157.830073][ T5192] ptrace attach of "./syz-executor exec"[5193] was attempted by "./syz-executor exec"[5192]
[  159.366433][ T5210] binder: 5209:5210 ioctl c0306201 0 returned -14
[  161.616089][   T26] audit: type=1326 audit(1773177253.731:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5222 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  161.639197][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.695371][   T26] audit: type=1326 audit(1773177253.781:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5222 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  161.719046][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.728360][ T5225] loop6: detected capacity change from 0 to 7
[  161.772473][ T4755] Dev loop6: unable to read RDB block 7
[  161.779809][ T4755]  loop6: AHDI p2 p3
[  161.794360][ T4755] loop6: partition table partially beyond EOD, truncated
[  161.815036][ T4755] loop6: p2 size 157513074 extends beyond EOD, truncated
[  161.854850][ T5225] Dev loop6: unable to read RDB block 7
[  161.862611][ T5225]  loop6: AHDI p2 p3
[  161.869478][ T5225] loop6: partition table partially beyond EOD, truncated
[  161.880580][ T5225] loop6: p2 size 157513074 extends beyond EOD, truncated
[  162.028612][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  162.138186][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  162.720273][ T5254] binder: 5253:5254 ioctl c0306201 0 returned -14
[  163.172234][ T5262] device syzkaller1 entered promiscuous mode
[  163.481335][ T5232] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.745379][   T13] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  164.035214][   T13] usb 3-1: Using ep0 maxpacket: 8
[  164.245460][   T13] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.266927][   T13] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  164.285935][   T13] usb 3-1: config 0 interface 0 has no altsetting 0
[  164.310939][   T13] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  164.336713][   T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.375011][   T13] usb 3-1: config 0 descriptor??
[  164.420106][   T26] audit: type=1326 audit(1773177256.521:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.479079][   T26] audit: type=1326 audit(1773177256.561:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.543964][   T26] audit: type=1326 audit(1773177256.561:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.567147][   T26] audit: type=1326 audit(1773177256.561:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.668444][   T26] audit: type=1326 audit(1773177256.651:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.711978][   T26] audit: type=1326 audit(1773177256.651:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.744001][   T26] audit: type=1326 audit(1773177256.651:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5275 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  164.883170][   T13] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  165.169853][   T13] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  165.240605][   T13] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  165.532610][   T13] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  165.540209][   T13] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  165.649361][   T13] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  165.836845][   T13] usb 3-1: USB disconnect, device number 5
[  166.520296][ T5317] binder: BINDER_SET_CONTEXT_MGR already set
[  166.542323][ T5317] binder: 5316:5317 ioctl 4018620d 200000004a80 returned -16
[  167.078428][ T5322] netlink: 'syz.1.301': attribute type 1 has an invalid length.
[  167.125153][ T4287] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  167.198555][ T5322] 8021q: adding VLAN 0 to HW filter on device bond5
[  167.385348][ T4287] usb 4-1: Using ep0 maxpacket: 32
[  167.505391][ T4287] usb 4-1: config 1 has an invalid interface number: 108 but max is 0
[  167.529792][ T4287] usb 4-1: config 1 has no interface number 0
[  167.745569][ T4287] usb 4-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  167.810226][ T4287] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.887038][ T4287] usb 4-1: Product: syz
[  167.891945][ T4287] usb 4-1: Manufacturer: syz
[  167.925314][ T4287] usb 4-1: SerialNumber: syz
[  168.026133][ T4287] hub 4-1:1.108: bad descriptor, ignoring hub
[  168.040841][ T4287] hub: probe of 4-1:1.108 failed with error -5
[  168.182960][ T5351] device syzkaller0 entered promiscuous mode
[  168.235246][ T4287] usb 4-1: palm_os_4_probe - error -71 getting connection info
[  168.256849][ T4287] visor 4-1:1.108: Handspring Visor / Palm OS converter detected
[  168.294768][ T4287] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  168.305242][   T13] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  168.334258][ T4287] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  168.397357][ T4287] usb 4-1: USB disconnect, device number 3
[  168.458247][ T4287] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  168.506868][ T4287] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  168.528235][ T4287] visor 4-1:1.108: device disconnected
[  168.575294][   T13] usb 2-1: Using ep0 maxpacket: 8
[  168.705414][   T13] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.735329][   T13] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.765195][   T13] usb 2-1: config 0 interface 0 has no altsetting 0
[  168.775462][   T13] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  168.796134][   T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.868478][   T13] usb 2-1: config 0 descriptor??
[  169.021684][    T7] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  169.056053][ T5374] netlink: 32 bytes leftover after parsing attributes in process `syz.2.313'.
[  169.350893][   T13] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  169.359558][   T13] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  169.367988][   T13] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  169.376793][   T13] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  169.384819][   T13] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  169.394525][   T13] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  169.447619][    T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.530308][    T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.579635][    T7] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  169.630044][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.681881][   T13] usb 2-1: USB disconnect, device number 7
[  169.706373][    T7] usb 1-1: config 0 descriptor??
[  170.229684][ T5390] device syzkaller0 entered promiscuous mode
[  170.249937][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.284959][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.332070][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.375588][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.422398][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.450871][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.470997][ T5394] device syzkaller0 entered promiscuous mode
[  170.503297][    T7] logitech-djreceiver 0003:046D:C71F.0009: unknown main item tag 0x0
[  170.555616][    T7] usb 1-1: USB disconnect, device number 3
[  171.986660][ T5419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.326'.
[  174.588626][ T5450] 9pnet: Insufficient options for proto=fd
[  174.606945][ T5450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  174.633207][ T5450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.862194][ T5464] netlink: 'syz.0.340': attribute type 1 has an invalid length.
[  175.973253][ T5464] 8021q: adding VLAN 0 to HW filter on device bond1
[  176.060921][ T5469] bond1: (slave vlan2): making interface the new active one
[  176.097612][ T5476] netlink: 12 bytes leftover after parsing attributes in process `syz.4.341'.
[  176.125556][ T5469] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  176.165913][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  176.840649][ T5484] ptrace attach of "./syz-executor exec"[5485] was attempted by "./syz-executor exec"[5484]
[  177.900438][ T5490] kAFS: unable to lookup cell 'Þ({^ú@'
[  180.344667][ T5507] 9pnet: Insufficient options for proto=fd
[  180.365727][ T5507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.385849][ T5507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.055517][ T1347] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  182.080749][ T5525] netlink: 12 bytes leftover after parsing attributes in process `syz.3.355'.
[  182.338626][ T1347] usb 2-1: Using ep0 maxpacket: 8
[  182.840153][ T5536] ptrace attach of "./syz-executor exec"[5537] was attempted by "./syz-executor exec"[5536]
[  183.755661][ T1347] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.786973][ T1347] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.815157][ T1347] usb 2-1: config 0 interface 0 has no altsetting 0
[  183.825517][ T1347] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  183.847221][ T1347] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.888845][ T1347] usb 2-1: config 0 descriptor??
[  183.951186][ T5541] device syzkaller0 entered promiscuous mode
[  184.059623][   T26] audit: type=1326 audit(1773177276.171:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5542 comm="syz.0.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  184.108687][   T26] audit: type=1326 audit(1773177276.171:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5542 comm="syz.0.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  184.370341][ T1347] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  184.479476][ T1347] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  184.496795][ T1347] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  184.517699][ T1347] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  184.525713][ T1347] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  184.545910][ T1347] mcp2221 0003:04D8:00DD.000A: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  184.715361][ T1347] usb 2-1: USB disconnect, device number 8
[  186.386269][ T5574] device syzkaller0 entered promiscuous mode
[  186.396598][ T5574] Zero length message leads to an empty skb
[  186.447770][ T5575] 9pnet: Insufficient options for proto=fd
[  186.457056][ T5575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.469367][ T5575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.556681][ T1108] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  186.819522][ T1108] usb 5-1: Using ep0 maxpacket: 32
[  187.348759][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.371945][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.412452][ T1108] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  187.442901][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.970463][ T5581] ptrace attach of "./syz-executor exec"[5582] was attempted by "./syz-executor exec"[5581]
[  188.873943][ T5583] netlink: 12 bytes leftover after parsing attributes in process `syz.0.370'.
[  188.887945][ T1108] usb 5-1: config 0 descriptor??
[  189.276880][ T5595] binder: 5594:5595 ioctl c0306201 0 returned -14
[  189.386696][ T1108] savu 0003:1E7D:2D5A.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  189.408325][ T5599] binder: 5598:5599 ioctl c00c620f 200000000140 returned -22
[  189.445909][ T5597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.376'.
[  189.690593][ T1108] usb 5-1: USB disconnect, device number 4
[  190.392985][   T26] audit: type=1326 audit(1773177282.501:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5620 comm="syz.0.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  190.695460][   T26] audit: type=1326 audit(1773177282.551:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5620 comm="syz.0.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  191.109182][   T26] audit: type=1326 audit(1773177283.221:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5620 comm="syz.0.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  191.133555][   T26] audit: type=1326 audit(1773177283.251:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5620 comm="syz.0.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  191.296115][ T5635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.383'.
[  191.307612][   T26] audit: type=1326 audit(1773177283.251:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5620 comm="syz.0.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  191.330855][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.719610][ T1108] Bluetooth: hci1: command 0x0406 tx timeout
[  191.741351][ T1108] Bluetooth: hci2: command 0x0406 tx timeout
[  191.748052][ T1108] Bluetooth: hci0: command 0x0406 tx timeout
[  191.763413][ T1108] Bluetooth: hci3: command 0x0406 tx timeout
[  191.834425][ T5645] binder: 5644:5645 ioctl c0306201 0 returned -14
[  192.056115][ T5653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.389'.
[  193.751705][ T5665] device syzkaller0 entered promiscuous mode
[  194.579897][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  194.586905][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  196.076022][ T5675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  196.088385][ T5675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  197.214606][ T5684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.397'.
[  197.241610][ T5683] binder: 5682:5683 ioctl c0306201 0 returned -14
[  197.448364][ T5692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.401'.
[  198.991543][ T5705] fuse: Bad value for 'fd'
[  199.034673][ T5695] device syzkaller0 entered promiscuous mode
[  200.994433][   T26] audit: type=1326 audit(1773177293.101:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  201.071404][   T26] audit: type=1326 audit(1773177293.141:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  201.646686][ T4225] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  201.790664][ T5741] device syzkaller0 entered promiscuous mode
[  201.888407][ T5744] netlink: 12 bytes leftover after parsing attributes in process `syz.1.416'.
[  202.235522][ T4225] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  202.254354][ T4225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.283971][ T4225] usb 3-1: Product: syz
[  202.304845][ T4225] usb 3-1: Manufacturer: syz
[  202.324634][ T4225] usb 3-1: SerialNumber: syz
[  202.356240][ T4225] usb 3-1: config 0 descriptor??
[  202.605004][ T5754] device syzkaller0 entered promiscuous mode
[  202.886848][ T4225] usb 3-1: atusb_control_msg: req 0x21 val 0x0 idx 0x1e, error -32
[  202.898963][ T4225] usb 3-1: Firmware version (0.0) predates our first public release.
[  202.917977][ T4225] usb 3-1: Please update to version 0.2 or newer
[  202.990690][ T5775] (syz.0.421,5775,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  202.999961][ T5775] (syz.0.421,5775,1):ocfs2_fill_super:1177 ERROR: status = -22
[  203.029789][ T4225] usb 3-1: Firmware: build ¶
[  203.063068][ T4225] usb 3-1: atusb_probe: initialization failed, error = -32
[  203.076749][ T4225] atusb: probe of 3-1:0.0 failed with error -32
[  203.305625][ T4225] usb 3-1: USB disconnect, device number 6
[  204.693159][ T5789] device syzkaller0 entered promiscuous mode
[  204.699945][ T1347] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  205.003755][ T5794] device syzkaller0 entered promiscuous mode
[  205.055780][   T26] audit: type=1326 audit(1773177297.161:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5797 comm="syz.3.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  205.085529][ T1347] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.105858][ T1347] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  205.135149][ T1347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.168916][ T1347] usb 5-1: config 0 descriptor??
[  205.207727][ T1347] pwc: Askey VC010 type 2 USB webcam detected.
[  205.217378][ T5806] binder: BINDER_SET_CONTEXT_MGR already set
[  205.224179][ T5806] binder: 5805:5806 ioctl 4018620d 200000004a80 returned -16
[  205.281979][   T26] audit: type=1326 audit(1773177297.381:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5797 comm="syz.3.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  205.403702][   T26] audit: type=1326 audit(1773177297.441:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5797 comm="syz.3.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  205.486103][   T26] audit: type=1326 audit(1773177297.441:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5797 comm="syz.3.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bddea8799 code=0x7ffc0000
[  205.655373][ T1347] pwc: recv_control_msg error -32 req 02 val 2b00
[  205.705216][ T1347] pwc: recv_control_msg error -32 req 02 val 2700
[  205.755390][ T1347] pwc: recv_control_msg error -32 req 02 val 2c00
[  206.025255][ T1347] pwc: recv_control_msg error -71 req 04 val 1300
[  206.075530][ T1347] pwc: recv_control_msg error -71 req 04 val 1400
[  206.117155][ T1347] pwc: recv_control_msg error -71 req 02 val 2000
[  206.145348][ T1347] pwc: recv_control_msg error -71 req 02 val 2100
[  206.158953][ T5823] device syzkaller0 entered promiscuous mode
[  206.170831][ T1347] pwc: recv_control_msg error -71 req 04 val 1500
[  206.205335][ T1347] pwc: recv_control_msg error -71 req 02 val 2500
[  206.255553][ T1347] pwc: recv_control_msg error -71 req 02 val 2400
[  206.275930][ T1347] pwc: recv_control_msg error -71 req 02 val 2600
[  206.305924][ T1347] pwc: recv_control_msg error -71 req 02 val 2900
[  206.345269][ T1347] pwc: recv_control_msg error -71 req 02 val 2800
[  206.375262][ T1347] pwc: recv_control_msg error -71 req 04 val 1100
[  206.402133][ T1347] pwc: recv_control_msg error -71 req 04 val 1200
[  206.425173][ T4230] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  206.443590][ T1347] pwc: Registered as video103.
[  206.458289][ T1347] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6
[  206.693438][ T1347] usb 5-1: USB disconnect, device number 5
[  206.700827][ T4230] usb 3-1: Using ep0 maxpacket: 16
[  206.819559][ T4227] Bluetooth: hci4: command 0x0406 tx timeout
[  206.889550][ T4230] usb 3-1: unable to get BOS descriptor or descriptor too short
[  206.990411][ T4230] usb 3-1: config 9 has an invalid interface number: 57 but max is 0
[  207.037999][ T4230] usb 3-1: config 9 has no interface number 0
[  207.044520][ T4230] usb 3-1: config 9 interface 57 has no altsetting 0
[  207.267848][ T4230] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=61.f7
[  207.351585][ T4230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.535500][ T1347] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  207.554500][ T4230] usb 3-1: Product: syz
[  207.644377][ T4230] usb 3-1: Manufacturer: syz
[  207.713758][ T4230] usb 3-1: SerialNumber: syz
[  207.722462][ T5842] binder: BINDER_SET_CONTEXT_MGR already set
[  207.752959][ T5842] binder: 5841:5842 ioctl 4018620d 200000004a80 returned -16
[  207.875255][ T1347] usb 5-1: Using ep0 maxpacket: 8
[  207.924490][ T5845] netlink: 8 bytes leftover after parsing attributes in process `syz.3.442'.
[  208.025490][ T1347] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.051873][ T1347] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.076250][ T1347] usb 5-1: config 0 interface 0 has no altsetting 0
[  208.084629][ T1347] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  208.105483][ T1347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.164133][ T4230] usbhid 3-1:9.57: couldn't find an input interrupt endpoint
[  208.178755][ T1347] usb 5-1: config 0 descriptor??
[  208.179113][ T5849] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  208.207442][ T4230] usb 3-1: USB disconnect, device number 7
[  208.441163][ T5849] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  208.451361][ T5849] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  209.018783][ T1347] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0
[  209.044734][ T1347] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0
[  209.104010][ T1347] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0
[  209.152288][ T5860] binder: BINDER_SET_CONTEXT_MGR already set
[  209.165369][ T1347] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0
[  209.185247][ T5860] binder: 5859:5860 ioctl 4018620d 200000004a80 returned -16
[  209.205356][ T1347] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0
[  209.252040][ T1347] mcp2221 0003:04D8:00DD.000C: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  209.324999][ T5867] device syzkaller0 entered promiscuous mode
[  209.392920][ T1347] usb 5-1: USB disconnect, device number 6
[  210.843205][ T5878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.452'.
[  210.891418][ T5878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.452'.
[  211.047552][   T26] audit: type=1326 audit(1773177303.161:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5872 comm="syz.0.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  212.439874][   T26] audit: type=1326 audit(1773177304.551:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5872 comm="syz.0.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf7a62c799 code=0x7ffc0000
[  212.815334][ T4287] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  213.110287][ T5894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  213.129604][ T5894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  213.502299][ T4287] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  213.525266][ T4287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.570735][ T4287] usb 4-1: config 0 descriptor??
[  214.719598][ T5901] sp0: Synchronizing with TNC
[  215.417555][ T5901] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  215.465672][ T5901] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  215.474039][ T5901] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  216.130323][ T4287] usb 4-1: USB disconnect, device number 4
[  218.962265][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'.
[  219.008025][ T5927] device syzkaller0 entered promiscuous mode
[  219.080490][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'.
[  219.189939][ T4287] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  219.545341][ T4287] usb 4-1: Using ep0 maxpacket: 8
[  219.964134][ T4241] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  220.215351][ T4287] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.524131][ T5952] device syzkaller0 entered promiscuous mode
[  220.766728][ T4287] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.777982][ T4287] usb 4-1: config 0 interface 0 has no altsetting 0
[  220.785101][ T4287] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  220.794778][ T4287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.828989][ T5950] lo speed is unknown, defaulting to 1000
[  220.835955][ T5950] lo speed is unknown, defaulting to 1000
[  220.855103][ T5950] lo speed is unknown, defaulting to 1000
[  220.882334][ T5950] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  220.920762][ T5950] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  221.118193][ T5950] lo speed is unknown, defaulting to 1000
[  221.126827][ T5950] lo speed is unknown, defaulting to 1000
[  221.134296][ T5950] lo speed is unknown, defaulting to 1000
[  221.141306][ T5950] lo speed is unknown, defaulting to 1000
[  221.150201][ T5950] lo speed is unknown, defaulting to 1000
[  221.186203][ T4287] usb 4-1: config 0 descriptor??
[  221.195320][ T4241] usb 2-1: Using ep0 maxpacket: 32
[  221.315441][ T4241] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  221.330792][ T4241] usb 2-1: config 0 has no interface number 0
[  222.145929][ T4241] usb 2-1: config 0 interface 184 has no altsetting 0
[  222.251881][ T4287] usbhid 4-1:0.0: can't add hid device: -71
[  222.279015][ T4287] usbhid: probe of 4-1:0.0 failed with error -71
[  222.384042][   T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  222.421065][ T4287] usb 4-1: USB disconnect, device number 5
[  222.475455][ T4241] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  222.519578][ T4241] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.543052][ T4241] usb 2-1: Product: syz
[  222.553247][ T4241] usb 2-1: Manufacturer: syz
[  222.561891][ T4241] usb 2-1: config 0 descriptor??
[  222.671439][ T4241] usb 2-1: can't set config #0, error -71
[  222.683601][ T4241] usb 2-1: USB disconnect, device number 9
[  223.536409][   T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.713059][   T23] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  223.746897][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.176474][   T23] usb 3-1: config 0 descriptor??
[  224.305435][   T23] usb 3-1: can't set config #0, error -71
[  224.312744][ T5985] device syzkaller0 entered promiscuous mode
[  224.344492][   T23] usb 3-1: USB disconnect, device number 8
[  226.645199][ T4186] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  226.895168][ T4186] usb 2-1: Using ep0 maxpacket: 8
[  227.026279][ T4186] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.063798][ T4186] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.075369][ T4186] usb 2-1: config 0 interface 0 has no altsetting 0
[  227.095166][ T4186] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  227.123682][ T4186] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.184807][ T4186] usb 2-1: config 0 descriptor??
[  227.204352][ T6003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.362416][ T6029] netlink: 32 bytes leftover after parsing attributes in process `syz.2.492'.
[  227.728154][ T4186] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  227.788226][ T4186] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  227.891120][ T4186] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  227.899022][ T4186] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  227.907569][ T4186] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  227.934132][ T4186] mcp2221 0003:04D8:00DD.000D: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  228.156158][ T4186] usb 2-1: USB disconnect, device number 10
[  228.856923][ T6047] 9pnet: Insufficient options for proto=fd
[  228.874612][ T6047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  228.895296][ T6047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  229.783974][ T6058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.497'.
[  229.823958][ T6058] bridge0: port 3(bond0) entered disabled state
[  229.831002][ T6058] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.840146][ T6058] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.974240][   T26] audit: type=1326 audit(1773177323.081:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  231.114057][   T26] audit: type=1326 audit(1773177323.101:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  231.186213][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.503'.
[  231.318435][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.503'.
[  232.498869][ T6097] autofs4:pid:6097:autofs_fill_super: called with bogus options
[  232.608441][ T6102] netlink: 32 bytes leftover after parsing attributes in process `syz.1.508'.
[  233.443924][ T6107] device syzkaller0 entered promiscuous mode
[  233.988127][ T6127] netlink: 12 bytes leftover after parsing attributes in process `syz.2.514'.
[  234.786737][ T6135] netlink: 'syz.4.517': attribute type 1 has an invalid length.
[  234.965349][ T6135] 8021q: adding VLAN 0 to HW filter on device bond1
[  237.715379][   T26] audit: type=1326 audit(1773177329.831:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  237.764495][ T6166] device syzkaller0 entered promiscuous mode
[  237.922842][   T26] audit: type=1326 audit(1773177329.861:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  237.967405][ T6164] loop6: detected capacity change from 0 to 7
[  237.999462][ T4755] Dev loop6: unable to read RDB block 7
[  238.015421][   T26] audit: type=1326 audit(1773177329.861:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.038758][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.082266][   T26] audit: type=1326 audit(1773177329.861:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.106651][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.123293][ T4755]  loop6: AHDI p2 p3
[  238.128835][ T4755] loop6: partition table partially beyond EOD, truncated
[  238.150936][ T4755] loop6: p2 size 157513074 extends beyond EOD, truncated
[  238.301781][ T6164] Dev loop6: unable to read RDB block 7
[  238.310207][ T6164]  loop6: AHDI p2 p3
[  238.314860][ T6164] loop6: partition table partially beyond EOD, truncated
[  238.338594][   T26] audit: type=1326 audit(1773177329.861:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.371603][ T6164] loop6: p2 size 157513074 extends beyond EOD, truncated
[  238.440683][   T26] audit: type=1326 audit(1773177329.861:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.522800][   T26] audit: type=1326 audit(1773177329.861:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.603703][   T26] audit: type=1326 audit(1773177329.901:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.684470][   T26] audit: type=1326 audit(1773177329.901:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  238.777777][   T26] audit: type=1326 audit(1773177329.911:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.2.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  239.389481][ T6176] device syzkaller0 entered promiscuous mode
[  239.501649][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  239.588454][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  239.744080][ T6179] netlink: 'syz.1.531': attribute type 1 has an invalid length.
[  239.834412][ T6179] 8021q: adding VLAN 0 to HW filter on device bond6
[  242.411686][ T6200] netlink: 12 bytes leftover after parsing attributes in process `syz.4.537'.
[  244.146870][ T6218] netlink: 'syz.4.542': attribute type 1 has an invalid length.
[  244.190639][ T6218] 8021q: adding VLAN 0 to HW filter on device bond2
[  244.294937][ T6221] bond2: (slave gretap1): making interface the new active one
[  244.385156][ T6221] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  244.406434][ T6224] device syzkaller0 entered promiscuous mode
[  244.469965][  T615] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  245.724977][   T23] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  246.135488][   T23] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  246.242055][ T6243] device geneve2 entered promiscuous mode
[  246.375332][   T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  246.435720][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  246.523563][   T23] usb 1-1: Product: syz
[  246.549859][   T23] usb 1-1: Manufacturer: syz
[  246.588884][   T23] usb 1-1: SerialNumber: syz
[  247.014780][   T23] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  247.233707][ T6253] netlink: 12 bytes leftover after parsing attributes in process `syz.1.552'.
[  247.844867][ T6260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  247.865360][ T6260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  248.669995][ T5442] usb 1-1: USB disconnect, device number 4
[  248.706703][ T5442] usblp0: removed
[  249.147211][ T6266] netlink: 'syz.0.556': attribute type 1 has an invalid length.
[  249.194633][ T6266] 8021q: adding VLAN 0 to HW filter on device bond2
[  249.242868][ T6266] bond2: (slave gretap1): making interface the new active one
[  249.295384][ T6266] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  249.314706][ T5637] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  250.560519][ T6277] device syzkaller0 entered promiscuous mode
[  251.765350][ T6285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.563'.
[  252.415315][ T1347] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  252.561921][ T6295] tipc: Started in network mode
[  252.595881][ T6295] tipc: Node identity ae158af6774f, cluster identity 4711
[  252.603455][ T6295] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  252.662360][ T6296] device syzkaller0 entered promiscuous mode
[  252.711689][ T6295] tipc: Resetting bearer <eth:syzkaller0>
[  252.715143][ T1347] usb 2-1: Using ep0 maxpacket: 16
[  252.739070][ T6294] tipc: Resetting bearer <eth:syzkaller0>
[  252.783687][ T6294] tipc: Disabling bearer <eth:syzkaller0>
[  252.865440][ T1347] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.899530][ T1347] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.938494][ T1347] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  252.991578][ T1347] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  252.991936][ T6304] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  253.026505][ T1347] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.067900][ T1347] usb 2-1: config 0 descriptor??
[  253.154795][ T6304] device syzkaller0 entered promiscuous mode
[  253.200233][ T6302] tipc: Resetting bearer <eth:syzkaller0>
[  253.329085][ T6302] tipc: Disabling bearer <eth:syzkaller0>
[  253.598698][ T1347] HID 045e:07da: Invalid code 65791 type 1
[  253.636495][ T1347] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000E/input/input7
[  253.698168][ T1347] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  253.934988][ T1347] usb 2-1: USB disconnect, device number 11
[  254.029561][ T6311] fido_id[6311]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  255.937024][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  255.944183][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  257.556942][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'.
[  257.605168][ T6333] netlink: 'syz.2.571': attribute type 1 has an invalid length.
[  257.649956][ T6333] 8021q: adding VLAN 0 to HW filter on device bond4
[  257.899766][ T6338] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  257.979836][ T6338] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  259.442580][ T6371] kAFS: unable to lookup cell 'Þ({^ú@'
[  260.541214][ T6377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'.
[  260.607488][ T6380] tipc: Started in network mode
[  260.612592][ T6380] tipc: Node identity 1e30b5d08574, cluster identity 4711
[  260.646315][ T6380] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  260.663333][ T6380] device syzkaller0 entered promiscuous mode
[  260.695944][ T6383] netlink: 'syz.3.589': attribute type 1 has an invalid length.
[  260.765527][ T6383] 8021q: adding VLAN 0 to HW filter on device bond2
[  260.791791][ T6380] tipc: Resetting bearer <eth:syzkaller0>
[  260.844356][ T6385] bond2: (slave gretap1): making interface the new active one
[  260.856759][ T6385] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  260.867140][ T4626] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  260.882719][ T6379] tipc: Resetting bearer <eth:syzkaller0>
[  260.912399][ T6379] tipc: Disabling bearer <eth:syzkaller0>
[  261.954209][ T6394] kAFS: unable to lookup cell 'Þ({^ú@'
[  265.650485][ T6430] 9pnet: Insufficient options for proto=fd
[  265.660376][ T6430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  265.673165][ T6430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.816412][ T6441] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  269.697167][ T4260] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  269.995251][   T21] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  269.995337][ T4260] usb 4-1: Using ep0 maxpacket: 16
[  270.170326][ T6470] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  270.195549][ T4260] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  270.246424][ T6470] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  270.267930][ T4260] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.345720][ T4260] usb 4-1: config 0 descriptor??
[  270.385285][   T21] usb 3-1: config 0 interface 0 has no altsetting 0
[  270.393623][   T21] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  270.407692][ T4260] gspca_main: sonixj-2.14.0 probing 0471:0327
[  270.448791][   T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.529376][   T21] usb 3-1: config 0 descriptor??
[  271.145456][ T6475] IPVS: ip_vs_add_dest(): server weight less than zero
[  271.290604][ T6477] kAFS: unable to lookup cell 'Þ({^ú@'
[  271.455314][   T21] video4linux radio48: keene_cmd_main failed (-71)
[  271.462737][   T21] radio-keene 3-1:0.0: V4L2 device registered as radio48
[  271.693422][   T21] usb 3-1: USB disconnect, device number 9
[  272.450679][ T6484] lo speed is unknown, defaulting to 1000
[  272.576908][ T4260] gspca_sonixj: i2c_w8 err -71
[  272.615276][ T4260] sonixj: probe of 4-1:0.0 failed with error -71
[  272.620459][ T6492] tipc: Started in network mode
[  272.646151][ T6492] tipc: Node identity 7ea7ee025bcd, cluster identity 4711
[  272.646478][ T4260] usb 4-1: USB disconnect, device number 6
[  272.653700][ T6492] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  272.756421][ T6493] device syzkaller0 entered promiscuous mode
[  274.650112][ T4232] Bluetooth: hci5: command 0x0409 tx timeout
[  275.463862][ T6322] bond1: (slave vlan2): Releasing active interface
[  275.496721][   T23] tipc: Node number set to 627764738
[  275.540649][ T6493] tipc: Resetting bearer <eth:syzkaller0>
[  275.602645][ T6493] tipc: Disabling bearer <eth:syzkaller0>
[  275.796678][ T6520] kAFS: unable to lookup cell 'Þ({^ú@'
[  276.834398][ T4230] Bluetooth: hci5: command 0x041b tx timeout
[  276.852140][ T6484] chnl_net:caif_netlink_parms(): no params data found
[  277.481754][ T4423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

syzkaller
syzkaller login: [  277.816789][ T4423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.895676][ T6484] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.915553][ T6484] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.954039][ T6484] device bridge_slave_0 entered promiscuous mode
[  277.982087][ T6484] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.027266][ T6484] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.052965][ T6484] device bridge_slave_1 entered promiscuous mode
[  278.163870][ T6484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  278.233142][ T4423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.158512][ T1347] Bluetooth: hci5: command 0x040f tx timeout
[  279.260230][ T6484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.391255][ T4423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.118170][ T6484] team0: Port device team_slave_0 added
[  280.146114][ T6484] team0: Port device team_slave_1 added
[  280.251515][ T6484] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.285120][ T6484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.389037][ T6484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.415384][ T6571] netlink: 52 bytes leftover after parsing attributes in process `syz.4.633'.
[  280.735281][ T6484] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.744809][ T6484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  281.184925][ T6484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  281.205438][ T4260] Bluetooth: hci5: command 0x0419 tx timeout
[  281.346841][ T6583] netlink: 'syz.4.636': attribute type 1 has an invalid length.
[  281.403190][ T6583] 8021q: adding VLAN 0 to HW filter on device bond3
[  281.767042][ T6593] 9pnet: Insufficient options for proto=fd
[  281.790623][ T6593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  281.815415][ T6593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  282.664013][ T6484] device hsr_slave_0 entered promiscuous mode
[  282.773208][ T6484] device hsr_slave_1 entered promiscuous mode
[  283.202094][ T6484] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  283.225223][ T6484] Cannot create hsr debugfs directory
[  283.615293][ T6629] netlink: 52 bytes leftover after parsing attributes in process `syz.3.646'.
[  284.010377][ T4423] bond2: (slave gretap1): Releasing active interface
[  284.042309][ T6484] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  284.177476][ T6484] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  284.379684][ T6484] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  284.416998][ T6484] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  285.984106][ T6650] netlink: 'syz.4.650': attribute type 1 has an invalid length.
[  286.122648][ T6650] 8021q: adding VLAN 0 to HW filter on device bond4
[  287.664108][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.655'.
[  288.819854][ T6484] 8021q: adding VLAN 0 to HW filter on device bond0
[  288.840043][ T6484] 8021q: adding VLAN 0 to HW filter on device team0
[  288.877154][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  288.893516][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  288.907393][ T6682] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input8
[  288.992577][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  289.059174][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  289.143702][ T6361] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.151892][ T6361] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.172895][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  289.195805][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  289.257834][ T6361] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.265157][ T6361] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.389662][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  289.421341][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  289.511694][ T6697] netlink: 'syz.1.658': attribute type 6 has an invalid length.
[  289.554161][ T4423] device hsr_slave_0 left promiscuous mode
[  289.581732][ T4423] device hsr_slave_1 left promiscuous mode
[  289.612678][ T4423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  289.622452][ T4423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  289.630423][ T4230] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  289.638692][ T1347] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  289.676576][ T4423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  289.688352][ T4423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  289.703840][ T4423] device bridge_slave_1 left promiscuous mode
[  289.722626][ T4423] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.760435][ T4423] device bridge_slave_0 left promiscuous mode
[  289.774907][ T4423] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.849375][ T4423] device veth1_macvtap left promiscuous mode
[  289.883068][ T4423] device veth0_macvtap left promiscuous mode
[  289.893207][ T4423] device veth1_vlan left promiscuous mode
[  289.901061][ T4423] device veth0_vlan left promiscuous mode
[  290.059204][ T1347] usb 4-1: unable to get BOS descriptor or descriptor too short
[  290.067891][ T4230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.119854][ T4230] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  290.165227][ T1347] usb 4-1: unable to read config index 0 descriptor/start: -71
[  290.177347][ T1347] usb 4-1: can't read configurations, error -71
[  290.427073][ T4230] usb 2-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[  290.461715][ T4230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.484709][ T4423] bond2 (unregistering): Released all slaves
[  290.534468][ T4230] usb 2-1: Product: syz
[  290.557212][ T4230] usb 2-1: Manufacturer: syz
[  290.570721][ T4423] bond1 (unregistering): Released all slaves
[  290.580715][ T4230] usb 2-1: SerialNumber: syz
[  290.676767][ T4230] usb 2-1: config 0 descriptor??
[  291.251874][ T4423] team0 (unregistering): Port device team_slave_1 removed
[  291.284081][ T4423] team0 (unregistering): Port device team_slave_0 removed
[  291.307086][ T4423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  291.337271][ T4423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  291.473519][ T4423] bond0 (unregistering): Released all slaves
[  291.569353][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  291.592927][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  291.644502][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  291.662604][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  291.674046][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  291.703046][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  291.721606][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  291.732641][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  291.768293][ T6713] netlink: 'syz.3.662': attribute type 1 has an invalid length.
[  291.768433][   T13] lo speed is unknown, defaulting to 1000
[  291.867420][ T6713] 8021q: adding VLAN 0 to HW filter on device bond3
[  291.919920][ T6484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  291.952056][ T6484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  291.974227][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  291.985684][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  295.165846][   T23] usb 2-1: USB disconnect, device number 12
[  295.397762][ T6742] syz.3.669 uses obsolete (PF_INET,SOCK_PACKET)
[  295.455933][ T6745] kAFS: unable to lookup cell 'Þ({^ú@'
[  296.069536][ T6749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.671'.
[  296.429495][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  296.442181][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  296.456036][ T6484] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.538242][ T6769] binder: BINDER_SET_CONTEXT_MGR already set
[  296.621786][ T6769] binder: 6767:6769 ioctl 4018620d 200000004a80 returned -16
[  296.722978][ T6777] netlink: 'syz.4.676': attribute type 1 has an invalid length.
[  296.784353][ T6777] 8021q: adding VLAN 0 to HW filter on device bond5
[  297.128358][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  297.149570][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  297.214150][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  297.242452][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  297.278834][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  297.295278][   T23] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  297.297075][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  297.362387][ T6484] device veth0_vlan entered promiscuous mode
[  297.447505][ T6484] device veth1_vlan entered promiscuous mode
[  297.555877][   T23] usb 5-1: Using ep0 maxpacket: 32
[  297.629441][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  297.654115][ T6361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  297.675260][   T23] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  297.722169][ T6803] (syz.1.679,6803,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  297.731750][ T6803] (syz.1.679,6803,1):ocfs2_fill_super:1177 ERROR: status = -22
[  297.744070][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.828698][   T23] usb 5-1: config 0 descriptor??
[  298.115865][ T6484] device veth0_macvtap entered promiscuous mode
[  298.161046][   T23] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  298.170802][ T6484] device veth1_macvtap entered promiscuous mode
[  298.352160][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  298.387406][   T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  298.557179][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  299.052893][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.078381][   T23] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  299.087855][   T23] usb 5-1: media controller created
[  299.118220][   T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  299.147479][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.159601][   T23] az6027: usb out operation failed. (-71)
[  299.169573][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.185163][   T23] az6027: usb out operation failed. (-71)
[  299.205338][   T23] stb0899_attach: Driver disabled by Kconfig
[  299.211704][   T23] az6027: no front-end attached
[  299.211704][   T23] 
[  299.221759][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.275271][   T23] az6027: usb out operation failed. (-71)
[  299.289428][   T23] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  299.308627][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.332606][   T23] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11
[  299.378068][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.411995][   T23] dvb-usb: schedule remote query interval to 400 msecs.
[  299.431900][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.453116][   T23] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  299.478575][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.537037][   T23] usb 5-1: USB disconnect, device number 7
[  299.816174][ T6484] batman_adv: batadv0: Interface activated: batadv_slave_0
[  299.848959][   T23] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  300.385814][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  300.422367][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  300.536553][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.675196][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.695188][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.707570][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.801207][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.859044][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.922011][ T6484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.942895][ T6484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.981552][ T6484] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.009470][ T6845] netlink: 'syz.2.687': attribute type 1 has an invalid length.
[  301.087786][ T6845] 8021q: adding VLAN 0 to HW filter on device bond5
[  301.152839][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  301.229260][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  301.382210][ T6484] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  301.417477][ T6484] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  301.477867][ T6484] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.513974][ T6484] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  301.620239][ T6836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.894357][ T1239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.936490][ T1239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.989187][ T4551] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  304.907902][ T6885] netlink: 'syz.2.698': attribute type 1 has an invalid length.
[  304.978634][ T6885] 8021q: adding VLAN 0 to HW filter on device bond6
[  305.051794][ T1239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.063927][ T1239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  305.261986][ T6408] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  306.357783][   T21] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  306.552369][ T6923] tmpfs: Bad value for 'mpol'
[  307.221315][ T6931] netlink: 'syz.4.710': attribute type 1 has an invalid length.
[  308.445945][   T21] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  308.455796][   T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.464058][   T21] usb 3-1: Product: syz
[  308.468760][   T21] usb 3-1: Manufacturer: syz
[  308.474308][   T21] usb 3-1: SerialNumber: syz
[  308.780448][ T6931] 8021q: adding VLAN 0 to HW filter on device bond6
[  309.234569][ T6953] netlink: 12 bytes leftover after parsing attributes in process `syz.3.712'.
[  309.895748][   T21] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  309.903731][   T21] cdc_ncm 3-1:1.0: setting tx_max = 184
[  310.441767][   T21] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  310.580352][   T21] usb 3-1: USB disconnect, device number 10
[  310.626675][   T21] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  311.886696][ T6988] netlink: 32 bytes leftover after parsing attributes in process `syz.2.722'.
[  311.992286][ T6990] netlink: 'syz.5.723': attribute type 1 has an invalid length.
[  312.071731][ T6990] batman_adv: batadv0: Adding interface: gretap1
[  312.138800][ T6990] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  312.338216][ T7001] netlink: 32 bytes leftover after parsing attributes in process `syz.2.725'.
[  312.368809][ T7001] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  312.378755][ T7001] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  312.387666][ T7001] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  312.397616][ T7001] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  312.422317][ T7001] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.431850][ T7001] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.441563][ T7001] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.450812][ T7001] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.782958][ T7002] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  312.792594][ T7002] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  312.802712][ T7002] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  312.813444][ T7002] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  312.860580][ T7002] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.870487][ T7002] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.880087][ T7002] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.889695][ T7002] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  313.429040][ T7011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  315.830810][ T7036] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.843532][ T7036] F2FS-fs (loop5): Unable to read 1th superblock
[  315.852327][ T7036] blk_update_request: I/O error, dev loop5, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.864535][ T7036] F2FS-fs (loop5): Unable to read 2th superblock
[  316.624412][ T7045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.736'.
[  317.022885][ T7053] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  317.112387][ T7053] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  317.134774][ T7053] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  317.373965][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  317.382251][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  319.333641][ T7081] ODEBUG: Out of memory. ODEBUG disabled
[  319.433550][ T7082] netlink: 32 bytes leftover after parsing attributes in process `syz.4.742'.
[  319.496619][ T7057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  320.554273][ T7096] netlink: 'syz.5.746': attribute type 3 has an invalid length.
[  323.788485][ T7125] =======================================================
[  323.788485][ T7125] WARNING: The mand mount option has been deprecated and
[  323.788485][ T7125]          and is ignored by this kernel. Remove the mand
[  323.788485][ T7125]          option from the mount to silence this warning.
[  323.788485][ T7125] =======================================================
[  323.825874][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.972231][ T7130] 9pnet: Insufficient options for proto=fd
[  323.982084][ T7130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  323.994111][ T7130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  327.582390][ T7168] kAFS: unable to lookup cell 'Þ({^ú@'
[  328.808654][ T7180] netlink: 12 bytes leftover after parsing attributes in process `syz.4.766'.
[  328.975267][ T6940] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  329.225141][ T6940] usb 4-1: Using ep0 maxpacket: 32
[  329.375307][ T6940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.407957][ T6940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.453865][ T6940] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  329.523658][ T6940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.574050][ T6940] usb 4-1: config 0 descriptor??
[  329.656142][ T6940] hub 4-1:0.0: USB hub found
[  329.855218][ T6940] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  330.297308][ T6940] hid-generic 0003:046D:C31C.000F: unknown main item tag 0x0
[  330.370590][ T6940] hid-generic 0003:046D:C31C.000F: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0
[  330.466436][ T7200] netlink: 32 bytes leftover after parsing attributes in process `syz.1.771'.
[  330.602577][ T4283] usb 4-1: USB disconnect, device number 9
[  331.459887][ T7203] fido_id[7203]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  334.185630][ T7240] comedi comedi1: dmm32at: I/O port conflict (0x3,16)
[  334.605029][ T7246] loop8: detected capacity change from 0 to 7
[  335.105634][ T7246] Dev loop8: unable to read RDB block 7
[  335.112173][ T7246]  loop8: AHDI p1 p2
[  335.339012][ T7246] loop8: partition table partially beyond EOD, truncated
[  336.265324][ T7246] loop8: p1 start 1702000233 is beyond EOD, truncated
[  338.961283][ T7301] (syz.2.794,7301,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  338.970307][ T7301] (syz.2.794,7301,1):ocfs2_fill_super:1177 ERROR: status = -22
[  338.993258][ T4229] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  339.324600][ T4229] usb 4-1: Using ep0 maxpacket: 16
[  339.496142][ T4229] usb 4-1: unable to get BOS descriptor or descriptor too short
[  339.613352][ T4229] usb 4-1: config 13 has an invalid interface number: 50 but max is 0
[  339.634561][ T4229] usb 4-1: config 13 has no interface number 0
[  339.664879][ T4229] usb 4-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16
[  339.677603][ T4229] usb 4-1: config 13 interface 50 has no altsetting 0
[  339.859470][ T4229] usb 4-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  339.892197][ T4229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.941834][ T4229] usb 4-1: Product: syz
[  339.963892][ T4229] usb 4-1: Manufacturer: syz
[  339.976410][ T4229] usb 4-1: SerialNumber: syz
[  340.043627][ T7296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.051510][ T7291] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  340.715565][ T4229] usb 4-1: MIDIStreaming interface descriptor not found
[  341.109883][ T4229] usb 4-1: USB disconnect, device number 10
[  343.580377][ T5442] Bluetooth: hci4: command 0x0406 tx timeout
[  344.137029][ T7368] device syzkaller0 entered promiscuous mode
[  344.438370][ T7374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.807'.
[  345.062793][ T7384] netlink: 'syz.4.810': attribute type 1 has an invalid length.
[  345.085734][ T7384] 8021q: adding VLAN 0 to HW filter on device bond7
[  346.938580][ T7386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  347.549136][ T7421] netlink: 120 bytes leftover after parsing attributes in process `syz.2.819'.
[  348.642567][ T7430] (syz.2.820,7430,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  348.651847][ T7430] (syz.2.820,7430,0):ocfs2_fill_super:1177 ERROR: status = -22
[  349.515397][ T7434] netlink: 'syz.2.822': attribute type 1 has an invalid length.
[  349.678905][ T7434] 8021q: adding VLAN 0 to HW filter on device bond7
[  349.798595][ T7443] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  349.917453][ T7443] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  351.899863][ T7472] device syzkaller0 entered promiscuous mode
[  352.649849][ T7489] (syz.3.833,7489,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  352.659326][ T7489] (syz.3.833,7489,0):ocfs2_fill_super:1177 ERROR: status = -22
[  355.484503][ T7502] netlink: 'syz.2.836': attribute type 1 has an invalid length.
[  355.649413][ T7502] 8021q: adding VLAN 0 to HW filter on device bond8
[  355.735748][ T7507] device syzkaller0 entered promiscuous mode
[  356.009885][ T7516] mkiss: ax0: crc mode is auto.
[  356.043831][ T7521] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  356.052745][ T7521] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  357.411011][ T4229] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  359.586615][ T7557] (syz.5.845,7557,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  359.595445][ T7557] (syz.5.845,7557,1):ocfs2_fill_super:1177 ERROR: status = -22
[  360.052534][ T4229] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  360.094176][ T4229] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  360.254958][ T4229] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  360.271846][ T4229] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.328817][ T7555] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.344545][ T7555] bond0: (slave rose0): Enslaving as an active interface with an up link
[  360.355500][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  360.498825][ T4229] usb 2-1: can't set config #27, error -71
[  360.575475][ T4229] usb 2-1: USB disconnect, device number 13
[  360.875576][ T7565] netlink: 'syz.5.851': attribute type 1 has an invalid length.
[  361.511933][ T7565] 8021q: adding VLAN 0 to HW filter on device bond1
[  363.571160][ T4227] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  363.849307][ T7602] device syzkaller0 entered promiscuous mode
[  364.853345][ T4227] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  364.892353][ T4227] usb 4-1: config 1 has no interface number 0
[  364.946621][ T4227] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  364.995101][ T7622] input: syz1 as /devices/virtual/input/input12
[  365.011372][ T4227] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  365.059158][ T4227] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  365.091612][ T4227] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  365.160329][ T4227] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 8016, setting to 64
[  365.459838][ T4227] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  365.545809][ T7635] (syz.2.863,7635,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  365.555013][ T7635] (syz.2.863,7635,1):ocfs2_fill_super:1177 ERROR: status = -22
[  366.269065][ T4227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.278722][ T4227] usb 4-1: Product: syz
[  366.283204][ T4227] usb 4-1: Manufacturer: syz
[  366.291750][ T4227] usb 4-1: SerialNumber: syz
[  366.357460][ T4227] usb 4-1: can't set config #1, error -71
[  367.101393][ T4227] usb 4-1: USB disconnect, device number 11
[  368.152980][ T7658] netlink: 'syz.1.869': attribute type 1 has an invalid length.
[  368.225213][ T7658] 8021q: adding VLAN 0 to HW filter on device bond7
[  374.956008][ T7717] netlink: 'syz.5.883': attribute type 1 has an invalid length.
[  375.847189][ T7717] 8021q: adding VLAN 0 to HW filter on device bond2
[  377.383420][ T7731] (syz.4.885,7731,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  377.393014][ T7731] (syz.4.885,7731,1):ocfs2_fill_super:1177 ERROR: status = -22
[  379.133527][ T7778] tmpfs: Bad value for 'mpol'
[  379.655266][ T7760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  380.159324][ T7787] netlink: 'syz.2.896': attribute type 1 has an invalid length.
[  380.263050][ T7793] kAFS: unable to lookup cell 'Þ({^ú@'
[  380.277796][ T7787] 8021q: adding VLAN 0 to HW filter on device bond9
[  381.694381][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  381.705462][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  383.170398][ T7850] tmpfs: Bad value for 'mpol'
[  383.792535][ T7858] netlink: 32 bytes leftover after parsing attributes in process `syz.5.906'.
[  383.810728][ T7853] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  383.854255][ T7853] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  384.155038][   T13] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  385.117484][   T13] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  385.720246][   T13] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  385.781180][ T7879] kAFS: unable to lookup cell 'Þ({^ú@'
[  385.817725][   T13] usb 5-1: Product: syz
[  385.851039][   T13] usb 5-1: Manufacturer: syz
[  385.877195][   T13] usb 5-1: SerialNumber: syz
[  385.997304][   T13] usb 5-1: config 0 descriptor??
[  386.037217][   T13] ch341 5-1:0.0: ch341-uart converter detected
[  386.207354][ T4230] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  386.475022][ T4230] usb 4-1: Using ep0 maxpacket: 16
[  386.603190][ T4230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.672555][ T4230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.684987][ T4230] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  386.700179][ T4230] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  386.710979][ T4230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.732584][ T4230] usb 4-1: config 0 descriptor??
[  386.977853][ T7900] (syz.5.915,7900,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  386.986945][ T7900] (syz.5.915,7900,0):ocfs2_fill_super:1177 ERROR: status = -22
[  387.190950][   T13] ch341-uart ttyUSB0: failed to read break control: -71
[  387.206852][   T13] ch341-uart: probe of ttyUSB0 failed with error -71
[  387.671773][ T4230] microsoft 0003:045E:07DA.0010: ignoring exceeding usage max
[  387.693298][ T4230] microsoft 0003:045E:07DA.0010: unsupported Resolution Multiplier 0
[  387.729037][   T13] usb 5-1: USB disconnect, device number 8
[  387.768242][   T13] ch341 5-1:0.0: device disconnected
[  387.779136][ T4230] microsoft 0003:045E:07DA.0010: implement() called with n (152) > 32! (kworker/0:5)
[  387.878435][ T4230] microsoft 0003:045E:07DA.0010: unsupported Resolution Multiplier 0
[  387.900552][ T4230] microsoft 0003:045E:07DA.0010: No inputs registered, leaving
[  388.012241][ T4230] microsoft 0003:045E:07DA.0010: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  388.138170][ T4230] microsoft 0003:045E:07DA.0010: no inputs found
[  388.201766][ T4230] microsoft 0003:045E:07DA.0010: could not initialize ff, continuing anyway
[  388.271196][ T4230] usb 4-1: USB disconnect, device number 12
[  388.930966][ T7917] fido_id[7917]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  389.431171][ T7937] (syz.2.921,7937,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  389.440798][ T7937] (syz.2.921,7937,0):ocfs2_fill_super:1177 ERROR: status = -22
[  390.548027][ T7940] netlink: 32 bytes leftover after parsing attributes in process `syz.1.923'.
[  391.595357][ T7959] (syz.2.928,7959,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  391.604707][ T7959] (syz.2.928,7959,1):ocfs2_fill_super:1177 ERROR: status = -22
[  393.291119][ T7989] 9pnet: Insufficient options for proto=fd
[  393.301390][ T7989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  393.313723][ T7989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  394.257238][ T7967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.835226][ T8009] kAFS: unable to lookup cell 'Þ({^ú@'
[  396.071550][   T26] kauditd_printk_skb: 25 callbacks suppressed
[  396.071568][   T26] audit: type=1326 audit(1773177484.413:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.4.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  396.227413][   T26] audit: type=1326 audit(1773177484.451:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.4.940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51bfbe799 code=0x7ffc0000
[  396.296623][ T8017] device syzkaller0 entered promiscuous mode
[  398.355680][ T8060] 9pnet: Insufficient options for proto=fd
[  398.365044][ T8060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  398.377148][ T8060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.130964][ T8048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.357074][ T8070] device syzkaller0 entered promiscuous mode
[  400.553247][ T8080] netlink: 40 bytes leftover after parsing attributes in process `syz.2.961'.
[  402.182025][ T8093] netlink: 'syz.2.962': attribute type 1 has an invalid length.
[  402.207820][   T26] audit: type=1326 audit(1773177490.158:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  402.223553][ T8093] 8021q: adding VLAN 0 to HW filter on device bond10
[  402.365753][   T26] audit: type=1326 audit(1773177490.195:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  402.540251][   T26] audit: type=1326 audit(1773177490.195:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  402.567870][   T26] audit: type=1326 audit(1773177490.204:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  402.749764][ T8103] device syzkaller0 entered promiscuous mode
[  402.756923][   T26] audit: type=1326 audit(1773177490.204:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  402.782491][   T26] audit: type=1326 audit(1773177490.223:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  403.729403][   T26] audit: type=1326 audit(1773177490.223:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  403.868391][   T26] audit: type=1326 audit(1773177490.223:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  403.930378][ T8116] kAFS: unable to lookup cell 'Þ({^ú@'
[  404.466216][   T26] audit: type=1326 audit(1773177490.223:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  404.794707][   T26] audit: type=1326 audit(1773177490.223:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  405.212802][ T6940] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  405.629903][ T6940] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  405.661780][ T6940] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 5384, setting to 64
[  405.843386][ T6940] usb 6-1: config 253 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[  406.025545][ T6940] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  406.057175][ T6940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  406.100028][ T6940] usb 6-1: SerialNumber: syz
[  406.175200][ T8126] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  407.205592][ T6940] rndis_wlan 6-1:253.0: skipping garbage
[  407.363283][ T6940] rndis_host 6-1:253.0: skipping garbage
[  407.421182][ T6940] usb 6-1: USB disconnect, device number 2
[  407.497139][ T8158] netlink: 'syz.1.979': attribute type 1 has an invalid length.
[  407.771801][ T8158] 8021q: adding VLAN 0 to HW filter on device bond8
[  409.158673][ T8171] device syzkaller0 entered promiscuous mode
[  409.276819][ T8175] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present
[  409.341690][ T8180] 9pnet: Insufficient options for proto=fd
[  409.351609][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.364308][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.546665][ T8179] kAFS: unable to lookup cell 'Þ({^ú@'
[  409.682242][ T8173] loop2: detected capacity change from 0 to 7
[  409.704106][    C0] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.715610][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.778919][    C0] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.790760][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.815710][    C0] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.829551][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.841648][    C0] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.853480][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.874323][    C0] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.886593][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.895466][    C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.907128][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.933435][    C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.944676][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  409.953046][ T8173] ldm_validate_partition_table(): Disk read failed.
[  410.413289][    C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  410.424872][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  410.579857][    C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  410.590937][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  410.612844][ T8189] netlink: 16 bytes leftover after parsing attributes in process `syz.1.988'.
[  410.637557][    C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  410.649788][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  410.659107][ T8173] Dev loop2: unable to read RDB block 0
[  411.328185][ T8173]  loop2: unable to read partition table
[  411.334333][ T8173] loop2: partition table beyond EOD, truncated
[  411.340915][ T8173] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  413.169454][ T8208] netlink: 'syz.1.992': attribute type 1 has an invalid length.
[  414.072406][ T8211] netlink: set zone limit has 8 unknown bytes
[  414.116197][ T8211] netlink: 104 bytes leftover after parsing attributes in process `syz.4.994'.
[  414.250366][ T8221] loop2: detected capacity change from 0 to 7
[  414.310550][ T4755]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  414.321008][ T4755] loop2: partition table partially beyond EOD, truncated
[  414.329409][ T4755] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  414.351293][ T4755] loop2: p2 start 445263249 is beyond EOD, truncated
[  414.362464][ T8208] 8021q: adding VLAN 0 to HW filter on device bond9
[  414.402378][ T8221]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  414.416312][ T8221] loop2: partition table partially beyond EOD, truncated
[  414.443980][ T8221] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  414.464806][ T8221] loop2: p2 start 445263249 is beyond EOD, truncated
[  414.618654][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  414.889393][ T8227] autofs4:pid:8227:autofs_fill_super: called with bogus options
[  416.424751][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  417.135600][ T8253] tmpfs: Bad value for 'mpol'
[  418.083273][ T8262] netlink: 'syz.5.1005': attribute type 4 has an invalid length.
[  420.177788][ T8267] netlink: 'syz.4.1008': attribute type 1 has an invalid length.
[  420.372521][ T8267] 8021q: adding VLAN 0 to HW filter on device bond8
[  421.861850][ T8289] device syzkaller0 entered promiscuous mode
[  422.176652][ T4227] Bluetooth: hci5: command 0x0406 tx timeout
[  422.283190][ T8295] tmpfs: Bad value for 'mpol'
[  423.479159][ T8306] netlink: 'syz.4.1020': attribute type 1 has an invalid length.
[  423.948884][ T8306] 8021q: adding VLAN 0 to HW filter on device bond9
[  424.246086][ T8320] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1021'.
[  425.001602][ T8313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  425.101327][ T8320] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1021'.
[  427.551505][ T8348] overlayfs: failed to resolve './file1': -2
[  428.355434][ T8356] netlink: 'syz.2.1033': attribute type 1 has an invalid length.
[  428.504712][ T8356] 8021q: adding VLAN 0 to HW filter on device bond11
[  428.751436][   T13] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  429.860091][ T8369] (syz.3.1035,8369,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  429.870230][ T8369] (syz.3.1035,8369,1):ocfs2_fill_super:1177 ERROR: status = -22
[  430.508009][ T8375] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1037'.
[  430.526984][ T8375] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1037'.
[  430.604137][   T13] usb 6-1: unable to get BOS descriptor or descriptor too short
[  430.738928][   T13] usb 6-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  431.800657][   T13] usb 6-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  431.830028][   T13] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.839194][   T13] usb 6-1: Product: syz
[  431.882776][   T13] usb 6-1: can't set config #3, error -71
[  431.949966][   T13] usb 6-1: USB disconnect, device number 3
[  433.961713][ T8401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.046086][ T8412] netlink: 'syz.2.1046': attribute type 1 has an invalid length.
[  434.232886][ T8412] 8021q: adding VLAN 0 to HW filter on device bond12
[  436.428907][ T8439] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  437.550295][ T8451] kAFS: unable to lookup cell 'Þ({^ú@'
[  440.811176][ T8485] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  440.838865][ T8485] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  441.274979][   T26] kauditd_printk_skb: 12 callbacks suppressed
[  441.274997][   T26] audit: type=1326 audit(1773177526.699:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8488 comm="syz.1.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  441.438810][   T26] audit: type=1326 audit(1773177526.746:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8488 comm="syz.1.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  442.847989][ T8494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  443.368092][ T8506] device syzkaller0 entered promiscuous mode
[  444.254315][ T8517] 9pnet: Insufficient options for proto=fd
[  444.263865][ T8517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  444.276636][ T8517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  447.329455][ T8531] tmpfs: Bad value for 'mpol'
[  447.985293][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  447.997488][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  448.056075][ T8533] kAFS: unable to lookup cell 'Þ({^ú@'
[  448.798955][ T8538] ubi31: attaching mtd0
[  448.821429][ T8538] ubi31: scanning is finished
[  448.826795][ T8538] ubi31: empty MTD device detected
[  449.692714][ T8538] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  451.485386][ T8550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.695459][ T8560] device syzkaller0 entered promiscuous mode
[  452.876889][ T8570] 9pnet: Insufficient options for proto=fd
[  452.894625][ T8570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  452.915299][ T8570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  454.964230][ T8578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1087'.
[  455.809658][ T8588] netlink: 'syz.1.1090': attribute type 1 has an invalid length.
[  456.298805][ T8588] 8021q: adding VLAN 0 to HW filter on device bond10
[  456.682329][ T8576] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1086'.
[  457.037881][ T8597] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  457.561741][ T8613] device syzkaller0 entered promiscuous mode
[  457.584307][ T8624] kAFS: unable to lookup cell 'Þ({^ú@'
[  458.629828][ T8615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.922166][ T8632] 9pnet: Insufficient options for proto=fd
[  458.937286][ T8632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.956722][ T8632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  460.976012][ T8643] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1102'.
[  462.176461][ T8654] netlink: 'syz.2.1105': attribute type 1 has an invalid length.
[  462.329609][ T8654] 8021q: adding VLAN 0 to HW filter on device bond13
[  463.276517][ T8678] Cannot find add_set index 65532 as target
[  463.433656][ T8678] process 'syz.3.1110' launched './file1' with NULL argv: empty string added
[  464.304024][ T8680] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1108'.
[  466.002608][   T21] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  466.442007][ T8702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1116'.
[  466.499004][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1116'.
[  466.996870][   T21] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  467.263905][   T21] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  467.306833][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.426904][   T21] gspca_main: stv0680-2.14.0 probing 041e:4007
[  468.366282][ T8721] 9pnet: Insufficient options for proto=fd
[  468.385653][ T8721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.407750][ T8721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  469.187980][   T21] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[  469.197027][   T21] stv0680 5-1:4.0: STV(e): camera ping failed!!
[  469.206254][ T8709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  469.252113][   T21] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  469.300448][   T21] stv0680 5-1:4.0: last error: 0,  command = 0x0
[  469.352806][   T21] usb 5-1: USB disconnect, device number 9
[  470.715145][ T8742] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1125'.
[  472.635449][ T8761] netlink: 'syz.1.1130': attribute type 1 has an invalid length.
[  472.715172][ T8761] 8021q: adding VLAN 0 to HW filter on device bond11
[  473.105856][ T8768] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  473.152272][ T8768] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  474.525344][ T8785] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1137'.
[  474.600811][ T8785] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1137'.
[  476.305313][ T8801] autofs4:pid:8801:autofs_fill_super: called with bogus options
[  477.327882][ T8806] netlink: 'syz.3.1142': attribute type 1 has an invalid length.
[  477.467681][ T8806] 8021q: adding VLAN 0 to HW filter on device bond4
[  478.627449][ T8825] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1149'.
[  480.112495][ T8836] kAFS: unable to lookup cell 'Þ({^ú@'
[  481.138176][   T26] audit: type=1326 audit(1773177563.989:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8837 comm="syz.2.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  481.166982][   T26] audit: type=1326 audit(1773177564.026:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8837 comm="syz.2.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  482.896134][ T8859] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1157'.
[  482.972923][ T8860] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1157'.
[  484.135517][ T8874] netlink: 'syz.2.1161': attribute type 1 has an invalid length.
[  484.639348][ T8874] 8021q: adding VLAN 0 to HW filter on device bond14
[  485.405263][ T8900] kAFS: unable to lookup cell 'Þ({^ú@'
[  485.711171][ T8904] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1168'.
[  486.263244][ T8913] netlink: set zone limit has 8 unknown bytes
[  486.380936][ T8913] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1170'.
[  493.847134][ T8981] netlink: set zone limit has 8 unknown bytes
[  493.934714][ T8982] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  493.937932][ T8981] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1190'.
[  493.960212][ T8982] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  494.999513][ T8997] kAFS: unable to lookup cell 'Þ({^ú@'
[  499.313918][ T9028] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1205'.
[  499.364133][ T9028] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1205'.
[  500.238020][ T9037] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  500.312561][ T9037] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  503.045197][ T9062] kAFS: unable to lookup cell 'Þ({^ú@'
[  503.479921][ T9072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1215'.
[  505.431117][ T9086] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1219'.
[  506.155413][ T9093] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  506.231171][ T9093] tipc: Resetting bearer <eth:syzkaller0>
[  506.272187][ T9092] tipc: Disabling bearer <eth:syzkaller0>
[  509.655222][ T9123] netlink: 'syz.4.1231': attribute type 1 has an invalid length.
[  509.722022][ T9127] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1232'.
[  509.763692][ T9127] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1232'.
[  509.833403][ T9123] 8021q: adding VLAN 0 to HW filter on device bond10
[  511.966507][ T9145] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.045872][ T9150] device syzkaller0 entered promiscuous mode
[  512.203002][ T9145] tipc: Disabling bearer <eth:syzkaller0>
[  512.370218][ T9155] autofs4:pid:9155:autofs_fill_super: called with bogus options
[  513.324359][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  513.331677][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  515.380050][ T9179] netlink: 'syz.2.1245': attribute type 1 has an invalid length.
[  515.950906][ T9179] 8021q: adding VLAN 0 to HW filter on device bond15
[  516.019957][ T9184] kAFS: unable to lookup cell 'Þ({^ú@'
[  516.184510][ T9186] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  516.673875][ T9193] device syzkaller0 entered promiscuous mode
[  517.164777][ T9207] autofs4:pid:9207:autofs_fill_super: called with bogus options
[  519.512650][ T9228] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1257'.
[  519.660437][ T9233] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1256'.
[  524.225480][ T9270] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1268'.
[  524.291745][ T9270] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1268'.
[  526.960033][ T9297] autofs4:pid:9297:autofs_fill_super: called with bogus options
[  530.712477][ T9323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1283'.
[  536.631033][ T9374] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1296'.
[  536.674498][ T9371] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  537.396484][ T9390] autofs4:pid:9390:autofs_fill_super: called with bogus options
[  538.220824][ T9394] device syzkaller0 entered promiscuous mode
[  539.907873][ T9412] netlink: 'syz.5.1306': attribute type 1 has an invalid length.
[  539.966437][ T9412] 8021q: adding VLAN 0 to HW filter on device bond3
[  540.025459][ T9415] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1307'.
[  540.120636][ T9415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1307'.
[  541.014026][ T9427] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  542.332516][ T9448] device syzkaller0 entered promiscuous mode
[  544.314813][ T9466] netlink: 'syz.3.1318': attribute type 1 has an invalid length.
[  545.036546][ T9466] 8021q: adding VLAN 0 to HW filter on device bond5
[  545.183867][ T9476] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1321'.
[  545.403059][ T9476] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1321'.
[  545.967074][ T9487] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  546.554282][ T9502] device syzkaller0 entered promiscuous mode
[  549.442439][ T9523] netlink: 'syz.1.1333': attribute type 1 has an invalid length.
[  549.582757][ T9523] 8021q: adding VLAN 0 to HW filter on device bond12
[  550.740966][ T9533] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1335'.
[  550.755083][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1335'.
[  550.889145][ T9538] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  551.988896][ T9553] device syzkaller0 entered promiscuous mode
[  555.413084][ T9588] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  555.818480][ T9600] 9pnet: Insufficient options for proto=fd
[  555.845360][ T9600] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.901937][ T9601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.371412][ T9613] device syzkaller0 entered promiscuous mode
[  560.441922][ T9653] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1367'.
[  560.465937][ T9653] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1367'.
[  561.566503][ T9657] netlink: set zone limit has 8 unknown bytes
[  561.615689][ T9657] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1368'.
[  561.745201][ T9668] 9pnet: Insufficient options for proto=fd
[  561.811344][ T9668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  562.303296][ T9674] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  562.352412][ T9674] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  566.457921][ T9717] netlink: set zone limit has 8 unknown bytes
[  569.222537][   T26] audit: type=1326 audit(1773177646.408:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9731 comm="syz.1.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  569.284494][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1391'.
[  569.398261][ T9751] 9pnet: Insufficient options for proto=fd
[  569.407022][ T9751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  569.419014][ T9751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  569.508114][   T26] audit: type=1326 audit(1773177646.436:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9731 comm="syz.1.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e63be799 code=0x7ffc0000
[  573.228975][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1406'.
[  574.108151][ T9812] 9pnet: Insufficient options for proto=fd
[  574.116257][ T9812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.128563][ T9812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  575.727078][ T9833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1417'.
[  576.874865][   T26] audit: type=1326 audit(1773177653.564:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.404231][   T26] audit: type=1326 audit(1773177653.995:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.436342][ T9853] loop6: detected capacity change from 0 to 7
[  577.460934][ T4755] Dev loop6: unable to read RDB block 7
[  577.467166][ T4755]  loop6: AHDI p2 p3
[  577.504989][   T26] audit: type=1326 audit(1773177653.995:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.650847][ T4755] loop6: partition table partially beyond EOD, truncated
[  577.672394][ T4755] loop6: p2 size 157513074 extends beyond EOD, truncated
[  577.707915][   T26] audit: type=1326 audit(1773177653.995:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.734165][ T9853] Dev loop6: unable to read RDB block 7
[  577.761432][   T26] audit: type=1326 audit(1773177653.995:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.786018][ T9853]  loop6: AHDI p2 p3
[  577.800864][   T26] audit: type=1326 audit(1773177653.995:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.834985][ T9853] loop6: partition table partially beyond EOD, truncated
[  577.848889][   T26] audit: type=1326 audit(1773177653.995:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.909000][   T26] audit: type=1326 audit(1773177653.995:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.964926][   T26] audit: type=1326 audit(1773177653.995:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  577.989555][   T26] audit: type=1326 audit(1773177653.995:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9846 comm="syz.5.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  578.017946][ T9853] loop6: p2 size 157513074 extends beyond EOD, truncated
[  578.261082][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  578.548553][ T4755] udevd[4755]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  578.673732][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  578.680444][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  578.819591][ T9861] 9pnet: Insufficient options for proto=fd
[  578.828495][ T9861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.841431][ T9861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  582.474910][ T9892] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  583.549206][   T26] kauditd_printk_skb: 26 callbacks suppressed
[  583.549224][   T26] audit: type=1326 audit(1773177659.804:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  583.588483][   T26] audit: type=1326 audit(1773177659.842:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  583.614971][   T26] audit: type=1326 audit(1773177659.851:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  583.640699][   T26] audit: type=1326 audit(1773177659.851:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  583.873892][   T26] audit: type=1326 audit(1773177659.898:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  583.955084][ T9921] 9pnet: Insufficient options for proto=fd
[  583.964971][ T9921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  583.979583][ T9921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  584.280545][   T26] audit: type=1326 audit(1773177659.898:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  584.474097][   T26] audit: type=1326 audit(1773177659.907:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  584.662179][   T26] audit: type=1326 audit(1773177659.935:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  584.760931][   T26] audit: type=1326 audit(1773177659.935:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  584.928816][   T26] audit: type=1326 audit(1773177659.935:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9902 comm="syz.5.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6217b28799 code=0x7ffc0000
[  586.587825][ T9939] device syzkaller0 entered promiscuous mode
[  589.129435][ T9953] tipc: Started in network mode
[  589.142533][ T9953] tipc: Node identity 6edf8277cacd, cluster identity 4711
[  589.236913][ T9953] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  589.316170][ T9953] tipc: Resetting bearer <eth:syzkaller0>
[  589.347146][ T9950] tipc: Disabling bearer <eth:syzkaller0>
[  589.612959][ T9961] 9pnet: Insufficient options for proto=fd
[  589.624854][ T9961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.636900][ T9961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.629999][ T9963] netlink: set zone limit has 8 unknown bytes
[  590.642547][ T9963] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1450'.
[  593.376705][T10002] 9pnet: Insufficient options for proto=fd
[  593.385581][T10002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  593.397813][T10002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  593.439186][    C1] hrtimer: interrupt took 48449 ns
[  594.821915][T10015] netlink: set zone limit has 8 unknown bytes
[  596.330139][T10014] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1466'.
[  599.350477][T10063] autofs4:pid:10063:autofs_fill_super: called with bogus options
[  601.006463][T10065] netlink: set zone limit has 8 unknown bytes
[  601.020377][T10065] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1481'.
[  601.104728][   T26] kauditd_printk_skb: 16 callbacks suppressed
[  601.104745][   T26] audit: type=1326 audit(1773177676.232:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  601.172560][T10072] 
[  601.175426][T10072] ======================================================
[  601.183210][T10072] WARNING: possible circular locking dependency detected
[  601.191351][T10072] syzkaller #0 Not tainted
[  601.197140][T10072] ------------------------------------------------------
[  601.204984][T10072] syz.3.1483/10072 is trying to acquire lock:
[  601.212139][T10072] ffff888064881458 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210
[  601.225414][T10072] 
[  601.225414][T10072] but task is already holding lock:
[  601.233071][T10072] ffff888064880120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[  601.243751][T10072] 
[  601.243751][T10072] which lock already depends on the new lock.
[  601.243751][T10072] 
[  601.255106][T10072] 
[  601.255106][T10072] the existing dependency chain (in reverse order) is:
[  601.264820][T10072] 
[  601.264820][T10072] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[  601.272935][T10072]        lock_sock_nested+0x44/0x100
[  601.278518][T10072]        smc_listen_out+0x109/0x3d0
[  601.284117][T10072]        smc_listen_work+0x526/0xd00
[  601.289499][T10072]        process_one_work+0x85f/0x1010
[  601.294966][T10072]        worker_thread+0xaa6/0x1290
[  601.300194][T10072]        kthread+0x436/0x520
[  601.305058][T10072]        ret_from_fork+0x1f/0x30
[  601.310301][T10072] 
[  601.310301][T10072] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[  601.321259][T10072]        __lock_acquire+0x2c42/0x7d10
[  601.327034][T10072]        lock_acquire+0x19e/0x400
[  601.332303][T10072]        __flush_work+0x116/0x210
[  601.337431][T10072]        __cancel_work_timer+0x3f4/0x560
[  601.343336][T10072]        smc_clcsock_release+0x5c/0xe0
[  601.348795][T10072]        __smc_release+0x398/0x500
[  601.354095][T10072]        smc_close_non_accepted+0xd1/0x1f0
[  601.359911][T10072]        smc_close_active+0x9d3/0xd90
[  601.365687][T10072]        __smc_release+0x9a/0x500
[  601.370973][T10072]        smc_release+0x2ca/0x530
[  601.376125][T10072]        sock_close+0xd5/0x240
[  601.380986][T10072]        __fput+0x234/0x930
[  601.385569][T10072]        task_work_run+0x125/0x1a0
[  601.390934][T10072]        exit_to_user_mode_loop+0x10f/0x130
[  601.396991][T10072]        exit_to_user_mode_prepare+0xee/0x180
[  601.403329][T10072]        syscall_exit_to_user_mode+0x16/0x40
[  601.409571][T10072]        do_syscall_64+0x58/0xa0
[  601.414855][T10072]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  601.421351][T10072] 
[  601.421351][T10072] other info that might help us debug this:
[  601.421351][T10072] 
[  601.432908][T10072]  Possible unsafe locking scenario:
[  601.432908][T10072] 
[  601.440962][T10072]        CPU0                    CPU1
[  601.446606][T10072]        ----                    ----
[  601.452062][T10072]   lock(sk_lock-AF_SMC/1);
[  601.456659][T10072]                                lock((work_completion)(&new_smc->smc_listen_work));
[  601.466367][T10072]                                lock(sk_lock-AF_SMC/1);
[  601.473402][T10072]   lock((work_completion)(&new_smc->smc_listen_work));
[  601.480867][T10072] 
[  601.480867][T10072]  *** DEADLOCK ***
[  601.480867][T10072] 
[  601.489806][T10072] 2 locks held by syz.3.1483/10072:
[  601.495369][T10072]  #0: ffff888066efa010 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240
[  601.505918][T10072]  #1: ffff888064880120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[  601.515612][T10072] 
[  601.515612][T10072] stack backtrace:
[  601.521769][T10072] CPU: 1 PID: 10072 Comm: syz.3.1483 Not tainted syzkaller #0
[  601.529985][T10072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  601.540989][T10072] Call Trace:
[  601.545541][T10072]  <TASK>
[  601.548497][T10072]  dump_stack_lvl+0x188/0x250
[  601.553410][T10072]  ? load_image+0x400/0x400
[  601.558089][T10072]  ? show_regs_print_info+0x20/0x20
[  601.563377][T10072]  ? print_circular_bug+0x12b/0x1a0
[  601.568765][T10072]  check_noncircular+0x296/0x330
[  601.573930][T10072]  ? unwind_next_frame+0x1296/0x1d90
[  601.579459][T10072]  ? look_up_lock_class+0x71/0x110
[  601.585038][T10072]  ? add_chain_block+0x940/0x940
[  601.590172][T10072]  ? lockdep_lock+0xf1/0x1f0
[  601.595383][T10072]  ? lock_release+0xb5/0x8a0
[  601.600176][T10072]  ? mark_lock+0x94/0x320
[  601.604751][T10072]  __lock_acquire+0x2c42/0x7d10
[  601.609721][T10072]  ? unwind_next_frame+0x1296/0x1d90
[  601.615024][T10072]  ? hlock_conflict+0x59/0x1f0
[  601.619792][T10072]  ? __bfs+0x2a3/0x5c0
[  601.623982][T10072]  ? check_path+0x40/0x40
[  601.629036][T10072]  ? verify_lock_unused+0x140/0x140
[  601.634360][T10072]  ? mark_lock+0x94/0x320
[  601.639095][T10072]  ? __lock_acquire+0x13bc/0x7d10
[  601.644352][T10072]  ? add_chain_block+0x940/0x940
[  601.649603][T10072]  lock_acquire+0x19e/0x400
[  601.654481][T10072]  ? __flush_work+0xfa/0x210
[  601.659239][T10072]  ? verify_lock_unused+0x140/0x140
[  601.665075][T10072]  ? read_lock_is_recursive+0x10/0x10
[  601.671060][T10072]  __flush_work+0x116/0x210
[  601.675886][T10072]  ? __flush_work+0xfa/0x210
[  601.681369][T10072]  ? verify_lock_unused+0x140/0x140
[  601.686731][T10072]  ? flush_work+0x20/0x20
[  601.691374][T10072]  ? try_to_grab_pending+0xfa/0x7f0
[  601.696956][T10072]  ? mark_lock+0x94/0x320
[  601.701570][T10072]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  601.707762][T10072]  ? lock_chain_count+0x20/0x20
[  601.712984][T10072]  ? __cancel_work_timer+0x36a/0x560
[  601.718577][T10072]  __cancel_work_timer+0x3f4/0x560
[  601.724464][T10072]  ? cancel_work_sync+0x20/0x20
[  601.730256][T10072]  ? __local_bh_enable_ip+0x136/0x1c0
[  601.736328][T10072]  ? lockdep_hardirqs_on+0x94/0x140
[  601.743028][T10072]  ? __local_bh_enable_ip+0x136/0x1c0
[  601.749634][T10072]  ? _local_bh_enable+0xa0/0xa0
[  601.755118][T10072]  smc_clcsock_release+0x5c/0xe0
[  601.760654][T10072]  __smc_release+0x398/0x500
[  601.765613][T10072]  smc_close_non_accepted+0xd1/0x1f0
[  601.771094][T10072]  smc_close_active+0x9d3/0xd90
[  601.777226][T10072]  __smc_release+0x9a/0x500
[  601.781910][T10072]  smc_release+0x2ca/0x530
[  601.786540][T10072]  sock_close+0xd5/0x240
[  601.791130][T10072]  ? sock_mmap+0x90/0x90
[  601.795923][T10072]  __fput+0x234/0x930
[  601.800173][T10072]  task_work_run+0x125/0x1a0
[  601.805227][T10072]  exit_to_user_mode_loop+0x10f/0x130
[  601.810633][T10072]  exit_to_user_mode_prepare+0xee/0x180
[  601.816742][T10072]  syscall_exit_to_user_mode+0x16/0x40
[  601.822752][T10072]  do_syscall_64+0x58/0xa0
[  601.827278][T10072]  ? clear_bhb_loop+0x30/0x80
[  601.832119][T10072]  ? clear_bhb_loop+0x30/0x80
[  601.836903][T10072]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  601.843182][T10072] RIP: 0033:0x7f4bddea8799
[  601.847615][T10072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  601.868940][T10072] RSP: 002b:00007f4bdc102028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  601.877841][T10072] RAX: 0000000000000000 RBX: 00007f4bde121fa0 RCX: 00007f4bddea8799
[  601.886360][T10072] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000
[  601.894732][T10072] RBP: 00007f4bddf3ec99 R08: 0000000000000000 R09: 0000000000000000
[  601.903177][T10072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  601.911835][T10072] R13: 00007f4bde122038 R14: 00007f4bde121fa0 R15: 00007ffd6c3f8be8
[  601.921228][T10072]  </TASK>
[  601.924544][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.047901][   T26] audit: type=1326 audit(1773177676.232:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.120849][   T26] audit: type=1326 audit(1773177676.232:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.248221][   T26] audit: type=1326 audit(1773177676.232:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.357255][   T26] audit: type=1326 audit(1773177676.232:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.438301][   T26] audit: type=1326 audit(1773177676.232:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.501828][   T26] audit: type=1326 audit(1773177676.260:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.528357][   T26] audit: type=1326 audit(1773177676.260:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.557193][   T26] audit: type=1326 audit(1773177676.260:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000
[  602.584144][   T26] audit: type=1326 audit(1773177676.260:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10066 comm="syz.2.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a0cfea799 code=0x7ffc0000