last executing test programs:

7m19.097533132s ago: executing program 2 (id=2590):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00)

7m17.464374282s ago: executing program 2 (id=2592):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0)

7m14.777717354s ago: executing program 2 (id=2595):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
getpriority(0x1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x108)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, <r4=>0x0}, 0x2020)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r5, 0x4b33, &(0x7f0000000280))
write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x28)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r6, r3)

7m12.222279571s ago: executing program 2 (id=2605):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x2eff, &(0x7f0000000340)={0x0, 0xe8e5, 0x2, 0xfffffffd, 0x290})

7m10.559928912s ago: executing program 2 (id=2607):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r0 = fsopen(&(0x7f0000001200)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x4)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.controllers\x00', 0x5000000, 0x0)
readv(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x284801, 0x0)
socket$kcm(0x2, 0xa, 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300030000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}], 0x1, 0xf00)

7m8.646587006s ago: executing program 2 (id=2611):
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000400)=""/85)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r1, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r6, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10)

6m53.032421845s ago: executing program 32 (id=2611):
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000400)=""/85)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r1, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r6, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10)

4m2.287748346s ago: executing program 4 (id=3037):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
openat$dsp(0xffffffffffffff9c, 0x0, 0x802, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)

4m2.069073367s ago: executing program 4 (id=3039):
syz_open_dev$video4linux(&(0x7f0000000180), 0x6, 0x42)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

4m1.849023318s ago: executing program 4 (id=3044):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r8, 0x0, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r5, 0xc}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)

3m59.019818747s ago: executing program 4 (id=3052):
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd4}}, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)="3013f93f6a23826aeaa571d88a1f", 0xe}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="10000000001d83000744d63c000100000008"], 0x10}, 0x40000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f406", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

3m58.881065044s ago: executing program 4 (id=3054):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
r1 = inotify_init1(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xfffffffd)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000005c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x20000)
write$eventfd(r3, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
inotify_add_watch(r1, &(0x7f00000001c0)='./file0\x00', 0x4000064f)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x4c0f, 0x400, 0x3, 0x288}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r8 = syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
migrate_pages(r8, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)

3m57.868765904s ago: executing program 4 (id=3058):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x100c8a1, 0xc000, 0x8, 0xf0})
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_setup(0x3380, &(0x7f0000000180)={0x0, 0xfffffffd, 0x10100}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
r2 = gettid()
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4844)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='cdg', 0x6)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0xffffffffffffffef, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0xe, 0x0)

3m42.826450225s ago: executing program 33 (id=3058):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x100c8a1, 0xc000, 0x8, 0xf0})
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_setup(0x3380, &(0x7f0000000180)={0x0, 0xfffffffd, 0x10100}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
r2 = gettid()
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4844)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='cdg', 0x6)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0xffffffffffffffef, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0xe, 0x0)

1m25.011996263s ago: executing program 0 (id=3468):
r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x28002)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000340)={"0400", 0x0, 0x5, 0x4, 0x800, 0x1, '\x00\x00\x00\f\x00', "00000200", '\t\x00', '\x00', ["8ba8e2bca7cbd6e4af000700", "ca8cacfffffffff4550400", "2000fffdfdc2209d76b10020", "0000000004000000001000"]})

1m24.890089019s ago: executing program 0 (id=3469):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7, 0x6}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003040)=@deltfilter={0x24, 0x2d, 0x119, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffe0, 0x1}, {0xf, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r5, &(0x7f0000000400)=""/4096, 0x1000)

1m23.922630766s ago: executing program 0 (id=3471):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={0x0, 0x80}, 0x1, 0x0, 0x0, 0x881}, 0x8000)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
syz_open_procfs(0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$sock(r2, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r3, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0)

1m18.524948892s ago: executing program 0 (id=3487):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002bc0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r3, &(0x7f0000006e80)={0x2020, 0x0, <r4=>0x0}, 0x2082)
write$FUSE_INIT(r3, &(0x7f0000004300)={0x50, 0x0, r4, {0x7, 0x29, 0x3, 0x11913410, 0x800, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x50)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x3050000, 0x0, 0x1, 0x0, 0x0)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0/file0\x00', 0x8)

1m16.981796448s ago: executing program 0 (id=3492):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
getsockopt$inet6_opts(r0, 0x29, 0x36, 0x0, &(0x7f0000000000))

1m16.626452316s ago: executing program 0 (id=3493):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x40002, 0xa69c0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x0, 0x4a}, 0x28)
io_uring_setup(0x2eff, &(0x7f0000000340)={0x0, 0xe8e5, 0x2, 0xfffffffd, 0x290})
mkdir(0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x4, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r4, 0x4, 0x4, 0x0, 0xe2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev, 0x80, 0x0, 0xffffffff, 0x1}})

1m15.907264981s ago: executing program 34 (id=3493):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x40002, 0xa69c0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x0, 0x4a}, 0x28)
io_uring_setup(0x2eff, &(0x7f0000000340)={0x0, 0xe8e5, 0x2, 0xfffffffd, 0x290})
mkdir(0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x4, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r4, 0x4, 0x4, 0x0, 0xe2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev, 0x80, 0x0, 0xffffffff, 0x1}})

17.46162873s ago: executing program 1 (id=3674):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newlink={0x58, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfa, {}, [@IFLA_IFNAME={0x14}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4c800}, 0x8000002)

14.371408732s ago: executing program 1 (id=3682):
r0 = syz_open_dev$usbmon(&(0x7f00000003c0), 0x0, 0x101000)
pread64(r0, &(0x7f00000016c0)=""/33, 0x21, 0x2)

11.285069094s ago: executing program 1 (id=3687):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xffff, r0, 0x0}])
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x24000000)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

8.32639126s ago: executing program 7 (id=3698):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0)
r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)

8.257745674s ago: executing program 7 (id=3700):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
syz_emit_vhci(0x0, 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
unshare(0x6020400)
r3 = eventfd(0xff7ffff7)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r3, 0x82000000, 0x2, r3})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0xc800)
recvmmsg(r5, &(0x7f0000005180)=[{{&(0x7f0000000180)=@can, 0x80, &(0x7f0000000500)=[{&(0x7f0000000280)=""/16, 0x10}, {&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000440)=""/140, 0x8c}, {&(0x7f0000000580)=""/73, 0x49}, {&(0x7f0000000600)=""/99, 0x63}, {&(0x7f0000000840)=""/76, 0x4c}, {&(0x7f00000008c0)=""/149, 0x95}], 0x7, &(0x7f0000001040)=""/219, 0xdb}, 0x7ffffffc}, {{&(0x7f0000000f40)=@ax25={{0x3, @default}, [@remote, @bcast, @bcast, @bcast, @remote, @null, @rose, @rose]}, 0x80, &(0x7f0000003400)=[{&(0x7f0000000fc0)=""/115, 0x73}, {&(0x7f0000002080)=""/246, 0xf6}, {&(0x7f0000000680)=""/39, 0x27}, {&(0x7f0000000a80)=""/27, 0x1b}, {&(0x7f0000002180)=""/88, 0x58}, {&(0x7f0000002200)=""/130, 0x82}, {&(0x7f00000022c0)=""/57, 0x39}, {&(0x7f0000002300)=""/205, 0xcd}, {&(0x7f0000002400)=""/4096, 0x1000}], 0x9, &(0x7f0000003480)=""/149, 0x95}, 0x5}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f00000035c0)=""/212, 0xd4}, {&(0x7f00000036c0)}, {&(0x7f0000003700)}, {&(0x7f0000003740)=""/204, 0xcc}, {&(0x7f0000003840)=""/88, 0x58}], 0x5, &(0x7f0000000980)=""/200, 0xc8}, 0x40200}, {{&(0x7f0000003a00)=@ethernet={0x0, @link_local}, 0x80, &(0x7f00000036c0), 0x0, &(0x7f0000003e40)=""/112, 0x70}, 0x9}, {{&(0x7f0000003ec0)=@can, 0x80, &(0x7f0000005140)=[{&(0x7f0000003f40)=""/39, 0x27}, {&(0x7f0000003f80)=""/4094, 0xffe}, {&(0x7f00000006c0)=""/149, 0x95}, {&(0x7f0000005100)=""/4, 0x4}], 0x4}, 0x1}], 0x5, 0x20000fc0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000200))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x40070}, 0x0)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0)
openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000400)={0x2, @win={{0x0, 0x0, 0x47524247}, 0x0, 0x0, 0x0, 0x0, 0x0}})

8.257149644s ago: executing program 1 (id=3701):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r5)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000009b40)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x1, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x2, 0x9, 0x4, 0x6}, 0x1, 0xfb}, [{0x2, 0x9c, 0x81, 0x6, 0x2, 0x7}, {0x1, 0x6, 0x4, 0x3, 0xfffffffd, 0x81}, {0x1, 0x80000001, 0x8, 0x101, 0x3}, {0x3, 0x9, 0x0, 0x7, 0x5, 0x4}, {0xf, 0x7, 0x9, 0x51, 0x8}, {0x3, 0x4, 0xc, 0x101, 0x3, 0x84b5}, {0x9c, 0x4, 0x9, 0x2, 0x487, 0x8}, {0x1, 0x10000, 0x5, 0x4, 0x3, 0x8000}, {0x7, 0x9, 0x1ff, 0x8, 0x2, 0x7fff}, {0x439356e7, 0x609, 0x16, 0x0, 0x10000, 0x6}, {0x5, 0x3, 0x8, 0x3, 0x0, 0xffffffff}, {0x5, 0x0, 0x7, 0x7, 0x8, 0x5}, {0x5, 0x8, 0x9, 0x5, 0xfffff000, 0x7}, {0x768d, 0xcd, 0x8, 0x7, 0x5, 0x9}, {0x1, 0xfffffffb, 0x6, 0x5, 0x7ff, 0x6}, {0xfffffffb, 0x3, 0xfffffffe, 0x6, 0x2}, {0xfffff9fd, 0x9, 0xa5f, 0xa, 0x5, 0x2}, {0xffff997c, 0x9, 0x167, 0x2, 0x71, 0xa2}, {0x5, 0x2, 0xc, 0x8, 0x9, 0x60}, {0x5, 0xa, 0x2, 0x4, 0x3, 0x2000}, {0x32d, 0x8, 0x7fff, 0x4, 0x8, 0x9}, {0x8, 0x200, 0x58fe, 0x7ff, 0x4, 0x3}, {0x101, 0xd, 0x101, 0x1, 0x3, 0x8}, {0x0, 0x3, 0x1ff, 0x7437ec78, 0x2, 0x9}, {0xffffffff, 0x1, 0x9, 0x0, 0x1, 0x4}, {0xc, 0xe, 0x0, 0x3, 0x8, 0x81}, {0x3, 0x3, 0x6, 0xe, 0x0, 0x80}, {0xd, 0x0, 0x7ff, 0x0, 0x80000000, 0x2}, {0x4, 0xb, 0x6c5f1878, 0x57c4, 0x8, 0x25ff}, {0x4, 0xd, 0x1fadd976, 0x3071, 0x0, 0x1}, {0x5, 0x800, 0x3, 0x3, 0x3, 0x9}, {0x9, 0x1ff, 0x81, 0x9c, 0x1, 0x5}, {0x9, 0xd76, 0x6, 0xdc2, 0xa16a, 0x2}, {0x1ff, 0x5, 0x7, 0x2, 0x2, 0x1}, {0x1, 0x32158140, 0x0, 0x8, 0x6, 0x7}, {0xe, 0x4, 0x9000, 0x5, 0x2, 0x7f}, {0x3, 0x2ec74d53, 0x0, 0x0, 0x8, 0x2}, {0x5, 0xfff, 0xffffff13, 0x6, 0x2, 0x6}, {0x1, 0x6, 0x3, 0x4, 0xffb, 0x9}, {0x6, 0x6, 0x1ff, 0x8, 0x7ff, 0x8001}, {0x4, 0xffffffff, 0x0, 0xfffff740, 0x4, 0x4}, {0xffff, 0x5, 0x7, 0xac, 0xf}, {0x5, 0x3, 0x6, 0x1000, 0xd8fe, 0x8001}, {0xd, 0x3, 0x80000000, 0x0, 0xffffff81, 0x7ff}, {0xfffffffb, 0x2, 0x1ff, 0xf9, 0xffff8001}, {0x0, 0x6, 0x8000, 0x9, 0x500, 0x7}, {0x1, 0xffffffff, 0x834, 0x7, 0x0, 0x3}, {0x7fff, 0x6, 0x0, 0x2, 0x2, 0x8}, {0xf61, 0x101, 0x9, 0x2, 0x80000000, 0x7fff}, {0xc7, 0x1, 0xad, 0x2, 0xffff, 0x20000000}, {0x0, 0x5, 0x1, 0xffff, 0x3, 0x3}, {0x8, 0x10001, 0x9f98, 0x1, 0x8, 0x66a}, {0xfff, 0x6, 0x8, 0x80000001, 0x0, 0x7f}, {0x8, 0x6, 0x7f, 0x5, 0x3, 0xb}, {0x4, 0x4b, 0x0, 0x1, 0x7f, 0x7fffffff}, {0xfff, 0x47e4, 0x1, 0x0, 0x80000001, 0x9}, {0x3, 0x9, 0x7, 0x6, 0x3e6b7592, 0xe5}, {0x9, 0x9, 0x1, 0x9, 0x0, 0x2}, {0x8, 0x80000001, 0x7fff, 0xb2d9, 0xfffffffe, 0x8}, {0x80000001, 0x9, 0x5202, 0x2, 0x53ce, 0x3}, {0xffffff81, 0x7, 0x8, 0x8, 0x7f, 0x80000000}, {0xfffffff9, 0x9, 0x6, 0x6, 0x9, 0x3}, {0xfffffffd, 0x8, 0x6, 0x5, 0x3, 0x8f}, {0x741, 0x0, 0x9, 0x7fffffff, 0x2, 0x200}, {0x401, 0x2, 0x8, 0x6, 0x4, 0xc6e9}, {0x1, 0x2d73, 0x3ff, 0x5, 0x9f17, 0xffffff7f}, {0x2, 0x401, 0x2b00, 0xfffff57b, 0xfffffc00, 0xd}, {0x3, 0x4, 0xc52b, 0x9, 0x5, 0xff}, {0x0, 0x4, 0x401, 0x0, 0x1, 0x9}, {0x8, 0x4, 0x1, 0x2, 0x10, 0x1}, {0xff, 0x8, 0x6, 0x5, 0xff, 0x5}, {0x2, 0xb15ce2d, 0x80000001, 0xbeab, 0x8, 0x5}, {0x3, 0x8, 0x3, 0x7, 0x8, 0x4}, {0xfff, 0x9, 0x6, 0x3, 0x100, 0x57}, {0x9, 0x5, 0x4, 0x3, 0xa, 0x2}, {0xb3, 0xe, 0x3, 0x8000, 0x7, 0x9}, {0xff, 0x7, 0x5, 0x10001, 0x6, 0x6}, {0x2, 0x8f, 0x9, 0xffffff46, 0x4, 0x80000000}, {0x9, 0x2, 0xfffffffc, 0x1, 0xd50, 0x3}, {0xd203, 0x7, 0x1, 0x10000, 0x43, 0x1ff}, {0x4, 0x3ff, 0xffffffff, 0x1, 0x5, 0x100}, {0x1ff, 0x3, 0x7ff, 0xfffffff8, 0x1ff, 0xfffffffc}, {0x7, 0x9, 0x3ff, 0x1, 0x7, 0x4}, {0x0, 0x6, 0x0, 0x9, 0xffff0001, 0xcca}, {0x7, 0x1, 0xfffffff1, 0x3ff, 0x100, 0x4}, {0x3, 0x9, 0x0, 0xed4, 0x4, 0x6}, {0x9, 0x7, 0x8001, 0x7, 0x7, 0x2}, {0x3, 0xfff, 0x9, 0x5, 0xb5, 0x3}, {0x0, 0x1, 0x1, 0x5, 0xffffff01, 0xfff}, {0x7, 0x5, 0x2, 0x2, 0x0, 0xfffff9de}, {0x5, 0xffffffff, 0xe6b, 0xb, 0xb, 0x4}, {0x1d, 0xffffff10, 0x1, 0x2, 0xff, 0x52e2}, {0x0, 0x9, 0x0, 0x7, 0xdb, 0x5}, {0x7, 0x2, 0x9, 0x8, 0xa, 0x100}, {0x81, 0x4, 0x988, 0x0, 0x0, 0x7}, {0xdc03, 0x7, 0x402c, 0xffff, 0xfffffff9, 0x4}, {0xa, 0xfffffffe, 0x1, 0x1ff, 0x1ff, 0xc1b5}, {0xa24b, 0x947d, 0x3, 0x4, 0x80000000, 0x2}, {0x9, 0x401, 0xa89, 0x5ef, 0x9, 0x8}, {0x4, 0x7fff, 0x0, 0x4, 0x7fffffff}, {0x3, 0xb8c, 0x6, 0x21761f6a, 0x1, 0x6}, {0xfff, 0xda, 0x1f, 0x4, 0x8, 0x2}, {0x8, 0x10, 0x0, 0x0, 0xfffffff7, 0x43}, {0xfffff000, 0x8, 0xe96, 0x9, 0x9, 0x34b0}, {0x4, 0x8, 0x8, 0x3, 0x6cf4, 0x1}, {0x3, 0x3, 0x7, 0x4, 0xbe, 0x81}, {0x4, 0x800, 0x0, 0x5, 0x8, 0xfa2f}, {0x3, 0x8d, 0x81, 0x2, 0x8, 0x6}, {0x9, 0x2, 0x6, 0x4, 0xf, 0x5}, {0x100, 0x1, 0x2, 0xffffffff, 0x9, 0x74}, {0x4, 0x4, 0x8, 0x1, 0x0, 0x3}, {0xfffffff8, 0x7, 0xffffffff, 0x62f, 0x401, 0x30564e0}, {0x9a2f, 0x800, 0x8, 0x7, 0x7}, {0x20000006, 0x2, 0x800, 0x200, 0x9, 0x3}, {0x7, 0x6, 0x8936, 0xdcb, 0x0, 0x2}, {0x6, 0x80000000, 0x8, 0xe, 0xfffffffa, 0x8de3}, {0x0, 0x9, 0x8, 0xfff, 0x6, 0x1ff}, {0x8195, 0x2, 0x1000}, {0x1, 0x5, 0xff, 0x9e0f, 0x5, 0x6}, {0x7fff, 0x6, 0x0, 0x5, 0x8000, 0x3}, {0x7ff, 0x9, 0xa, 0x6, 0x7, 0xe77}, {0x1, 0x5e12, 0x3, 0xfffffffa, 0x2, 0x80000001}, {0xffffff8c, 0x2, 0x1, 0x1, 0x10, 0x5}, {0x4, 0x7, 0x4, 0x78d, 0xffffcff9, 0x9}, {0x1, 0xe, 0x7, 0x2, 0x2, 0x207f}, {0x10, 0x5, 0xfffffffa, 0xff, 0x80000, 0xfff}, {0x1, 0x7ff, 0x696e, 0xa, 0x49d, 0xb}, {0x9bf4, 0x0, 0x5, 0x3, 0x3, 0x1000}], [{0x1, 0x1}, {0x2}, {0x5}, {0x2}, {0x2, 0x745e81639ff0f356}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x5}, {0x2}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0xa}, {0x3}, {0x3}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x4}, {0x4, 0x1}, {0x4}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x5, 0x3}, {0x4, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x6}, {0xa}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x4}, {0x5}, {0x3}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x2}, {0xb82e57098c7a44ef}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x4}, {0x3}, {0x3}, {0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x0, 0x1}, {0x5}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$kcm(r6, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r4, 0xc}, 0x80, &(0x7f0000002f40)}, 0x4)

7.527010879s ago: executing program 7 (id=3705):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f00000000c0)=@ethtool_gfeatures})

7.429039534s ago: executing program 7 (id=3706):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x8000203d})

7.428564764s ago: executing program 7 (id=3707):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x2eff, 0x0)

6.400745755s ago: executing program 7 (id=3709):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r2, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r5, &(0x7f00000004c0)=""/57, 0x39)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
dup(r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181014100000000010000000000000e000a000f00000002800200121f", 0x2e}], 0x1}, 0x20000010)

6.269940091s ago: executing program 6 (id=3711):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xffff, r0, 0x0}])
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x24000000)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

5.355209906s ago: executing program 3 (id=3718):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x801)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x670, 0x5, 0x478, 0x300, 0x0, 0xffffffff, 0x1a8, 0x1a8, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@uncond, 0x0, 0x160, 0x1a8, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xf, 'kmp\x00', "4801d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@addrtype={{0x30}, {0x0, 0x10, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x12, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv6=@rand_addr=' \x01\x00', @icmp_id=0x64, @icmp_id=0x68}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xa, 0x4, "ed481ca2c99b76ccda2879f6a12da5725ea2669d62d23b45710a851be124"}}}, {{@ip={@local, @remote, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @local, @empty, @gre_key=0x1, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@icmp={{0x28}, {0xc, '\x00', 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x2, @ipv4=@broadcast, @ipv4=@empty, @gre_key=0x3, @icmp_id=0x64}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4d8)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r5 = accept(r2, 0x0, 0x0)
shutdown(r5, 0x1)

5.27403864s ago: executing program 6 (id=3719):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000780)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18)
stat(&(0x7f0000006640)='./file0\x00', 0x0)
getpgid(0xffffffffffffffff)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000002140)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c392a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bc1c2745f5f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0xec4, 0xfffffffd, 0x14e, {0x0, 0x4, 0xfffffffffffffffe, 0x1, 0xd1, 0x2, 0x6, 0x2, 0x4, 0x2000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000006700), 0x0, 0x0)
gettid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000006740), &(0x7f0000006780)=0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000070c0)={<r2=>0x0}, &(0x7f0000007100)=0xc)
sendmmsg$unix(r0, &(0x7f0000007180)=[{{&(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000000)=[{&(0x7f0000000340)="8977cf1c41e263c523c4e0ca836ae7a59fb1f1dae932958f86e2a5978fa0d7886b94fcf5f5a044b3622f56efd1545817f32fd6", 0x33}], 0x1, 0x0, 0x0, 0x1}}, {{&(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000580)=[{&(0x7f00000004c0)="4824dad8327233dcc39b6fb77954acbfd1", 0x11}], 0x1, &(0x7f0000002800)=[@cred={{0x1c}}], 0x20, 0x10}}, {{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000002880)="e50a53f307950965bc292624cd56ebead1439cb072d26f3d0dae5f5b57d3728b7f401b9b8187d5e91dc89ded96862858f898a564f0a279e7bdb072bdf87864efe4bce6e3820d13139df5", 0x4a}], 0x1, 0x0, 0x0, 0x4008044}}, {{&(0x7f0000004d40)=@abs={0x0, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x8000}}, {{&(0x7f0000006240)=@abs={0x1, 0x0, 0x4e20}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80000}}, {{&(0x7f00000069c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000007000)=[{0x0}, {&(0x7f0000006b40)="59b0d26fef0311b82dc10b6577b7aeda7e7cb0347d6c3dd3ea9b43bc995d1bee5f2d2e54f259ecd4c962c5d01d8f994625b9ec10834923c7d79eb12392044051c64535ab2bd25a24699626c86882c1f1a5f8222b9d158e980642e6ed0bfac465cca648b8d3c463d7e07fe13e5dee5ba3a9a85e00ecd79ee7f6cb73feaf3352a06773767de6cee2e05b2d7d65ea0da65adf1184436eae1738f723645990c558184744754f551551fddb68eb469b66bf1155", 0xb1}, {&(0x7f0000006c40)="8017db6a7e49b03688bf875230b8f4ebbdeb0c505f85b7c8b54bc468635dae1f37f6ec5423fe49ed5c0e2a886839a1be3fae7e6df02afed6c55a8c60a6e5b160b6319f118f02240f7e0172af6c60ab25054e33d391e93880b54a559a1896059a7d073d1b1ff9e47b14fdbe79", 0x6c}, {&(0x7f0000006cc0)="ffdb67327661ca2d38b76434b03ae4f6060906afcce54706a39e590eeb0df73a5dd8059c2e35944d719b3aebf00dcda9ec635ef7bef58861bd57d0a0783517aaf550b50d446b6483d04602bf048de264dde4d8cab04d77b9987d1ade2e4368cd6d90a55b189ad68b8b6b7440dc11c6da5e7af96365e9e367b10c41d7169de02bb44956a7719232c47824634d7862f5673f7c01", 0x93}, {0x0}, {&(0x7f0000006e40)="9efe87e2854fd040e725ca999ec152d9e3462841550cafea7f749ecd0353304d72e490e2f7cac5cbc1eedfdc36215d5cbcd6b6e0214720ae31e7548d6fcf1c3ddd705ea2cfa9be86e9f288a68f740574634d580baa1e885af84bcae332a6e5f171a69b70ded8521671addf3387461661235321b0e25a275871237fd24d9cf6c50fee161c51e5a5425e57124dbe6128acb5e1b074aa0249b6a51f0d0ded3406aadecb37dbe0017dbbed4ca2", 0xab}], 0x6, &(0x7f0000007140)=[@cred={{0x1c, 0x1, 0x2, {r2, 0x0, 0xee00}}}], 0x20, 0x40001}}], 0x6, 0x4000001)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)

5.094621529s ago: executing program 3 (id=3720):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x1ff003, 0x3ff, 0x7f, 0x1}, 0x50)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x217, @time={0x65757100, 0x8000008}, 0x0, {}, 0x67, 0x2, 0x2})

5.009081093s ago: executing program 1 (id=3721):
setrlimit(0x7, &(0x7f0000000380)={0x1, 0x9})
memfd_secret(0x0)

4.764013676s ago: executing program 5 (id=3723):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r6, &(0x7f0000000040)=""/138, 0x8a)

4.708994378s ago: executing program 3 (id=3724):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

3.25092972s ago: executing program 3 (id=3725):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x23a2}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
mmap(&(0x7f0000491000/0x4000)=nil, 0x4000, 0x27ffff3, 0x13, 0xffffffffffffffff, 0x8572000)

2.877984208s ago: executing program 5 (id=3726):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a14000000020a010100000000000000000000000514000000020a01010000000000000000010000021400000011000100000000"], 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x4800)

2.809905632s ago: executing program 5 (id=3727):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r3=>0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}}, 0x18)
connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0xf0}, 0x1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.678276979s ago: executing program 6 (id=3728):
r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'syztnl2\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x29, 0x5, 0x8, 0x5, 0x40, @dev={0xfe, 0x80, '\x00', 0x21}, @remote, 0x8000, 0x40, 0x7, 0x3}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = dup(0xffffffffffffffff)
getsockname$packet(r4, 0x0, &(0x7f0000000140))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00'})
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x844)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'dummy0\x00'})
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x71f43, 0x20b}, [@IFLA_MASTER={0x8}, @IFLA_LINK={0x8}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000600)=@x86={0x6, 0x0, 0x8, 0x0, 0x4, 0x8, 0x6, 0xb, 0x83, 0xf, 0x5, 0xc, 0x0, 0x101, 0x29, 0x0, 0x0, 0x0, 0x0, '\x00', 0xff, 0xd})
clock_gettime(0x0, &(0x7f0000000380))
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x80)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_interrupt={0x1, {0xe, 0x1}, 0x2, 0xa2, &(0x7f0000000180)="459cb48d6094c2b2a73e7d314f6b75ceecc079601f2fad963647a2ac6f638ceb794f7f032da7112ccda38f626a5390e05d678f532e73d2c79f71817a7bda61cc22129259002a3c1604c864d1d3648613f01aea512236e6490509", 0x5a, 0xab, 0x1, 0x0, 0x80000005, 0xffff, 0x0})

2.64134154s ago: executing program 5 (id=3729):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1b1c, 0x1b27, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x70, 0xc9, "", [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x6, {0x9, 0x21, 0xfffc, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x2, 0x5, 0x58}}}}}]}}]}}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0})
syz_pidfd_open(0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_usb_control_io$rtl8150(r0, &(0x7f0000000240)={0x14, &(0x7f0000000080)={0x40, 0x31, 0x2, {0x2, 0x3}}, 0x0}, 0x0)

2.483036428s ago: executing program 6 (id=3730):
pipe2$9p(&(0x7f0000000080), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0})
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180))
ioprio_set$pid(0x3, 0x0, 0x4007)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCBRDELBR(r5, 0x89a3, &(0x7f0000000200)='bridge0\x00')
socket$inet6(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)

1.972638503s ago: executing program 1 (id=3731):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r5)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000009b40)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x1, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x2, 0x9, 0x4, 0x6}, 0x1, 0xfb}, [{0x2, 0x9c, 0x81, 0x6, 0x2, 0x7}, {0x1, 0x6, 0x4, 0x3, 0xfffffffd, 0x81}, {0x1, 0x80000001, 0x8, 0x101, 0x3}, {0x3, 0x9, 0x0, 0x7, 0x5, 0x4}, {0xf, 0x7, 0x9, 0x51, 0x8}, {0x3, 0x4, 0xc, 0x101, 0x3, 0x84b5}, {0x9c, 0x4, 0x9, 0x2, 0x487, 0x8}, {0x1, 0x10000, 0x5, 0x4, 0x3, 0x8000}, {0x7, 0x9, 0x1ff, 0x8, 0x2, 0x7fff}, {0x439356e7, 0x609, 0x16, 0x0, 0x10000, 0x6}, {0x5, 0x3, 0x8, 0x3, 0x0, 0xffffffff}, {0x5, 0x0, 0x7, 0x7, 0x8, 0x5}, {0x5, 0x8, 0x9, 0x5, 0xfffff000, 0x7}, {0x768d, 0xcd, 0x8, 0x7, 0x5, 0x9}, {0x1, 0xfffffffb, 0x6, 0x5, 0x7ff, 0x6}, {0xfffffffb, 0x3, 0xfffffffe, 0x6, 0x2}, {0xfffff9fd, 0x9, 0xa5f, 0xa, 0x5, 0x2}, {0xffff997c, 0x9, 0x167, 0x2, 0x71, 0xa2}, {0x5, 0x2, 0xc, 0x8, 0x9, 0x60}, {0x5, 0xa, 0x2, 0x4, 0x3, 0x2000}, {0x32d, 0x8, 0x7fff, 0x4, 0x8, 0x9}, {0x8, 0x200, 0x58fe, 0x7ff, 0x4, 0x3}, {0x101, 0xd, 0x101, 0x1, 0x3, 0x8}, {0x0, 0x3, 0x1ff, 0x7437ec78, 0x2, 0x9}, {0xffffffff, 0x1, 0x9, 0x0, 0x1, 0x4}, {0xc, 0xe, 0x0, 0x3, 0x8, 0x81}, {0x3, 0x3, 0x6, 0xe, 0x0, 0x80}, {0xd, 0x0, 0x7ff, 0x0, 0x80000000, 0x2}, {0x4, 0xb, 0x6c5f1878, 0x57c4, 0x8, 0x25ff}, {0x4, 0xd, 0x1fadd976, 0x3071, 0x0, 0x1}, {0x5, 0x800, 0x3, 0x3, 0x3, 0x9}, {0x9, 0x1ff, 0x81, 0x9c, 0x1, 0x5}, {0x9, 0xd76, 0x6, 0xdc2, 0xa16a, 0x2}, {0x1ff, 0x5, 0x7, 0x2, 0x2, 0x1}, {0x1, 0x32158140, 0x0, 0x8, 0x6, 0x7}, {0xe, 0x4, 0x9000, 0x5, 0x2, 0x7f}, {0x3, 0x2ec74d53, 0x0, 0x0, 0x8, 0x2}, {0x5, 0xfff, 0xffffff13, 0x6, 0x2, 0x6}, {0x1, 0x6, 0x3, 0x4, 0xffb, 0x9}, {0x6, 0x6, 0x1ff, 0x8, 0x7ff, 0x8001}, {0x4, 0xffffffff, 0x0, 0xfffff740, 0x4, 0x4}, {0xffff, 0x5, 0x7, 0xac, 0xf}, {0x5, 0x3, 0x6, 0x1000, 0xd8fe, 0x8001}, {0xd, 0x3, 0x80000000, 0x0, 0xffffff81, 0x7ff}, {0xfffffffb, 0x2, 0x1ff, 0xf9, 0xffff8001}, {0x0, 0x6, 0x8000, 0x9, 0x500, 0x7}, {0x1, 0xffffffff, 0x834, 0x7, 0x0, 0x3}, {0x7fff, 0x6, 0x0, 0x2, 0x2, 0x8}, {0xf61, 0x101, 0x9, 0x2, 0x80000000, 0x7fff}, {0xc7, 0x1, 0xad, 0x2, 0xffff, 0x20000000}, {0x0, 0x5, 0x1, 0xffff, 0x3, 0x3}, {0x8, 0x10001, 0x9f98, 0x1, 0x8, 0x66a}, {0xfff, 0x6, 0x8, 0x80000001, 0x0, 0x7f}, {0x8, 0x6, 0x7f, 0x5, 0x3, 0xb}, {0x4, 0x4b, 0x0, 0x1, 0x7f, 0x7fffffff}, {0xfff, 0x47e4, 0x1, 0x0, 0x80000001, 0x9}, {0x3, 0x9, 0x7, 0x6, 0x3e6b7592, 0xe5}, {0x9, 0x9, 0x1, 0x9, 0x0, 0x2}, {0x8, 0x80000001, 0x7fff, 0xb2d9, 0xfffffffe, 0x8}, {0x80000001, 0x9, 0x5202, 0x2, 0x53ce, 0x3}, {0xffffff81, 0x7, 0x8, 0x8, 0x7f, 0x80000000}, {0xfffffff9, 0x9, 0x6, 0x6, 0x9, 0x3}, {0xfffffffd, 0x8, 0x6, 0x5, 0x3, 0x8f}, {0x741, 0x0, 0x9, 0x7fffffff, 0x2, 0x200}, {0x401, 0x2, 0x8, 0x6, 0x4, 0xc6e9}, {0x1, 0x2d73, 0x3ff, 0x5, 0x9f17, 0xffffff7f}, {0x2, 0x401, 0x2b00, 0xfffff57b, 0xfffffc00, 0xd}, {0x3, 0x4, 0xc52b, 0x9, 0x5, 0xff}, {0x0, 0x4, 0x401, 0x0, 0x1, 0x9}, {0x8, 0x4, 0x1, 0x2, 0x10, 0x1}, {0xff, 0x8, 0x6, 0x5, 0xff, 0x5}, {0x2, 0xb15ce2d, 0x80000001, 0xbeab, 0x8, 0x5}, {0x3, 0x8, 0x3, 0x7, 0x8, 0x4}, {0xfff, 0x9, 0x6, 0x3, 0x100, 0x57}, {0x9, 0x5, 0x4, 0x3, 0xa, 0x2}, {0xb3, 0xe, 0x3, 0x8000, 0x7, 0x9}, {0xff, 0x7, 0x5, 0x10001, 0x6, 0x6}, {0x2, 0x8f, 0x9, 0xffffff46, 0x4, 0x80000000}, {0x9, 0x2, 0xfffffffc, 0x1, 0xd50, 0x3}, {0xd203, 0x7, 0x1, 0x10000, 0x43, 0x1ff}, {0x4, 0x3ff, 0xffffffff, 0x1, 0x5, 0x100}, {0x1ff, 0x3, 0x7ff, 0xfffffff8, 0x1ff, 0xfffffffc}, {0x7, 0x9, 0x3ff, 0x1, 0x7, 0x4}, {0x0, 0x6, 0x0, 0x9, 0xffff0001, 0xcca}, {0x7, 0x1, 0xfffffff1, 0x3ff, 0x100, 0x4}, {0x3, 0x9, 0x0, 0xed4, 0x4, 0x6}, {0x9, 0x7, 0x8001, 0x7, 0x7, 0x2}, {0x3, 0xfff, 0x9, 0x5, 0xb5, 0x3}, {0x0, 0x1, 0x1, 0x5, 0xffffff01, 0xfff}, {0x7, 0x5, 0x2, 0x2, 0x0, 0xfffff9de}, {0x5, 0xffffffff, 0xe6b, 0xb, 0xb, 0x4}, {0x1d, 0xffffff10, 0x1, 0x2, 0xff, 0x52e2}, {0x0, 0x9, 0x0, 0x7, 0xdb, 0x5}, {0x7, 0x2, 0x9, 0x8, 0xa, 0x100}, {0x81, 0x4, 0x988, 0x0, 0x0, 0x7}, {0xdc03, 0x7, 0x402c, 0xffff, 0xfffffff9, 0x4}, {0xa, 0xfffffffe, 0x1, 0x1ff, 0x1ff, 0xc1b5}, {0xa24b, 0x947d, 0x3, 0x4, 0x80000000, 0x2}, {0x9, 0x401, 0xa89, 0x5ef, 0x9, 0x8}, {0x4, 0x7fff, 0x0, 0x4, 0x7fffffff}, {0x3, 0xb8c, 0x6, 0x21761f6a, 0x1, 0x6}, {0xfff, 0xda, 0x1f, 0x4, 0x8, 0x2}, {0x8, 0x10, 0x0, 0x0, 0xfffffff7, 0x43}, {0xfffff000, 0x8, 0xe96, 0x9, 0x9, 0x34b0}, {0x4, 0x8, 0x8, 0x3, 0x6cf4, 0x1}, {0x3, 0x3, 0x7, 0x4, 0xbe, 0x81}, {0x4, 0x800, 0x0, 0x5, 0x8, 0xfa2f}, {0x3, 0x8d, 0x81, 0x2, 0x8, 0x6}, {0x9, 0x2, 0x6, 0x4, 0xf, 0x5}, {0x100, 0x1, 0x2, 0xffffffff, 0x9, 0x74}, {0x4, 0x4, 0x8, 0x1, 0x0, 0x3}, {0xfffffff8, 0x7, 0xffffffff, 0x62f, 0x401, 0x30564e0}, {0x9a2f, 0x800, 0x8, 0x7, 0x7}, {0x20000006, 0x2, 0x800, 0x200, 0x9, 0x3}, {0x7, 0x6, 0x8936, 0xdcb, 0x0, 0x2}, {0x6, 0x80000000, 0x8, 0xe, 0xfffffffa, 0x8de3}, {0x0, 0x9, 0x8, 0xfff, 0x6, 0x1ff}, {0x8195, 0x2, 0x1000}, {0x1, 0x5, 0xff, 0x9e0f, 0x5, 0x6}, {0x7fff, 0x6, 0x0, 0x5, 0x8000, 0x3}, {0x7ff, 0x9, 0xa, 0x6, 0x7, 0xe77}, {0x1, 0x5e12, 0x3, 0xfffffffa, 0x2, 0x80000001}, {0xffffff8c, 0x2, 0x1, 0x1, 0x10, 0x5}, {0x4, 0x7, 0x4, 0x78d, 0xffffcff9, 0x9}, {0x1, 0xe, 0x7, 0x2, 0x2, 0x207f}, {0x10, 0x5, 0xfffffffa, 0xff, 0x80000, 0xfff}, {0x1, 0x7ff, 0x696e, 0xa, 0x49d, 0xb}, {0x9bf4, 0x0, 0x5, 0x3, 0x3, 0x1000}], [{0x1, 0x1}, {0x2}, {0x5}, {0x2}, {0x2, 0x745e81639ff0f356}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x5}, {0x2}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0xa}, {0x3}, {0x3}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x4}, {0x4, 0x1}, {0x4}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x5, 0x3}, {0x4, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x6}, {0xa}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x4}, {0x5}, {0x3}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x2}, {0xb82e57098c7a44ef}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x4}, {0x3}, {0x3}, {0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x0, 0x1}, {0x5}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$kcm(r6, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r4, 0xc}, 0x80, &(0x7f0000002f40)=[{0x0}], 0x1}, 0x4)

1.064339158s ago: executing program 3 (id=3732):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
syz_emit_vhci(0x0, 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
unshare(0x6020400)
r3 = eventfd(0xff7ffff7)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r3, 0x82000000, 0x2, r3})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0xc800)
recvmmsg(r5, &(0x7f0000005180)=[{{&(0x7f0000000180)=@can, 0x80, &(0x7f0000000500)=[{&(0x7f0000000280)=""/16, 0x10}, {&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000440)=""/140, 0x8c}, {&(0x7f0000000580)=""/73, 0x49}, {&(0x7f0000000600)=""/99, 0x63}, {&(0x7f0000000840)=""/76, 0x4c}, {&(0x7f00000008c0)=""/149, 0x95}], 0x7, &(0x7f0000001040)=""/219, 0xdb}, 0x7ffffffc}, {{&(0x7f0000000f40)=@ax25={{0x3, @default}, [@remote, @bcast, @bcast, @bcast, @remote, @null, @rose, @rose]}, 0x80, &(0x7f0000003400)=[{&(0x7f0000000fc0)=""/115, 0x73}, {&(0x7f0000002080)=""/246, 0xf6}, {&(0x7f0000000680)=""/39, 0x27}, {&(0x7f0000000a80)=""/27, 0x1b}, {&(0x7f0000002180)=""/88, 0x58}, {&(0x7f0000002200)=""/130, 0x82}, {&(0x7f00000022c0)=""/57, 0x39}, {&(0x7f0000002300)=""/205, 0xcd}, {&(0x7f0000002400)=""/4096, 0x1000}], 0x9, &(0x7f0000003480)=""/149, 0x95}, 0x5}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f00000035c0)=""/212, 0xd4}, {&(0x7f00000036c0)}, {&(0x7f0000003700)}, {&(0x7f0000003740)=""/204, 0xcc}, {&(0x7f0000003840)=""/88, 0x58}], 0x5, &(0x7f0000000980)=""/200, 0xc8}, 0x40200}, {{&(0x7f0000003a00)=@ethernet={0x0, @link_local}, 0x80, &(0x7f00000036c0), 0x0, &(0x7f0000003e40)=""/112, 0x70}, 0x9}, {{&(0x7f0000003ec0)=@can, 0x80, &(0x7f0000005140)=[{&(0x7f0000003f40)=""/39, 0x27}, {&(0x7f0000003f80)=""/4094, 0xffe}, {&(0x7f00000006c0)=""/149, 0x95}, {&(0x7f0000005100)=""/4, 0x4}], 0x4}, 0x1}], 0x5, 0x20000fc0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000200))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x40070}, 0x0)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0)
openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000400)={0x2, @win={{0x0, 0x0, 0x47524247}, 0x0, 0x0, 0x0, 0x0, 0x0}})

1.046639489s ago: executing program 6 (id=3733):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x2, 0x7, 0x0, 0x3}}}}}}}, 0x0)
syz_emit_ethernet(0x53, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9e00", 0x1d, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x7, 0x2, 0xfffd, 0x0, 0x3, {[@exp_smc={0xfe, 0x6}]}}, {"c8"}}}}}}}, 0x0)

164.952162ms ago: executing program 5 (id=3734):
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfb}}, 0x7ffe}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b294a0fa62d", 0x11}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x8, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

105.940525ms ago: executing program 3 (id=3735):
socket(0xa, 0x3, 0x87)
socket$kcm(0x10, 0x2, 0x0)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
syz_usb_connect$cdc_ncm(0x0, 0x7a, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfd, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x3fd}}}]}, 0x3c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0xfffffffffffffdff, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x33822}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x5e}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)

16.885419ms ago: executing program 6 (id=3736):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r6, &(0x7f0000000040)=""/138, 0x8a)

0s ago: executing program 5 (id=3737):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

Bluetooth: hci5: command 0x040f tx timeout
[ 1133.219640][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1133.273868][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1133.345106][ T4470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1133.352314][ T4470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1133.434183][T15475] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1133.558551][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1133.635424][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1133.792074][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1133.916313][ T4470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1133.923562][ T4470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1133.967151][T15483] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2642'.
[ 1133.976925][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1134.002702][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1134.013139][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1134.022790][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1134.032400][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1134.042106][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1134.055057][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1134.064517][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1134.089704][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1134.265694][T15415] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1134.518973][T15415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1134.557934][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1134.618317][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1135.197602][   T23] Bluetooth: hci5: command 0x0419 tx timeout
[ 1135.406638][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1135.434702][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1135.460143][T15415] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1135.473514][T15498] loop4: detected capacity change from 0 to 40427
[ 1135.515775][T15498] F2FS-fs (loop4): invalid crc value
[ 1135.551206][T15498] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1135.708135][T15498] F2FS-fs (loop4): Start checkpoint disabled!
[ 1135.739942][T15498] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1135.825616][   T26] audit: type=1800 audit(2000000900.040:124): pid=15498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2646" name="SYSV00000000" dev="hugetlbfs" ino=20 res=0 errno=0
[ 1135.962309][   T26] audit: type=1800 audit(2000000900.170:125): pid=15514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2646" name="bus" dev="loop4" ino=10 res=0 errno=0
[ 1135.983139][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1136.128148][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1136.141452][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1136.182457][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1136.197019][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1136.228563][T15415] device veth0_vlan entered promiscuous mode
[ 1136.246866][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1136.278009][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1136.301973][T15415] device veth1_vlan entered promiscuous mode
[ 1136.406451][ T4265] attempt to access beyond end of device
[ 1136.406451][ T4265] loop4: rw=2049, want=40976, limit=40427
[ 1136.445755][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1136.583773][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1136.653661][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1136.700731][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1136.846427][T15415] device veth0_macvtap entered promiscuous mode
[ 1136.907575][T15415] device veth1_macvtap entered promiscuous mode
[ 1136.951539][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1136.969801][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1136.995795][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1137.010081][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.022551][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1137.039258][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.056770][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1137.072004][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.082320][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1137.101121][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.114796][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1137.144924][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.159142][T15415] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1137.169487][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1137.180845][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.190828][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1137.202996][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.213046][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1137.246929][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.349870][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1137.386366][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.414945][T15415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1137.464869][T15415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1137.514165][T15415] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1138.227874][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1138.260306][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1138.280374][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1138.308187][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1138.345158][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1138.368742][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1138.417507][T15415] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1138.426604][T15415] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1138.436186][T15415] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1138.449480][T15415] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1138.719516][T15536] loop4: detected capacity change from 0 to 64
[ 1138.879553][ T5399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1138.916940][ T5399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1139.097137][T11932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1139.438843][T15533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1140.041250][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1140.122017][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1140.185937][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1140.528264][T15550] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 1140.546865][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1142.494263][T15559] vivid-001: =================  START STATUS  =================
[ 1142.501990][T15559] vivid-001: Generate PTS: true
[ 1142.506898][T15559] vivid-001: Generate SCR: true
[ 1142.511853][T15559] tpg source WxH: 720x576 (Y'CbCr)
[ 1142.517108][T15559] tpg field: 4
[ 1142.520504][T15559] tpg crop: 720x576@0x0
[ 1142.524736][T15559] tpg compose: 720x576@0x0
[ 1142.529329][T15559] tpg colorspace: 1
[ 1142.533112][T15559] tpg transfer function: 0/0
[ 1142.537700][T15559] tpg Y'CbCr encoding: 0/0
[ 1142.542097][T15559] tpg quantization: 0/0
[ 1142.546319][T15559] tpg RGB range: 0/2
[ 1142.550224][T15559] vivid-001: ==================  END STATUS  ==================
[ 1146.028542][T15575] loop5: detected capacity change from 0 to 65536
[ 1146.146107][T15576] loop0: detected capacity change from 0 to 64
[ 1146.542538][T15580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1146.570394][T15580] loop3: detected capacity change from 0 to 64
[ 1147.877287][T15579] vivid-002: kernel_thread() failed
[ 1148.166202][T15575] XFS (loop5): Mounting V5 Filesystem
[ 1148.190108][T15573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1148.619667][T15575] XFS (loop5): Ending clean mount
[ 1148.632088][T15575] XFS (loop5): Quotacheck needed: Please wait.
[ 1149.047465][T15575] XFS (loop5): Quotacheck: Done.
[ 1149.065533][T15575] XFS (loop5): Unmounting Filesystem
[ 1150.816179][T15597] loop0: detected capacity change from 0 to 32768
[ 1151.008543][T15597] XFS (loop0): Mounting V5 Filesystem
[ 1151.100354][T15597] XFS (loop0): Ending clean mount
[ 1151.108137][T15597] XFS (loop0): Quotacheck needed: Please wait.
[ 1151.228888][T15597] XFS (loop0): Quotacheck: Done.
[ 1152.046810][ T4186] XFS (loop0): Unmounting Filesystem
[ 1152.643469][T15617] vivid-001: =================  START STATUS  =================
[ 1152.651311][T15617] vivid-001: Generate PTS: true
[ 1152.656359][T15617] vivid-001: Generate SCR: true
[ 1152.661439][T15617] tpg source WxH: 720x576 (Y'CbCr)
[ 1152.666627][T15617] tpg field: 4
[ 1152.670108][T15617] tpg crop: 720x576@0x0
[ 1152.674523][T15617] tpg compose: 720x576@0x0
[ 1152.679486][T15617] tpg colorspace: 1
[ 1152.683350][T15617] tpg transfer function: 0/0
[ 1152.688031][T15617] tpg Y'CbCr encoding: 0/0
[ 1152.692505][T15617] tpg quantization: 0/0
[ 1152.696730][T15617] tpg RGB range: 0/2
[ 1152.700772][T15617] vivid-001: ==================  END STATUS  ==================
[ 1154.893280][T15633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1154.914153][T15633] loop4: detected capacity change from 0 to 64
[ 1158.179610][T15647] loop4: detected capacity change from 0 to 65536
[ 1158.326029][T15647] XFS (loop4): Mounting V5 Filesystem
[ 1161.445082][T15647] XFS (loop4): Ending clean mount
[ 1161.459892][T15647] XFS (loop4): Quotacheck needed: Please wait.
[ 1161.719899][T15647] XFS (loop4): Quotacheck: Done.
[ 1161.756070][ T4185] XFS (loop4): Unmounting Filesystem
[ 1164.283140][T15689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1164.303792][T15689] loop5: detected capacity change from 0 to 64
[ 1165.176759][T15698] loop2: detected capacity change from 0 to 7
[ 1165.196993][T15698] Dev loop2: unable to read RDB block 7
[ 1165.204587][T15698]  loop2: AHDI p1 p2
[ 1165.236603][T15698] loop2: partition table partially beyond EOD, truncated
[ 1165.251632][T15698] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1165.566215][ T8433] udevd[8433]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[ 1165.944078][T15705] tipc: Started in network mode
[ 1165.962789][T15705] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1166.257771][T15705] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1166.976034][T15705] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1167.545221][T15713] loop0: detected capacity change from 0 to 65536
[ 1167.576972][T15707] loop3: detected capacity change from 0 to 2048
[ 1167.633047][T15707] hpfs: bad mount options.
[ 1167.715441][T15713] XFS (loop0): Mounting V5 Filesystem
[ 1167.765776][T15713] XFS (loop0): Ending clean mount
[ 1167.775394][T15713] XFS (loop0): Quotacheck needed: Please wait.
[ 1167.844667][T15713] XFS (loop0): Quotacheck: Done.
[ 1168.233589][ T4230] tipc: Node number set to 1
[ 1168.638430][ T4186] XFS (loop0): Unmounting Filesystem
[ 1170.164231][T15715] loop4: detected capacity change from 0 to 40427
[ 1170.389401][T15715] F2FS-fs (loop4): invalid crc value
[ 1170.399853][T15715] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1170.481538][T15715] F2FS-fs (loop4): Start checkpoint disabled!
[ 1170.508312][T15715] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1172.141896][T15758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1172.166849][T15758] loop0: detected capacity change from 0 to 64
[ 1174.756950][T15775] loop0: detected capacity change from 0 to 65536
[ 1174.786060][T15775] XFS (loop0): Mounting V5 Filesystem
[ 1174.886351][T15775] XFS (loop0): Ending clean mount
[ 1174.892962][T15775] XFS (loop0): Quotacheck needed: Please wait.
[ 1175.248873][T15775] XFS (loop0): Quotacheck: Done.
[ 1177.746255][ T4186] XFS (loop0): Unmounting Filesystem
[ 1177.766274][T15800] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[ 1177.775952][T15800] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[ 1177.786187][T15800] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1179.401976][ T5431] kernel write not supported for file /snd/midiC2D0 (pid: 5431 comm: kworker/0:12)
[ 1179.937470][ T5435] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1180.069874][T15814] loop4: detected capacity change from 0 to 40427
[ 1180.277424][ T5435] usb 6-1: Using ep0 maxpacket: 32
[ 1180.313304][T15832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1180.335328][T15832] loop3: detected capacity change from 0 to 64
[ 1181.527676][ T5435] usb 6-1: config 0 has no interfaces?
[ 1181.907815][ T5435] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1181.946669][ T5435] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.964025][ T5435] usb 6-1: Product: syz
[ 1181.977413][ T5435] usb 6-1: Manufacturer: syz
[ 1181.982368][ T5435] usb 6-1: SerialNumber: syz
[ 1182.017030][ T5435] usb 6-1: config 0 descriptor??
[ 1182.308544][ T5431] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[ 1182.400650][T15796] usb 6-1: USB disconnect, device number 2
[ 1182.719353][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.733915][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1183.849090][T15861] device syzkaller0 entered promiscuous mode
[ 1183.867431][ T5431] usb 1-1: device descriptor read/64, error -71
[ 1184.160475][ T5431] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 1184.367498][ T5431] usb 1-1: device descriptor read/64, error -71
[ 1184.550504][T15870] loop5: detected capacity change from 0 to 40427
[ 1184.602654][T15870] F2FS-fs (loop5): invalid crc value
[ 1184.679262][T15870] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1184.696332][T15872] loop3: detected capacity change from 0 to 40427
[ 1184.703682][ T5431] usb usb1-port1: attempt power cycle
[ 1184.720324][T15870] F2FS-fs (loop5): Start checkpoint disabled!
[ 1184.757537][T15870] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1184.801405][   T26] audit: type=1800 audit(2000000949.020:126): pid=15870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2735" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1184.894530][T15872] F2FS-fs (loop3): invalid crc value
[ 1184.915853][T15872] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1184.943257][T15872] F2FS-fs (loop3): Start checkpoint disabled!
[ 1184.953574][T15872] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1185.137423][ T5431] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[ 1185.317887][   T26] audit: type=1800 audit(2000000949.130:127): pid=15870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2735" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1185.377536][ T5431] usb 1-1: device descriptor read/8, error -71
[ 1185.439472][   T26] audit: type=1800 audit(2000000949.210:128): pid=15872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2736" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1185.555297][T15867] chnl_net:caif_netlink_parms(): no params data found
[ 1185.778114][   T26] audit: type=1800 audit(2000000949.300:129): pid=15878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2736" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1185.782729][ T4425] attempt to access beyond end of device
[ 1185.782729][ T4425] loop5: rw=2049, want=40976, limit=40427
[ 1185.928797][  T522] attempt to access beyond end of device
[ 1185.928797][  T522] loop3: rw=2049, want=40976, limit=40427
[ 1185.953832][T15867] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1185.997781][T15867] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1186.028739][T15867] device bridge_slave_0 entered promiscuous mode
[ 1186.131179][T15867] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1186.141466][T15867] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.194811][T15867] device bridge_slave_1 entered promiscuous mode
[ 1186.273836][T15867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1186.323057][T15867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1186.438373][T15867] team0: Port device team_slave_0 added
[ 1186.480659][T15867] team0: Port device team_slave_1 added
[ 1186.566247][T15867] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1186.588304][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.646092][T15867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1186.669520][T15867] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1186.676663][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.703021][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1186.757415][T15867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1186.817446][ T4645] Bluetooth: hci4: command 0x0409 tx timeout
[ 1186.863074][T15867] device hsr_slave_0 entered promiscuous mode
[ 1186.874282][T15867] device hsr_slave_1 entered promiscuous mode
[ 1186.944400][T15867] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1186.972905][T15867] Cannot create hsr debugfs directory
[ 1187.044084][T15902] loop5: detected capacity change from 0 to 40427
[ 1187.347446][T15902] F2FS-fs (loop5): invalid crc value
[ 1187.361317][T15914] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[ 1187.371346][T15914] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[ 1187.381054][T15914] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1187.425215][T15902] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1187.578394][T15918] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[ 1187.611446][T15902] F2FS-fs (loop5): Start checkpoint disabled!
[ 1187.647465][T15902] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1187.827525][   T26] audit: type=1800 audit(2000000951.980:130): pid=15921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2738" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1188.243946][   T26] audit: type=1800 audit(2000000952.460:131): pid=15922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2738" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1188.244000][T15918] SQUASHFS error: Failed to read block 0x0: -5
[ 1188.482514][T15867] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1188.584494][T15867] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1188.634434][T15925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1188.646946][T15925] loop3: detected capacity change from 0 to 64
[ 1188.664239][ T4425] attempt to access beyond end of device
[ 1188.664239][ T4425] loop5: rw=2049, want=40976, limit=40427
[ 1188.815082][T15867] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1188.887591][ T4261] Bluetooth: hci4: command 0x041b tx timeout
[ 1188.960018][T15867] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1189.190473][T15867] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1189.203508][T15867] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1189.228198][T15867] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1189.248474][T15867] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1189.390943][T15943] loop5: detected capacity change from 0 to 40427
[ 1189.465966][T15943] F2FS-fs (loop5): invalid crc value
[ 1189.485267][T15943] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1189.532239][T15943] F2FS-fs (loop5): Start checkpoint disabled!
[ 1189.568625][T15943] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1189.586859][   T26] audit: type=1800 audit(2000000953.800:132): pid=15943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2747" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[ 1189.650181][   T26] audit: type=1800 audit(2000000953.830:133): pid=15943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2747" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1189.670537][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1189.747229][T15867] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1189.780345][T13421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1189.803276][T13421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1189.813720][    T9] attempt to access beyond end of device
[ 1189.813720][    T9] loop5: rw=2049, want=40976, limit=40427
[ 1189.834641][T15867] 8021q: adding VLAN 0 to HW filter on device team0
[ 1189.842059][ T4230] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 1189.863555][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1189.876027][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1189.885188][  T240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1189.892441][  T240] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1189.926933][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1189.945647][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1189.979908][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1190.035404][  T240] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1190.042575][  T240] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1190.047491][ T4230] usb 1-1: device descriptor read/64, error -71
[ 1190.096006][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1190.135281][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1190.155475][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1190.198771][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1190.213031][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1190.229824][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1190.256605][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1190.275383][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1190.327563][ T4230] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 1190.581228][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1190.590899][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1190.600158][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1190.609950][T15867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1190.817847][ T4230] usb 1-1: device descriptor read/64, error -71
[ 1190.868136][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1190.887824][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1190.924701][T15992] device syzkaller0 entered promiscuous mode
[ 1190.936366][T15867] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1190.947699][ T4230] usb usb1-port1: attempt power cycle
[ 1190.957471][ T4261] Bluetooth: hci4: command 0x040f tx timeout
[ 1191.336700][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1191.346860][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1191.375473][ T4230] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 1191.387219][T15867] device veth0_vlan entered promiscuous mode
[ 1191.404627][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1191.417228][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1191.419842][T16002] loop3: detected capacity change from 0 to 40427
[ 1191.444786][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1191.456027][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1191.595838][T16002] F2FS-fs (loop3): invalid crc value
[ 1191.793655][T16002] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1191.852613][T16002] F2FS-fs (loop3): Start checkpoint disabled!
[ 1192.041168][T15867] device veth1_vlan entered promiscuous mode
[ 1192.066231][T15867] device veth0_macvtap entered promiscuous mode
[ 1192.076366][T15867] device veth1_macvtap entered promiscuous mode
[ 1192.084733][ T4230] usb 1-1: device descriptor read/8, error -71
[ 1192.112721][T16002] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1192.357468][ T4230] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[ 1192.733234][   T26] audit: type=1800 audit(2000000956.950:134): pid=16002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2756" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[ 1192.753957][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1192.765671][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1192.800264][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1192.823052][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1192.832046][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1192.840693][   T26] audit: type=1800 audit(2000000957.000:135): pid=16002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2756" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1192.862195][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1192.871183][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1193.018752][T16014] loop0: detected capacity change from 0 to 40427
[ 1193.028052][ T4230] usb 1-1: device not accepting address 18, error -71
[ 1193.041134][T15692] Bluetooth: hci4: command 0x0419 tx timeout
[ 1193.048137][ T4230] usb usb1-port1: unable to enumerate USB device
[ 1193.067140][T16014] F2FS-fs (loop0): invalid crc value
[ 1193.080949][T16011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1193.092497][T16011] loop5: detected capacity change from 0 to 64
[ 1193.117555][T16014] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1193.150582][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.162502][T16014] F2FS-fs (loop0): Start checkpoint disabled!
[ 1193.173930][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.184332][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.195335][T16014] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1193.213194][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.223491][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.234237][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.245633][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.248938][   T26] audit: type=1800 audit(2000000957.470:136): pid=16012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2759" name="bus" dev="loop0" ino=10 res=0 errno=0
[ 1193.257021][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.337546][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.343731][ T4470] attempt to access beyond end of device
[ 1193.343731][ T4470] loop3: rw=2049, want=40976, limit=40427
[ 1193.367655][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.385872][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.396750][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.417737][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.444944][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.465906][T15867] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1193.478378][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1193.496534][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1193.512357][ T4470] attempt to access beyond end of device
[ 1193.512357][ T4470] loop0: rw=2049, want=40976, limit=40427
[ 1193.515911][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.578855][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.599379][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.623944][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.642459][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.659194][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.677787][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.689015][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.699411][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.710473][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.721402][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.733012][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.744671][T15867] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1193.939933][T16019] loop3: detected capacity change from 0 to 65536
[ 1193.955551][T15867] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.966258][T15867] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.984836][T15867] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.994198][T15867] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1194.007558][T13421] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1194.017041][T13421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1194.144397][T16019] XFS (loop3): Mounting V5 Filesystem
[ 1194.307739][T13421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1194.359867][T13421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1194.405940][T16019] XFS (loop3): Ending clean mount
[ 1194.413452][T16019] XFS (loop3): Quotacheck needed: Please wait.
[ 1194.505946][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1194.562942][ T5399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1194.604613][ T5399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1194.620367][T16019] XFS (loop3): Quotacheck: Done.
[ 1194.835402][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1195.390053][T15281] XFS (loop3): Unmounting Filesystem
[ 1195.512018][T16051] 9pnet_virtio: no channels available for device syz
[ 1195.676100][T16052] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1196.181743][T16049] device syzkaller0 entered promiscuous mode
[ 1197.587533][ T4261] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 1198.018833][ T4261] usb 1-1: device descriptor read/64, error -71
[ 1199.755670][T16069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1199.768954][T16069] loop3: detected capacity change from 0 to 64
[ 1199.775746][ T4261] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[ 1199.967448][ T4261] usb 1-1: device descriptor read/64, error -71
[ 1200.087581][ T4261] usb usb1-port1: attempt power cycle
[ 1200.497440][ T4261] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1201.527593][ T4261] usb 1-1: device descriptor read/8, error -71
[ 1201.547576][T16098] device syzkaller0 entered promiscuous mode
[ 1206.117660][    T7] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 1206.617615][    T7] usb 4-1: device descriptor read/64, error -71
[ 1206.921937][    T7] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[ 1209.052250][    T7] usb 4-1: device descriptor read/64, error -71
[ 1209.086063][T16148] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.2792'.
[ 1209.195183][    T7] usb usb4-port1: attempt power cycle
[ 1211.487604][T16175] 9pnet_virtio: no channels available for device syz
[ 1213.074079][ T4261] Bluetooth: hci1: command 0x0409 tx timeout
[ 1213.702722][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.742612][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.783545][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.864822][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.878803][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.893332][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.911339][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.923929][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1213.938621][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2801'.
[ 1214.122941][T16172] chnl_net:caif_netlink_parms(): no params data found
[ 1214.852145][T16172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1214.880967][T16172] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1214.891714][T16172] device bridge_slave_0 entered promiscuous mode
[ 1214.900642][T16172] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1214.907894][T16172] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1214.916277][T16172] device bridge_slave_1 entered promiscuous mode
[ 1214.942174][T16210] netlink: 'syz.4.2805': attribute type 72 has an invalid length.
[ 1214.952299][T16172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1214.965672][T16172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1215.451504][T16172] team0: Port device team_slave_0 added
[ 1215.520142][T15692] Bluetooth: hci1: command 0x041b tx timeout
[ 1215.817610][T16172] team0: Port device team_slave_1 added
[ 1215.957606][T16172] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1215.985332][T16172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1216.198069][T16172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1216.234990][T16172] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1216.242090][T16172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1216.347378][T16172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1216.477179][T16172] device hsr_slave_0 entered promiscuous mode
[ 1216.494892][T16172] device hsr_slave_1 entered promiscuous mode
[ 1216.512252][T16172] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1216.540259][T16172] Cannot create hsr debugfs directory
[ 1216.850056][T16172] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1216.921456][T16172] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1217.597540][ T4191] Bluetooth: hci1: command 0x040f tx timeout
[ 1218.498183][T16172] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.746230][T16243] 9pnet_virtio: no channels available for device syz
[ 1219.498685][T16172] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1220.504540][ T4260] Bluetooth: hci1: command 0x0419 tx timeout
[ 1221.561969][T16172] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1221.585470][T16172] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1221.656311][T16172] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1222.521519][T16172] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1222.925848][T16172] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1222.956762][T16276] __nla_validate_parse: 45 callbacks suppressed
[ 1222.956805][T16276] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2821'.
[ 1223.523083][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1223.693084][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1223.719494][T16172] 8021q: adding VLAN 0 to HW filter on device team0
[ 1223.761120][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1223.780316][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1223.806694][ T4267] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1223.813992][ T4267] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1223.845097][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1223.882675][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1223.902318][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1223.941598][ T4480] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1223.948751][ T4480] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1223.966856][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1223.990800][T16290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1224.038239][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1224.118458][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1224.155067][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1224.180464][T16283] tipc: Disabling bearer <eth:syzkaller0>
[ 1224.223630][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1224.236574][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1224.262253][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1224.354653][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1224.393028][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1225.738424][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1226.594336][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1226.608118][T16172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1226.626267][T16297] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[ 1226.635880][T16297] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[ 1226.645763][T16297] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1226.774719][T16306] netlink: 'syz.5.2828': attribute type 72 has an invalid length.
[ 1227.044586][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1227.059013][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1227.086456][T16172] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1227.139717][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1227.155651][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1227.287893][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1227.484174][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1227.947982][T16321] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2832'.
[ 1227.996220][T16172] device veth0_vlan entered promiscuous mode
[ 1228.018164][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1228.028954][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1228.084610][T16172] device veth1_vlan entered promiscuous mode
[ 1228.158584][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1228.198609][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1228.207544][ T4230] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1228.262995][T16172] device veth0_macvtap entered promiscuous mode
[ 1228.285078][T16172] device veth1_macvtap entered promiscuous mode
[ 1228.304848][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.315596][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.327412][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.339672][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.350098][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.361419][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.374093][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.396137][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.407617][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.418538][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.429046][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.447587][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.464359][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.476105][ T4230] usb 4-1: Using ep0 maxpacket: 8
[ 1228.507417][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.578433][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1228.597713][ T4230] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1228.625951][ T4230] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1228.651642][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.665400][ T4230] usb 4-1: config 0 has no interface number 0
[ 1228.692906][ T4230] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1228.713697][T16172] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1228.753459][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1228.780742][ T4230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1228.794172][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1228.834394][ T4230] usb 4-1: config 0 descriptor??
[ 1228.842697][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1228.872249][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1228.902094][ T4230] ldusb 4-1:0.55: Interrupt in endpoint not found
[ 1228.928831][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1228.951161][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.974395][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1228.986372][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1228.996613][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1229.007663][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1229.017577][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1229.035725][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1229.067489][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1229.088641][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1229.108052][ T5435] usb 4-1: USB disconnect, device number 12
[ 1229.124960][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1229.136828][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1229.147459][T16172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1229.158715][T16172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1229.170068][T16172] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1229.179931][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1230.246824][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1230.258643][T16172] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1230.298024][T16172] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1230.340337][T16172] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1230.367919][T16172] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1230.578512][ T4480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1230.599141][T16337] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[ 1230.609064][T16337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[ 1230.618934][T16337] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1230.631292][ T4480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1230.641888][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1230.800438][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1230.821318][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1230.883365][ T5399] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1230.911258][T15692] Bluetooth: hci3: command 0x0406 tx timeout
[ 1231.019078][T16354] tipc: Started in network mode
[ 1231.024353][T16354] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1231.038481][T16354] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1231.047068][T16354] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1231.090723][T16350] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1231.162435][T16356] 9pnet_virtio: no channels available for device syz
[ 1231.192452][T16356] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1231.201735][T16356] overlayfs: overlapping lowerdir path
[ 1231.712118][T16354] loop0: detected capacity change from 0 to 2048
[ 1232.223396][    T7] tipc: Node number set to 1
[ 1232.251231][T16354] hpfs: bad mount options.
[ 1234.395114][T16373] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.2850'.
[ 1234.567210][ T4227] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1234.679575][T16380] loop5: detected capacity change from 0 to 7
[ 1234.701641][ T8433]  loop5:
[ 1234.704957][ T8433] loop5: partition table partially beyond EOD, truncated
[ 1234.827506][ T4227] usb 1-1: Using ep0 maxpacket: 8
[ 1234.867611][ T4227] usb 1-1: no configurations
[ 1234.872531][ T4227] usb 1-1: can't read configurations, error -22
[ 1235.037777][ T4227] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1235.873886][T16380]  loop5:
[ 1235.887535][T16380] loop5: partition table partially beyond EOD, truncated
[ 1236.052441][T16386] device syzkaller0 entered promiscuous mode
[ 1236.187644][ T4227] usb 1-1: device not accepting address 24, error -71
[ 1236.225027][ T4227] usb usb1-port1: attempt power cycle
[ 1236.235160][T16395] tipc: Started in network mode
[ 1236.253677][T16395] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1236.322379][T16396] 9pnet_virtio: no channels available for device syz
[ 1236.511432][T16395] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1236.565811][T16395] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1236.974789][T16405] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2861'.
[ 1237.051103][T16395] loop4: detected capacity change from 0 to 2048
[ 1237.269702][T16395] hpfs: bad mount options.
[ 1238.186951][ T4232] tipc: Node number set to 1
[ 1238.500148][T16414] loop3: detected capacity change from 0 to 40427
[ 1238.530876][T16414] F2FS-fs (loop3): invalid crc value
[ 1238.568344][T16414] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1238.602124][T16414] F2FS-fs (loop3): Start checkpoint disabled!
[ 1238.648376][T16414] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1239.096322][   T26] audit: type=1800 audit(2000001003.310:137): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2864" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[ 1239.117352][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1240.799995][   T26] audit: type=1800 audit(2000001003.520:138): pid=16419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2864" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1240.895969][ T4425] attempt to access beyond end of device
[ 1240.895969][ T4425] loop3: rw=2049, want=40976, limit=40427
[ 1240.996035][T16434] device syzkaller0 entered promiscuous mode
[ 1241.259969][T16439] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1241.420603][T16439] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1241.458636][T16445] device syzkaller0 entered promiscuous mode
[ 1241.544850][T16439] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1241.654368][T16439] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1242.044750][T16439] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.096660][T16439] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.143638][T16439] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.210435][T16439] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.225469][T16449] program syz.0.2876 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1244.161237][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.168492][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1247.817198][T16477] device syzkaller0 entered promiscuous mode
[ 1249.324662][T16489] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[ 1249.338184][T16489] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1249.665745][T16496] loop3: detected capacity change from 0 to 40427
[ 1249.765577][T16496] F2FS-fs (loop3): invalid crc value
[ 1249.779649][T16496] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1249.823557][T16496] F2FS-fs (loop3): Start checkpoint disabled!
[ 1249.830533][ T4645] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1249.857446][T16496] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1249.885582][   T26] audit: type=1800 audit(2000001014.100:139): pid=16496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2892" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0
[ 1250.048226][   T26] audit: type=1800 audit(2000001014.260:140): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2892" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1251.261790][ T4645] usb 1-1: Using ep0 maxpacket: 8
[ 1251.307535][ T4645] usb 1-1: no configurations
[ 1251.312652][ T4645] usb 1-1: can't read configurations, error -22
[ 1251.351492][T16513] attempt to access beyond end of device
[ 1251.351492][T16513] loop3: rw=2049, want=40976, limit=40427
[ 1251.363188][ T4261] Bluetooth: hci5: command 0x0406 tx timeout
[ 1251.478043][ T4645] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1251.877411][ T4645] usb 1-1: Using ep0 maxpacket: 8
[ 1251.917699][ T4645] usb 1-1: no configurations
[ 1251.922681][ T4645] usb 1-1: can't read configurations, error -22
[ 1251.937761][ T4645] usb usb1-port1: attempt power cycle
[ 1252.072100][T16532] binder: 16530:16532 ioctl 40046205 0 returned -22
[ 1252.414545][ T4645] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1252.566341][ T4645] usb 1-1: device descriptor read/8, error -71
[ 1257.972515][ T4260] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1258.377416][ T4260] usb 4-1: Using ep0 maxpacket: 8
[ 1259.341638][T16585] 9pnet_virtio: no channels available for device syz
[ 1259.383687][T16585] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1259.465307][T16585] overlayfs: failed to look up (tracing) for ino (-66)
[ 1259.513904][ T4260] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1260.372445][ T4260] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1260.422633][ T4260] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1260.464683][ T4260] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.522977][ T4260] usb 4-1: config 0 descriptor??
[ 1260.577538][ T4260] usb 4-1: can't set config #0, error -71
[ 1260.607807][ T4260] usb 4-1: USB disconnect, device number 13
[ 1262.349632][T16623] kvm: apic: phys broadcast and lowest prio
[ 1262.524568][T16618] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1262.698390][T16618] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1262.827450][T16627] loop4: detected capacity change from 0 to 40427
[ 1262.973343][T16627] F2FS-fs (loop4): invalid crc value
[ 1262.987006][T16627] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1262.987449][ T4227] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1263.018176][T16627] F2FS-fs (loop4): Start checkpoint disabled!
[ 1263.040049][T16627] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1263.161379][   T26] audit: type=1800 audit(2000001027.380:141): pid=16634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2929" name="bus" dev="loop4" ino=10 res=0 errno=0
[ 1263.337462][ T4227] usb 6-1: Using ep0 maxpacket: 32
[ 1263.647671][ T4227] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1263.667666][ T4227] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1263.838832][ T4480] attempt to access beyond end of device
[ 1263.838832][ T4480] loop4: rw=2049, want=40976, limit=40427
[ 1265.321353][ T4227] usb 6-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.40
[ 1265.347451][ T4227] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1265.355752][ T4227] usb 6-1: Product: syz
[ 1265.360567][ T4227] usb 6-1: Manufacturer: syz
[ 1265.365366][ T4227] usb 6-1: SerialNumber: syz
[ 1265.837691][ T4227] usb 6-1: can't set config #1, error -71
[ 1265.853605][ T4227] usb 6-1: USB disconnect, device number 3
[ 1265.893311][T16648] netlink: 7 bytes leftover after parsing attributes in process `syz.5.2937'.
[ 1266.391527][T16661] vivid-001: =================  START STATUS  =================
[ 1266.399352][T16661] vivid-001: Generate PTS: true
[ 1266.404281][T16661] vivid-001: Generate SCR: true
[ 1266.409368][T16661] tpg source WxH: 720x576 (Y'CbCr)
[ 1266.414713][T16661] tpg field: 4
[ 1266.418474][T16661] tpg crop: 720x576@0x0
[ 1266.422690][T16661] tpg compose: 720x576@0x0
[ 1266.427182][T16661] tpg colorspace: 1
[ 1266.431046][T16661] tpg transfer function: 0/0
[ 1266.435666][T16661] tpg Y'CbCr encoding: 0/0
[ 1266.440141][T16661] tpg quantization: 0/0
[ 1266.444352][T16661] tpg RGB range: 0/2
[ 1266.449283][T16661] vivid-001: ==================  END STATUS  ==================
[ 1268.379200][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2943'.
[ 1268.400609][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2943'.
[ 1268.414810][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2943'.
[ 1268.426891][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2943'.
[ 1270.464779][T16695] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2949'.
[ 1270.475028][T16695] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2949'.
[ 1270.855143][T16705] loop3: detected capacity change from 0 to 40427
[ 1270.920439][T16710] 9pnet_virtio: no channels available for device syz
[ 1270.946192][T16710] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1271.013341][T16710] overlayfs: failed to look up (tracing) for ino (-66)
[ 1272.159777][T16705] F2FS-fs (loop3): invalid crc value
[ 1272.190113][T16705] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1272.215968][T16705] F2FS-fs (loop3): Start checkpoint disabled!
[ 1272.243300][T16705] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1273.639192][   T26] audit: type=1800 audit(2000001037.860:142): pid=16709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2951" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1274.250672][ T9729] attempt to access beyond end of device
[ 1274.250672][ T9729] loop3: rw=2049, want=40976, limit=40427
[ 1275.843008][T16740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2961'.
[ 1279.191263][T16793] 9pnet_virtio: no channels available for device syz
[ 1279.226694][T16793] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1279.288617][T16793] overlayfs: failed to look up (tracing) for ino (-66)
[ 1281.413044][T16827] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1281.421726][T16827] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1282.603710][T16847] loop0: detected capacity change from 0 to 40427
[ 1282.675550][T16847] F2FS-fs (loop0): invalid crc value
[ 1282.748969][T16847] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1282.773721][T16847] F2FS-fs (loop0): Start checkpoint disabled!
[ 1282.804824][T16847] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1282.884809][   T26] audit: type=1800 audit(2000001047.100:143): pid=16850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2994" name="bus" dev="loop0" ino=10 res=0 errno=0
[ 1283.608809][ T4266] attempt to access beyond end of device
[ 1283.608809][ T4266] loop0: rw=2049, want=40976, limit=40427
[ 1283.749629][T16857] syz.4.2998 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1284.348163][T16885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1284.443640][T16887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1284.674557][T16887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1284.685696][T16887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1287.185399][T16916] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 1290.126645][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3016'.
[ 1290.185499][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3016'.
[ 1290.197170][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3016'.
[ 1290.209159][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3016'.
[ 1290.707576][T16951] program syz.3.3020 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1294.162574][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3032'.
[ 1294.202672][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3032'.
[ 1294.215353][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3032'.
[ 1294.234239][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3032'.
[ 1297.790975][T17022] device batadv0 entered promiscuous mode
[ 1297.819347][T17022] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3041'.
[ 1297.843703][T17022] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1298.028096][T17026] device syzkaller0 entered promiscuous mode
[ 1300.890617][T17054] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3051'.
[ 1301.991976][T17075] loop3: detected capacity change from 0 to 40427
[ 1302.097658][T17075] F2FS-fs (loop3): invalid crc value
[ 1302.119356][T17075] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1302.155012][T17075] F2FS-fs (loop3): Start checkpoint disabled!
[ 1302.192753][T17075] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1302.274756][   T26] audit: type=1800 audit(2000001066.490:144): pid=17083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3059" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1303.028028][ T4254] attempt to access beyond end of device
[ 1303.028028][ T4254] loop3: rw=2049, want=40976, limit=40427
[ 1303.367247][T17089] device syzkaller0 entered promiscuous mode
[ 1304.882752][T17116] loop5: detected capacity change from 0 to 40427
[ 1304.952877][T17116] F2FS-fs (loop5): invalid crc value
[ 1304.972379][T17116] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1304.999168][T17116] F2FS-fs (loop5): Start checkpoint disabled!
[ 1305.019350][T17116] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1305.145289][   T26] audit: type=1800 audit(2000001069.360:145): pid=17122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3071" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1305.601864][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.669747][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1307.495432][ T4265] attempt to access beyond end of device
[ 1307.495432][ T4265] loop5: rw=2049, want=40976, limit=40427
[ 1307.707485][ T4191] Bluetooth: hci4: command 0x0406 tx timeout
[ 1310.167401][T17148] loop0: detected capacity change from 0 to 40427
[ 1310.269042][T17148] F2FS-fs (loop0): invalid crc value
[ 1310.299820][T17148] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1310.342592][T17148] F2FS-fs (loop0): Start checkpoint disabled!
[ 1310.368376][T17148] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1310.498125][   T26] audit: type=1800 audit(2000001074.720:146): pid=17155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3084" name="bus" dev="loop0" ino=10 res=0 errno=0
[ 1312.888200][ T9729] attempt to access beyond end of device
[ 1312.888200][ T9729] loop0: rw=2049, want=40976, limit=40427
[ 1318.577847][T17198] loop3: detected capacity change from 0 to 40427
[ 1318.649435][T17198] F2FS-fs (loop3): invalid crc value
[ 1318.693710][T17198] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1318.731236][T17198] F2FS-fs (loop3): Start checkpoint disabled!
[ 1318.747459][T17198] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1318.880213][   T26] audit: type=1800 audit(2000001083.100:147): pid=17198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3098" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1319.396389][ T4292] attempt to access beyond end of device
[ 1319.396389][ T4292] loop3: rw=2049, want=40976, limit=40427
[ 1320.080490][T17215] loop3: detected capacity change from 0 to 40427
[ 1320.126396][T17204] chnl_net:caif_netlink_parms(): no params data found
[ 1320.134116][T17215] F2FS-fs (loop3): invalid crc value
[ 1320.154692][T17215] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1320.183322][T17215] F2FS-fs (loop3): Start checkpoint disabled!
[ 1320.221448][T17215] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1320.303547][   T26] audit: type=1800 audit(2000001084.520:148): pid=17223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3101" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1320.949399][T17204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1321.027491][T17204] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1321.086642][T17204] device bridge_slave_0 entered promiscuous mode
[ 1321.094059][ T9729] attempt to access beyond end of device
[ 1321.094059][ T9729] loop3: rw=2049, want=40976, limit=40427
[ 1321.202481][T17204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1321.230973][T17204] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1321.840689][ T4645] Bluetooth: hci2: command 0x0409 tx timeout
[ 1321.966140][T17204] device bridge_slave_1 entered promiscuous mode
[ 1322.972082][T17204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1323.091508][T17204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1324.006768][ T4645] Bluetooth: hci2: command 0x041b tx timeout
[ 1324.731072][T17204] team0: Port device team_slave_0 added
[ 1324.939836][T17204] team0: Port device team_slave_1 added
[ 1325.154380][T17204] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1325.749212][T17204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1325.776773][T17204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1325.871629][T17204] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1325.892677][T17204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1326.018485][T17204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1326.206115][T17204] device hsr_slave_0 entered promiscuous mode
[ 1326.239223][T17204] device hsr_slave_1 entered promiscuous mode
[ 1326.274094][T17204] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1326.312278][T17204] Cannot create hsr debugfs directory
[ 1326.637457][ T4645] Bluetooth: hci2: command 0x040f tx timeout
[ 1327.068237][T17204] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1327.080058][T17204] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1327.524824][T17204] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1328.124768][T17204] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1328.717470][ T4191] Bluetooth: hci2: command 0x0419 tx timeout
[ 1328.886757][T17204] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1328.958016][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1328.978317][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1329.135619][T17204] 8021q: adding VLAN 0 to HW filter on device team0
[ 1329.161059][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1329.652556][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1329.737886][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1329.745135][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1329.821689][T17204] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1329.846935][T17204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1329.948138][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1329.974712][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1330.012391][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1330.048065][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1330.055201][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1330.075235][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1330.129859][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1330.173186][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1330.207605][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1330.226935][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1330.268019][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1330.320601][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1330.332586][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1330.350974][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1331.088132][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1331.128848][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1331.158538][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1331.495208][T17355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3137'.
[ 1332.444770][T17355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3137'.
[ 1332.664052][T17355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3137'.
[ 1332.834295][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1332.842650][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1333.246171][T17355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3137'.
[ 1333.373630][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[ 1333.403295][T17204] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1333.690384][T17384] device bond_slave_0 entered promiscuous mode
[ 1333.697240][T17384] device bond_slave_1 entered promiscuous mode
[ 1333.727644][T17384] device vlan2 entered promiscuous mode
[ 1333.733410][T17384] device bond0 entered promiscuous mode
[ 1335.930087][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1335.958202][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1336.614136][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1336.647995][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1336.657052][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1336.796270][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1336.820276][T17204] device veth0_vlan entered promiscuous mode
[ 1337.267573][T17416] 9pnet_virtio: no channels available for device syz
[ 1338.372348][T17204] device veth1_vlan entered promiscuous mode
[ 1338.709919][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1338.738395][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1338.776221][T17204] device veth0_macvtap entered promiscuous mode
[ 1338.829247][T17204] device veth1_macvtap entered promiscuous mode
[ 1338.905499][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1338.966269][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.034344][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.045097][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.059571][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.071443][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.081891][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.092929][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.205346][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.274608][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.333105][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.343919][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.355333][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.368585][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.379841][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.392946][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.407443][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1339.419834][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.434426][T17204] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1339.446534][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.457844][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.468407][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.479644][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.489943][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.500969][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.512408][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.523813][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.544852][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.628606][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.671862][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.732926][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.759421][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.775583][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.792535][T17204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.811373][T17204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.850664][T17204] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1339.871847][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1339.988809][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1339.997857][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1340.015549][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1340.033799][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1340.043455][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1340.070911][T17204] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1340.098964][T17204] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1340.114599][T17204] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1340.134311][T17204] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1340.245645][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1340.270277][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1340.335502][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1340.496029][T17455] loop0: detected capacity change from 0 to 40427
[ 1340.540885][ T5625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1340.558635][T17455] F2FS-fs (loop0): invalid crc value
[ 1340.574923][ T5625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1340.602791][T17455] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1340.627085][T17455] F2FS-fs (loop0): Start checkpoint disabled!
[ 1340.635843][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1340.644506][T17455] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1340.838882][T17456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3161'.
[ 1340.840732][T17456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3161'.
[ 1340.851988][T17456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3161'.
[ 1340.853088][T17456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3161'.
[ 1340.853524][T17456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3161'.
[ 1341.327543][T17463] 9pnet_virtio: no channels available for device syz
[ 1342.667862][T17463] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1342.922191][T17463] overlayfs: failed to look up (tracing) for ino (-66)
[ 1348.777512][T17507] 9pnet_virtio: no channels available for device syz
[ 1350.177904][T17507] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1350.457704][T17507] overlayfs: failed to look up (tracing) for ino (-66)
[ 1350.868212][T17513] loop0: detected capacity change from 0 to 40427
[ 1351.312315][T17513] F2FS-fs (loop0): invalid crc value
[ 1351.345336][T17513] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1351.381149][T17513] F2FS-fs (loop0): Start checkpoint disabled!
[ 1351.522090][T17513] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1351.637361][   T26] audit: type=1800 audit(2000001115.850:149): pid=17527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3175" name="bus" dev="loop0" ino=10 res=0 errno=0
[ 1351.887580][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1351.924464][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1351.979774][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1351.995568][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1352.010408][T17523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1352.281753][T17536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1352.303047][T17536] loop6: detected capacity change from 0 to 64
[ 1352.961972][  T150] attempt to access beyond end of device
[ 1352.961972][  T150] loop0: rw=2049, want=40976, limit=40427
[ 1354.987564][   T26] audit: type=1326 audit(2000001119.190:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1355.045862][   T26] audit: type=1326 audit(2000001119.190:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1355.071123][   T26] audit: type=1326 audit(2000001119.190:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1355.814086][   T26] audit: type=1326 audit(2000001119.200:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1355.847529][   T26] audit: type=1326 audit(2000001119.200:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1355.922573][   T26] audit: type=1326 audit(2000001119.200:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1356.037521][   T26] audit: type=1326 audit(2000001119.200:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1356.147381][   T26] audit: type=1326 audit(2000001119.240:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1356.277096][   T26] audit: type=1326 audit(2000001119.240:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.5.3185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f2532b799 code=0x7ffc0000
[ 1360.434178][T17613] device macvlan2 entered promiscuous mode
[ 1360.481530][T17613] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1361.053682][T17624] tipc: Started in network mode
[ 1361.058803][T17624] tipc: Node identity ac1414aa, cluster identity 4711
[ 1361.066906][T17624] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1362.321620][ T4260] tipc: Node number set to 2886997162
[ 1363.118161][T17629] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1364.747385][T17490] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1365.407414][T17490] usb 4-1: Using ep0 maxpacket: 8
[ 1365.527627][T17490] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1365.553089][T17490] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1365.563966][T17490] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1365.584308][T17490] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.612179][T17490] usb 4-1: config 0 descriptor??
[ 1365.840306][T17660] fuse: Bad value for 'fd'
[ 1365.863089][T17490] usb 4-1: USB disconnect, device number 14
[ 1367.334759][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1367.341257][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1371.390191][T17694] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1371.460563][T17694] overlayfs: failed to look up (tracing) for ino (-66)
[ 1372.327329][T15796] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1373.267763][T10658] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1373.327423][T15796] usb 7-1: Using ep0 maxpacket: 32
[ 1373.534586][T15796] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1373.572165][T15796] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1373.583549][T15796] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1373.592961][T15796] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1373.603208][T10658] usb 1-1: Using ep0 maxpacket: 8
[ 1373.610658][T15796] usb 7-1: config 0 descriptor??
[ 1373.728861][T10658] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1373.793524][T10658] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1373.895919][T10658] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1374.077235][T10658] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1374.409857][T10658] usb 1-1: config 0 descriptor??
[ 1375.058258][T10658] usb 1-1: USB disconnect, device number 30
[ 1375.288211][T15796] usb 7-1: can't set config #0, error -71
[ 1375.295622][T15796] usb 7-1: USB disconnect, device number 2
[ 1378.042680][T17737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3242'.
[ 1378.065758][T17737] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3242'.
[ 1380.756619][T17195] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1381.037345][T17195] usb 6-1: Using ep0 maxpacket: 8
[ 1382.367461][T17195] usb 6-1: device descriptor read/all, error -71
[ 1385.410423][T17796] device syzkaller0 entered promiscuous mode
[ 1386.824486][T17809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1386.844923][T17809] loop3: detected capacity change from 0 to 64
[ 1390.462813][T17827] vivid-001: =================  START STATUS  =================
[ 1390.470885][T17827] vivid-001: Generate PTS: true
[ 1390.476070][T17827] vivid-001: Generate SCR: true
[ 1390.481062][T17827] tpg source WxH: 720x576 (Y'CbCr)
[ 1390.486221][T17827] tpg field: 4
[ 1390.489661][T17827] tpg crop: 720x576@0x0
[ 1390.494158][T17827] tpg compose: 720x576@0x0
[ 1390.499499][T17827] tpg colorspace: 1
[ 1390.503491][T17827] tpg transfer function: 0/0
[ 1390.508264][T17827] tpg Y'CbCr encoding: 0/0
[ 1390.512875][T17827] tpg quantization: 0/0
[ 1390.517101][T17827] tpg RGB range: 0/2
[ 1390.521645][T17827] vivid-001: ==================  END STATUS  ==================
[ 1391.089256][T17834] 9pnet_virtio: no channels available for device syz
[ 1391.100058][T17834] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1391.117778][T17834] overlayfs: failed to look up (tracing) for ino (-66)
[ 1391.353621][T17840] device syzkaller0 entered promiscuous mode
[ 1393.228972][T10658] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1393.507418][T10658] usb 1-1: Using ep0 maxpacket: 32
[ 1393.609158][T17861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1393.627990][T17861] loop6: detected capacity change from 0 to 64
[ 1393.663393][T10658] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1394.899168][T10658] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1395.147759][T10658] usb 1-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.40
[ 1395.156855][T10658] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1395.196020][T10658] usb 1-1: Product: syz
[ 1395.210981][T10658] usb 1-1: Manufacturer: syz
[ 1395.231286][T10658] usb 1-1: SerialNumber: syz
[ 1395.318018][T10658] usb 1-1: can't set config #1, error -71
[ 1395.356736][T10658] usb 1-1: USB disconnect, device number 31
[ 1395.633024][T17870] Invalid option length (598) for dns_resolver key
[ 1398.368963][T17883] 9pnet_virtio: no channels available for device syz
[ 1398.401362][T17881] device syzkaller0 entered promiscuous mode
[ 1398.425802][T17883] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1398.442261][T17883] overlayfs: failed to look up (tracing) for ino (-66)
[ 1398.567402][T17886] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1398.762065][T17888] loop0: detected capacity change from 0 to 2048
[ 1398.799396][T17888] hpfs: bad mount options.
[ 1400.260375][T17910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1400.280910][T17910] loop5: detected capacity change from 0 to 64
[ 1401.661262][T17922] Sensor A: =================  START STATUS  =================
[ 1401.707084][T17922] Sensor A: Test Pattern: 75% Colorbar
[ 1401.725913][T17927] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3305'.
[ 1401.737883][T17922] Sensor A: Show Information: All
[ 1401.743268][T17922] Sensor A: Vertical Flip: false
[ 1403.168762][T17922] Sensor A: Horizontal Flip: false
[ 1403.183859][T17922] Sensor A: Brightness: 128
[ 1403.188970][T17922] Sensor A: Contrast: 128
[ 1403.193472][T17922] Sensor A: Hue: 0
[ 1403.199146][T17922] Sensor A: Saturation: 128
[ 1403.203843][T17922] Sensor A: ==================  END STATUS  ==================
[ 1403.269154][T16680] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1404.743908][T14057] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 0
[ 1405.365955][T17490] Bluetooth: hci4: command 0x1003 tx timeout
[ 1405.372671][T15284] Bluetooth: hci4: sending frame failed (-49)
[ 1406.069764][T17944] vivid-001: =================  START STATUS  =================
[ 1406.077576][T17944] vivid-001: Generate PTS: true
[ 1406.082759][T17944] vivid-001: Generate SCR: true
[ 1406.088138][T17944] tpg source WxH: 720x576 (Y'CbCr)
[ 1406.093474][T17944] tpg field: 4
[ 1406.097095][T17944] tpg crop: 720x576@0x0
[ 1406.101427][T17944] tpg compose: 720x576@0x0
[ 1406.105964][T17944] tpg colorspace: 1
[ 1406.110775][T17944] tpg transfer function: 0/0
[ 1406.115821][T17944] tpg Y'CbCr encoding: 0/0
[ 1406.120602][T17944] tpg quantization: 0/0
[ 1406.125084][T17944] tpg RGB range: 0/2
[ 1406.129185][T17944] vivid-001: ==================  END STATUS  ==================
[ 1407.002856][T17952] device syzkaller0 entered promiscuous mode
[ 1407.437338][T10658] Bluetooth: hci4: command 0x1001 tx timeout
[ 1407.941677][T15284] Bluetooth: hci4: sending frame failed (-49)
[ 1410.340752][T10658] Bluetooth: hci4: command 0x1009 tx timeout
[ 1413.337096][T17984] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1413.379335][T17984] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1413.520940][T17984] loop5: detected capacity change from 0 to 2048
[ 1413.726057][T17984] hpfs: bad mount options.
[ 1414.178112][T17997] device syzkaller0 entered promiscuous mode
[ 1414.398447][T18003] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1414.481492][T18003] loop5: detected capacity change from 0 to 2048
[ 1414.511060][T18003] hpfs: bad mount options.
[ 1415.205135][T18016] device syzkaller0 entered promiscuous mode
[ 1415.702043][T18025] loop3: detected capacity change from 0 to 40427
[ 1415.796072][T18025] F2FS-fs (loop3): invalid crc value
[ 1415.906694][T18025] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1415.945685][T18025] F2FS-fs (loop3): Start checkpoint disabled!
[ 1415.990722][T18025] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1416.012265][   T26] kauditd_printk_skb: 15 callbacks suppressed
[ 1416.012277][   T26] audit: type=1800 audit(2000001180.230:174): pid=18025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3334" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1417.037906][T11932] attempt to access beyond end of device
[ 1417.037906][T11932] loop3: rw=2049, want=40976, limit=40427
[ 1417.059950][T18045] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1417.118776][T18046] device syzkaller0 entered promiscuous mode
[ 1417.316123][T18045] loop5: detected capacity change from 0 to 2048
[ 1417.347919][T18048] Sensor A: =================  START STATUS  =================
[ 1417.378322][T18045] hpfs: bad mount options.
[ 1417.423662][T18048] Sensor A: Test Pattern: 75% Colorbar
[ 1417.461545][T18048] Sensor A: Show Information: All
[ 1417.500933][T18048] Sensor A: Vertical Flip: false
[ 1419.155307][T18048] Sensor A: Horizontal Flip: false
[ 1419.167325][T18048] Sensor A: Brightness: 128
[ 1419.175914][T18048] Sensor A: Contrast: 128
[ 1419.180999][T18048] Sensor A: Hue: 0
[ 1419.208228][T18048] Sensor A: Saturation: 128
[ 1419.395831][T18048] Sensor A: ==================  END STATUS  ==================
[ 1419.613140][T18064] device syzkaller0 entered promiscuous mode
[ 1419.678040][ T4191] Bluetooth: hci4: command 0x1003 tx timeout
[ 1419.687794][T15284] Bluetooth: hci4: sending frame failed (-49)
[ 1419.924158][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3348'.
[ 1419.934678][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3348'.
[ 1419.943997][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3348'.
[ 1419.953426][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3348'.
[ 1419.991082][T18073] Sensor A: =================  START STATUS  =================
[ 1420.057584][T18073] Sensor A: Test Pattern: 75% Colorbar
[ 1420.107506][T18073] Sensor A: Show Information: All
[ 1420.112764][T18073] Sensor A: Vertical Flip: false
[ 1420.118381][T18073] Sensor A: Horizontal Flip: false
[ 1420.123983][T18073] Sensor A: Brightness: 128
[ 1420.172839][ T4470] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 0
[ 1420.185129][T18073] Sensor A: Contrast: 128
[ 1420.190319][T18073] Sensor A: Hue: 0
[ 1420.194735][T18073] Sensor A: Saturation: 128
[ 1420.200048][T18073] Sensor A: ==================  END STATUS  ==================
[ 1421.798823][ T4260] Bluetooth: hci4: command 0x1001 tx timeout
[ 1421.827080][T18078] Bluetooth: hci4: sending frame failed (-49)
[ 1422.478343][ T4260] Bluetooth: hci6: command 0x1003 tx timeout
[ 1422.758276][T18078] Bluetooth: hci6: sending frame failed (-49)
[ 1422.927758][T18086] device syzkaller0 entered promiscuous mode
[ 1423.140376][T18090] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1423.205978][T18090] loop3: detected capacity change from 0 to 2048
[ 1423.219325][T18090] hpfs: bad mount options.
[ 1423.837486][T15796] Bluetooth: hci4: command 0x1009 tx timeout
[ 1423.982450][T18096] loop6: detected capacity change from 0 to 40427
[ 1424.051514][T18096] F2FS-fs (loop6): invalid crc value
[ 1424.059869][T18096] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1424.087922][T18096] F2FS-fs (loop6): Start checkpoint disabled!
[ 1424.107003][T18096] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1424.123144][   T26] audit: type=1800 audit(2000001188.340:175): pid=18096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3356" name="bus" dev="loop6" ino=10 res=0 errno=0
[ 1424.454351][ T5625] attempt to access beyond end of device
[ 1424.454351][ T5625] loop6: rw=2049, want=40976, limit=40427
[ 1424.558007][T18100] device syzkaller0 entered promiscuous mode
[ 1424.808150][T15796] Bluetooth: hci6: command 0x1001 tx timeout
[ 1424.814459][T18078] Bluetooth: hci6: sending frame failed (-49)
[ 1425.815700][T18117] device syzkaller0 entered promiscuous mode
[ 1426.016461][T18124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3366'.
[ 1426.270876][T18126] loop3: detected capacity change from 0 to 40427
[ 1426.329221][T18126] F2FS-fs (loop3): invalid crc value
[ 1426.347478][T18126] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1426.386617][T18126] F2FS-fs (loop3): Start checkpoint disabled!
[ 1426.395596][T18126] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1426.424550][   T26] audit: type=1800 audit(2000001190.640:176): pid=18126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3367" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1426.565909][  T144] attempt to access beyond end of device
[ 1426.565909][  T144] loop3: rw=2049, want=40976, limit=40427
[ 1426.887369][T15796] Bluetooth: hci6: command 0x1009 tx timeout
[ 1428.489934][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1428.496556][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1428.984771][T18153] device syzkaller0 entered promiscuous mode
[ 1431.502561][T18167] loop0: detected capacity change from 0 to 40427
[ 1431.537978][T18167] F2FS-fs (loop0): invalid crc value
[ 1431.578811][T18167] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1431.604395][T18167] F2FS-fs (loop0): Start checkpoint disabled!
[ 1431.725204][T18167] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[ 1432.558532][   T26] audit: type=1800 audit(2000001196.780:177): pid=18164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3379" name="bus" dev="loop0" ino=10 res=0 errno=0
[ 1432.803706][T18179] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1432.886296][T18179] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1432.896745][T18179] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1433.091124][T14057] attempt to access beyond end of device
[ 1433.091124][T14057] loop0: rw=2049, want=40976, limit=40427
[ 1433.175665][T18185] device syzkaller0 entered promiscuous mode
[ 1434.059865][T18210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1434.079541][T18210] loop6: detected capacity change from 0 to 64
[ 1435.515526][T18218] loop5: detected capacity change from 0 to 40427
[ 1435.634024][T18220] vivid-001: =================  START STATUS  =================
[ 1435.641786][T18220] vivid-001: Generate PTS: true
[ 1435.646951][T18220] vivid-001: Generate SCR: true
[ 1435.651995][T18220] tpg source WxH: 720x576 (Y'CbCr)
[ 1435.657151][T18220] tpg field: 4
[ 1435.660601][T18220] tpg crop: 720x576@0x0
[ 1435.664793][T18220] tpg compose: 720x576@0x0
[ 1435.669312][T18220] tpg colorspace: 1
[ 1435.673158][T18220] tpg transfer function: 0/0
[ 1435.677921][T18220] tpg Y'CbCr encoding: 0/0
[ 1435.682399][T18220] tpg quantization: 0/0
[ 1435.686598][T18220] tpg RGB range: 0/2
[ 1435.690569][T18220] vivid-001: ==================  END STATUS  ==================
[ 1436.147363][T18218] F2FS-fs (loop5): invalid crc value
[ 1436.218645][T18218] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1436.271368][T18218] F2FS-fs (loop5): Start checkpoint disabled!
[ 1436.297132][T18218] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1436.313372][   T26] audit: type=1800 audit(2000001200.530:178): pid=18218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3395" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1436.365737][T18223] device syzkaller0 entered promiscuous mode
[ 1436.526037][T18230] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3398'.
[ 1437.929916][ T9729] attempt to access beyond end of device
[ 1437.929916][ T9729] loop5: rw=2049, want=40976, limit=40427
[ 1438.052093][T18248] device batadv_slave_0 entered promiscuous mode
[ 1438.113569][T18248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3405'.
[ 1438.125470][T18248] device hsr_slave_0 left promiscuous mode
[ 1438.144445][T18248] device hsr_slave_1 left promiscuous mode
[ 1438.584881][T18246] device batadv_slave_0 left promiscuous mode
[ 1439.132841][T18280] device syzkaller0 entered promiscuous mode
[ 1441.760027][T18313] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1442.923226][T18313] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1443.083922][T18320] device syzkaller0 entered promiscuous mode
[ 1443.351735][T18330] 9pnet_virtio: no channels available for device syz
[ 1443.369195][T18330] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1443.438079][T18330] overlayfs: failed to look up (tracing) for ino (-66)
[ 1445.537566][ T4260] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1445.917394][ T4191] Bluetooth: hci2: command 0x0406 tx timeout
[ 1445.923596][ T4260] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1445.938047][ T4260] usb 6-1: config 0 has no interfaces?
[ 1446.097744][ T4260] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1447.045975][ T4260] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1447.487191][ T4260] usb 6-1: Product: syz
[ 1447.587380][ T4260] usb 6-1: Manufacturer: syz
[ 1447.592341][ T4260] usb 6-1: SerialNumber: syz
[ 1447.620925][ T4260] usb 6-1: config 0 descriptor??
[ 1447.930434][T18362] device syzkaller0 entered promiscuous mode
[ 1448.176591][T18359] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1448.199693][T18359] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1448.378218][T18369] loop3: detected capacity change from 0 to 40427
[ 1448.463247][T18369] F2FS-fs (loop3): invalid crc value
[ 1448.495626][T18369] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1448.520071][T18369] F2FS-fs (loop3): Start checkpoint disabled!
[ 1448.535398][T18369] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[ 1448.553136][   T26] audit: type=1800 audit(2000001212.770:179): pid=18369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3440" name="bus" dev="loop3" ino=10 res=0 errno=0
[ 1448.837934][T18375] 9pnet_virtio: no channels available for device syz
[ 1448.847501][T18375] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1448.860420][T18375] overlayfs: failed to look up (tracing) for ino (-66)
[ 1449.046330][ T4267] attempt to access beyond end of device
[ 1449.046330][ T4267] loop3: rw=2049, want=40976, limit=40427
[ 1449.982206][T18386] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3445'.
[ 1450.099846][T17195] usb 6-1: USB disconnect, device number 6
[ 1452.140947][T18403] device syzkaller0 entered promiscuous mode
[ 1453.368519][T18424] 9pnet_virtio: no channels available for device syz
[ 1453.379362][T18424] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1453.396579][T18424] overlayfs: failed to look up (tracing) for ino (-66)
[ 1454.632539][T18455] device syzkaller0 entered promiscuous mode
[ 1454.978491][T18464] 9pnet_virtio: no channels available for device syz
[ 1454.988636][T18464] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1455.006670][T18464] overlayfs: failed to look up (tracing) for ino (-66)
[ 1455.983282][T18478] program syz.6.3474 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1459.048256][T18503] 9pnet_virtio: no channels available for device syz
[ 1459.057703][T18503] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1459.071020][T18503] overlayfs: failed to look up (tracing) for ino (-66)
[ 1459.270262][T18510] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3482'.
[ 1463.090756][T18543] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3495'.
[ 1464.426809][T18557] chnl_net:caif_netlink_parms(): no params data found
[ 1464.529270][T18557] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1464.544195][T18557] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1464.557582][T18557] device bridge_slave_0 entered promiscuous mode
[ 1464.566443][T18557] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1464.589259][T18557] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1464.598313][T18557] device bridge_slave_1 entered promiscuous mode
[ 1464.661685][T18557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1464.674221][T18557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1464.704253][T18557] team0: Port device team_slave_0 added
[ 1464.715719][T18557] team0: Port device team_slave_1 added
[ 1464.736981][T18557] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1464.746944][T18557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1464.776732][T18557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1464.803336][T18557] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1464.819967][T18557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1464.861407][T18557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1464.944912][T18557] device hsr_slave_0 entered promiscuous mode
[ 1464.955062][T18557] device hsr_slave_1 entered promiscuous mode
[ 1464.973909][T18557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1464.991238][T18557] Cannot create hsr debugfs directory
[ 1465.246638][T18557] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1465.268954][T18557] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1465.293502][T18557] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1465.312114][T18557] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1465.373815][T18557] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1465.381713][T18557] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1465.389863][T18557] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1465.396977][T18557] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1465.452270][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1465.464226][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1465.560406][T18557] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1465.598332][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1465.649307][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1465.676836][T18557] 8021q: adding VLAN 0 to HW filter on device team0
[ 1465.712831][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1465.732598][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1465.750076][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1465.757254][ T5625] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1465.795596][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1465.814778][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1465.829483][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1465.836606][ T5625] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1465.861247][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1465.878429][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1465.922882][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1465.948732][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1465.968223][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1465.981336][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1465.999332][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1466.051631][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1466.079026][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1466.188239][T18557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1466.229468][T18557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1466.242634][T12184] Bluetooth: hci1: command 0x0409 tx timeout
[ 1466.268737][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1466.278079][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1467.199216][T18557] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1467.207966][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1467.215650][ T5625] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1467.773482][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1467.787058][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1467.836692][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1467.850308][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1467.869811][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1467.888163][ T9729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1467.905402][T18557] device veth0_vlan entered promiscuous mode
[ 1467.925854][T18557] device veth1_vlan entered promiscuous mode
[ 1467.975703][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1467.985196][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1467.994740][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1468.004185][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1468.018136][T18557] device veth0_macvtap entered promiscuous mode
[ 1468.030742][T18557] device veth1_macvtap entered promiscuous mode
[ 1468.052182][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.066010][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.076721][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.090083][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.100553][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.111484][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.122179][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.133336][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.144114][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.156120][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.186601][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.212304][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.230778][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.256705][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.275014][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.288658][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.306773][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.318146][T15796] Bluetooth: hci1: command 0x041b tx timeout
[ 1468.330684][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.357703][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1468.369090][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.381017][T18557] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1468.392129][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1468.405519][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1468.418513][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1468.428887][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1468.451633][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1468.474805][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.489161][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1468.531248][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.559937][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1468.584546][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.599614][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1468.624673][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1468.668124][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1469.454059][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1469.507324][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1469.557268][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1469.584300][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1469.616325][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1469.646114][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1469.661114][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1469.675596][T18557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1469.691096][T18557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1469.706765][T18557] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1469.724866][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1469.745015][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1469.780349][T18557] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1469.832955][T18557] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1469.850020][T18557] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1469.869050][T18557] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1470.035902][T14057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1470.054229][T14057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1470.197079][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1470.296385][ T4254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1470.350243][ T4254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1470.398111][ T4227] Bluetooth: hci1: command 0x040f tx timeout
[ 1470.441464][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1470.874601][T18622] loop9: detected capacity change from 0 to 524287936
[ 1470.905991][T18615] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1470.929371][T18615] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1472.477734][T15796] Bluetooth: hci1: command 0x0419 tx timeout
[ 1474.913910][T18665] 9pnet_virtio: no channels available for device syz
[ 1474.923270][T18665] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1474.936444][T18665] overlayfs: failed to look up (tracing) for ino (-66)
[ 1475.128586][T18669] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bridge, syncid = 2, id = 0
[ 1477.350689][T18694] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3533'.
[ 1477.500884][T18694] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3533'.
[ 1477.754866][T18694] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3533'.
[ 1478.044834][T18699] loop6: detected capacity change from 0 to 40427
[ 1478.167935][T18699] F2FS-fs (loop6): invalid crc value
[ 1478.195282][T18699] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1478.219324][T18699] F2FS-fs (loop6): Start checkpoint disabled!
[ 1478.240158][T18699] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1478.331265][   T26] audit: type=1800 audit(2000001242.550:180): pid=18702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3534" name="bus" dev="loop6" ino=10 res=0 errno=0
[ 1479.059717][    T9] attempt to access beyond end of device
[ 1479.059717][    T9] loop6: rw=2049, want=40976, limit=40427
[ 1479.142112][T18708] 9pnet_virtio: no channels available for device syz
[ 1479.152543][T18708] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1479.169680][T18708] overlayfs: failed to look up (tracing) for ino (-66)
[ 1481.461064][T18742] loop5: detected capacity change from 0 to 40427
[ 1481.533224][T18742] F2FS-fs (loop5): invalid crc value
[ 1481.586978][T18742] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1481.628451][T18742] F2FS-fs (loop5): Start checkpoint disabled!
[ 1481.664473][T18742] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1481.742334][   T26] audit: type=1800 audit(2000001245.960:181): pid=18745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3547" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1482.502688][ T9729] attempt to access beyond end of device
[ 1482.502688][ T9729] loop5: rw=2049, want=40976, limit=40427
[ 1488.543627][T18843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1488.566202][T18843] loop6: detected capacity change from 0 to 64
[ 1489.920706][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 1489.927119][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1491.528518][T18855] block device autoloading is deprecated and will be removed.
[ 1492.679498][T18876] 9pnet_virtio: no channels available for device syz
[ 1492.688704][T18876] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1492.702231][T18876] overlayfs: failed to look up (tracing) for ino (-66)
[ 1493.431879][T18892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3591'.
[ 1495.681917][T18899] vivid-001: =================  START STATUS  =================
[ 1495.689708][T18899] vivid-001: Generate PTS: true
[ 1495.694567][T18899] vivid-001: Generate SCR: true
[ 1495.699491][T18899] tpg source WxH: 720x576 (Y'CbCr)
[ 1495.704719][T18899] tpg field: 4
[ 1495.708161][T18899] tpg crop: 720x576@0x0
[ 1495.712397][T18899] tpg compose: 720x576@0x0
[ 1495.716915][T18899] tpg colorspace: 1
[ 1495.720739][T18899] tpg transfer function: 0/0
[ 1495.725589][T18899] tpg Y'CbCr encoding: 0/0
[ 1495.730114][T18899] tpg quantization: 0/0
[ 1495.734397][T18899] tpg RGB range: 0/2
[ 1495.738355][T18899] vivid-001: ==================  END STATUS  ==================
[ 1499.098938][T18948] 9pnet_virtio: no channels available for device syz
[ 1499.135585][T18948] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1499.162150][T18948] overlayfs: failed to look up (tracing) for ino (-66)
[ 1506.877483][T15796] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1507.257636][T15796] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1507.294492][T15796] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1507.330901][T15796] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1507.380878][T15796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1507.499331][T19007] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1507.975674][T15796] usb 4-1: USB disconnect, device number 15
[ 1508.327552][T19030] 9pnet_virtio: no channels available for device syz
[ 1508.338470][T19030] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1508.429398][T19030] overlayfs: failed to look up (tracing) for ino (-66)
[ 1512.834349][T19065] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3642'.
[ 1515.790930][T19101] 9pnet_virtio: no channels available for device syz
[ 1515.816966][T19101] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1515.841232][T19101] overlayfs: failed to look up (tracing) for ino (-66)
[ 1519.555928][T19142] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 1522.238422][T19172] Sensor A: =================  START STATUS  =================
[ 1522.297581][T19172] Sensor A: Test Pattern: 75% Colorbar
[ 1522.327850][T19172] Sensor A: Show Information: All
[ 1522.469984][  T522] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1523.914974][T19172] Sensor A: Vertical Flip: false
[ 1523.920418][T19172] Sensor A: Horizontal Flip: false
[ 1523.925808][T19172] Sensor A: Brightness: 128
[ 1523.935918][T19172] Sensor A: Contrast: 128
[ 1523.946042][T19172] Sensor A: Hue: 0
[ 1523.956180][T19172] Sensor A: Saturation: 128
[ 1523.961832][T19172] Sensor A: ==================  END STATUS  ==================
[ 1524.509313][T17490] Bluetooth: hci4: command 0x1003 tx timeout
[ 1524.516906][T18078] Bluetooth: hci4: sending frame failed (-49)
[ 1526.581852][ T4173] Bluetooth: hci4: command 0x1001 tx timeout
[ 1526.589650][T18078] Bluetooth: hci4: sending frame failed (-49)
[ 1528.265615][T19210] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3686'.
[ 1528.637404][ T4173] Bluetooth: hci4: command 0x1009 tx timeout
[ 1528.937351][ T4173] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1529.177387][ T4173] usb 7-1: Using ep0 maxpacket: 16
[ 1529.847548][ T4173] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1529.867325][ T4173] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1529.904838][ T4173] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1529.963657][ T4173] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[ 1529.994185][ T4173] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1530.043328][ T4173] usb 7-1: config 0 descriptor??
[ 1530.563012][ T4173] input: HID 05ac:8241 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:05AC:8241.0002/input/input53
[ 1530.795321][ T4173] appleir 0003:05AC:8241.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[ 1530.917731][ T4173] usb 7-1: USB disconnect, device number 3
[ 1531.201232][T19238] syz.7.3697 (19238): drop_caches: 2
[ 1531.311533][T19239] fido_id[19239]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 1533.629377][T19280] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1533.674817][T19280] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1533.778552][T19296] fuse: root generation should be zero
[ 1533.782400][T19299] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3716'.
[ 1537.307405][ T4227] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1537.727519][ T4227] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1537.847661][ T4227] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1538.008149][ T4227] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b27, bcdDevice= 0.40
[ 1538.038385][ T4227] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1538.087312][ T4227] usb 6-1: Product: syz
[ 1538.099567][ T4227] usb 6-1: Manufacturer: syz
[ 1538.129967][ T4227] usb 6-1: SerialNumber: syz
[ 1538.803498][T19346] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'.
[ 1539.047273][T19349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'.
[ 1539.209079][T19349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'.
[ 1539.237941][ T4227] usbhid 6-1:1.0: can't add hid device: -71
[ 1539.245772][ T4227] usbhid: probe of 6-1:1.0 failed with error -71
[ 1539.270031][ T4227] usb 6-1: USB disconnect, device number 7
[ 1539.292194][T19349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'.
[ 1539.326823][T19349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'.
[ 1539.477813][T19354] loop5: detected capacity change from 0 to 7
[ 1539.529249][ T8433]  loop5:
[ 1539.532310][ T8433] loop5: partition table partially beyond EOD, truncated
[ 1539.561652][T19354]  loop5:
[ 1539.565547][T19354] loop5: partition table partially beyond EOD, truncated
[ 1539.658021][ T8433] 
[ 1539.660381][ T8433] ======================================================
[ 1539.667480][ T8433] WARNING: possible circular locking dependency detected
[ 1539.674593][ T8433] syzkaller #0 Not tainted
[ 1539.679008][ T8433] ------------------------------------------------------
[ 1539.686023][ T8433] udevd/8433 is trying to acquire lock:
[ 1539.691558][ T8433] ffff88802de20138 ((wq_completion)loop5){+.+.}-{0:0}, at: flush_workqueue+0x150/0x13d0
[ 1539.701499][ T8433] 
[ 1539.701499][ T8433] but task is already holding lock:
[ 1539.709045][ T8433] ffff888020af1468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[ 1539.717865][ T8433] 
[ 1539.717865][ T8433] which lock already depends on the new lock.
[ 1539.717865][ T8433] 
[ 1539.728449][ T8433] 
[ 1539.728449][ T8433] the existing dependency chain (in reverse order) is:
[ 1539.737469][ T8433] 
[ 1539.737469][ T8433] -> #6 (&lo->lo_mutex){+.+.}-{3:3}:
[ 1539.745101][ T8433]        __mutex_lock_common+0x1e3/0x2400
[ 1539.750804][ T8433]        mutex_lock_killable_nested+0x17/0x20
[ 1539.756853][ T8433]        lo_open+0x6a/0x100
[ 1539.761344][ T8433]        blkdev_get_whole+0x90/0x390
[ 1539.766695][ T8433]        blkdev_get_by_dev+0x2d0/0xa60
[ 1539.772133][ T8433]        blkdev_open+0x12d/0x2c0
[ 1539.777057][ T8433]        do_dentry_open+0x7ff/0xf80
[ 1539.782312][ T8433]        path_openat+0x26f5/0x2fa0
[ 1539.787423][ T8433]        do_filp_open+0x1e2/0x410
[ 1539.792528][ T8433]        do_sys_openat2+0x150/0x4b0
[ 1539.798142][ T8433]        __x64_sys_openat+0x135/0x160
[ 1539.803604][ T8433]        do_syscall_64+0x4c/0xa0
[ 1539.808525][ T8433]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1539.815389][ T8433] 
[ 1539.815389][ T8433] -> #5 (&disk->open_mutex){+.+.}-{3:3}:
[ 1539.823187][ T8433]        __mutex_lock_common+0x1e3/0x2400
[ 1539.828977][ T8433]        mutex_lock_nested+0x17/0x20
[ 1539.834240][ T8433]        blkdev_get_by_dev+0x157/0xa60
[ 1539.839677][ T8433]        swsusp_check+0xa1/0x2b0
[ 1539.844711][ T8433]        software_resume+0xc6/0x3b0
[ 1539.850187][ T8433]        resume_store+0xe4/0x130
[ 1539.855255][ T8433]        kernfs_fop_write_iter+0x379/0x4c0
[ 1539.861049][ T8433]        vfs_write+0x745/0xd60
[ 1539.865794][ T8433]        ksys_write+0x152/0x260
[ 1539.870842][ T8433]        do_syscall_64+0x4c/0xa0
[ 1539.875943][ T8433]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1539.882437][ T8433] 
[ 1539.882437][ T8433] -> #4 (system_transition_mutex/1){+.+.}-{3:3}:
[ 1539.891042][ T8433]        __mutex_lock_common+0x1e3/0x2400
[ 1539.896827][ T8433]        mutex_lock_nested+0x17/0x20
[ 1539.902090][ T8433]        software_resume+0x7c/0x3b0
[ 1539.907448][ T8433]        resume_store+0xe4/0x130
[ 1539.912367][ T8433]        kernfs_fop_write_iter+0x379/0x4c0
[ 1539.918243][ T8433]        vfs_write+0x745/0xd60
[ 1539.923337][ T8433]        ksys_write+0x152/0x260
[ 1539.928169][ T8433]        do_syscall_64+0x4c/0xa0
[ 1539.933087][ T8433]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1539.939482][ T8433] 
[ 1539.939482][ T8433] -> #3 (&of->mutex){+.+.}-{3:3}:
[ 1539.946672][ T8433]        __mutex_lock_common+0x1e3/0x2400
[ 1539.952374][ T8433]        mutex_lock_nested+0x17/0x20
[ 1539.957637][ T8433]        kernfs_seq_start+0x51/0x3c0
[ 1539.962908][ T8433]        seq_read_iter+0x3c4/0xd50
[ 1539.968015][ T8433]        vfs_read+0x759/0xd60
[ 1539.972682][ T8433]        ksys_read+0x152/0x260
[ 1539.977453][ T8433]        do_syscall_64+0x4c/0xa0
[ 1539.982376][ T8433]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1539.988784][ T8433] 
[ 1539.988784][ T8433] -> #2 (&p->lock){+.+.}-{3:3}:
[ 1539.996062][ T8433]        __mutex_lock_common+0x1e3/0x2400
[ 1540.001886][ T8433]        mutex_lock_nested+0x17/0x20
[ 1540.007151][ T8433]        seq_read_iter+0xad/0xd50
[ 1540.012450][ T8433]        do_iter_readv_writev+0x47e/0x5f0
[ 1540.018153][ T8433]        do_iter_read+0x20b/0x7c0
[ 1540.023386][ T8433]        loop_process_work+0x16dd/0x24a0
[ 1540.029188][ T8433]        process_one_work+0x85f/0x1010
[ 1540.034689][ T8433]        worker_thread+0xaa6/0x1290
[ 1540.039974][ T8433]        kthread+0x436/0x520
[ 1540.044570][ T8433]        ret_from_fork+0x1f/0x30
[ 1540.049490][ T8433] 
[ 1540.049490][ T8433] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}:
[ 1540.058674][ T8433]        process_one_work+0x7bb/0x1010
[ 1540.064291][ T8433]        worker_thread+0xaa6/0x1290
[ 1540.069565][ T8433]        kthread+0x436/0x520
[ 1540.074308][ T8433]        ret_from_fork+0x1f/0x30
[ 1540.079321][ T8433] 
[ 1540.079321][ T8433] -> #0 ((wq_completion)loop5){+.+.}-{0:0}:
[ 1540.087391][ T8433]        __lock_acquire+0x2c42/0x7d10
[ 1540.092781][ T8433]        lock_acquire+0x19e/0x400
[ 1540.097964][ T8433]        flush_workqueue+0x16c/0x13d0
[ 1540.103326][ T8433]        drain_workqueue+0xcf/0x380
[ 1540.108615][ T8433]        destroy_workqueue+0x7b/0xb20
[ 1540.114127][ T8433]        __loop_clr_fd+0x234/0xb90
[ 1540.119502][ T8433]        blkdev_put+0x53f/0x7d0
[ 1540.124339][ T8433]        blkdev_close+0x76/0xa0
[ 1540.129343][ T8433]        __fput+0x234/0x930
[ 1540.133828][ T8433]        task_work_run+0x125/0x1a0
[ 1540.138922][ T8433]        exit_to_user_mode_loop+0x10f/0x130
[ 1540.144800][ T8433]        exit_to_user_mode_prepare+0xee/0x180
[ 1540.150854][ T8433]        syscall_exit_to_user_mode+0x16/0x40
[ 1540.156998][ T8433]        do_syscall_64+0x58/0xa0
[ 1540.162013][ T8433]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1540.168586][ T8433] 
[ 1540.168586][ T8433] other info that might help us debug this:
[ 1540.168586][ T8433] 
[ 1540.179379][ T8433] Chain exists of:
[ 1540.179379][ T8433]   (wq_completion)loop5 --> &disk->open_mutex --> &lo->lo_mutex
[ 1540.179379][ T8433] 
[ 1540.193104][ T8433]  Possible unsafe locking scenario:
[ 1540.193104][ T8433] 
[ 1540.200532][ T8433]        CPU0                    CPU1
[ 1540.205879][ T8433]        ----                    ----
[ 1540.211229][ T8433]   lock(&lo->lo_mutex);
[ 1540.215452][ T8433]                                lock(&disk->open_mutex);
[ 1540.222710][ T8433]                                lock(&lo->lo_mutex);
[ 1540.229725][ T8433]   lock((wq_completion)loop5);
[ 1540.234556][ T8433] 
[ 1540.234556][ T8433]  *** DEADLOCK ***
[ 1540.234556][ T8433] 
[ 1540.242675][ T8433] 2 locks held by udevd/8433:
[ 1540.247425][ T8433]  #0: ffff888020a6bd18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0
[ 1540.257047][ T8433]  #1: ffff888020af1468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[ 1540.266547][ T8433] 
[ 1540.266547][ T8433] stack backtrace:
[ 1540.272420][ T8433] CPU: 0 PID: 8433 Comm: udevd Not tainted syzkaller #0
[ 1540.279615][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1540.289885][ T8433] Call Trace:
[ 1540.293177][ T8433]  <TASK>
[ 1540.296282][ T8433]  dump_stack_lvl+0x188/0x250
[ 1540.301030][ T8433]  ? load_image+0x400/0x400
[ 1540.305513][ T8433]  ? show_regs_print_info+0x20/0x20
[ 1540.310707][ T8433]  ? print_circular_bug+0x12b/0x1a0
[ 1540.315897][ T8433]  check_noncircular+0x296/0x330
[ 1540.320854][ T8433]  ? add_chain_block+0x940/0x940
[ 1540.325785][ T8433]  ? lockdep_lock+0xf1/0x1f0
[ 1540.330362][ T8433]  ? mark_lock+0x94/0x320
[ 1540.334696][ T8433]  __lock_acquire+0x2c42/0x7d10
[ 1540.339536][ T8433]  ? __lock_acquire+0x13bc/0x7d10
[ 1540.344542][ T8433]  ? verify_lock_unused+0x140/0x140
[ 1540.349726][ T8433]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1540.355778][ T8433]  ? verify_lock_unused+0x140/0x140
[ 1540.360963][ T8433]  ? memset+0x1e/0x40
[ 1540.364952][ T8433]  lock_acquire+0x19e/0x400
[ 1540.369558][ T8433]  ? flush_workqueue+0x150/0x13d0
[ 1540.374581][ T8433]  ? __mutex_trylock_common+0x155/0x260
[ 1540.380247][ T8433]  ? read_lock_is_recursive+0x10/0x10
[ 1540.385690][ T8433]  ? __init_swait_queue_head+0xa5/0x150
[ 1540.391220][ T8433]  flush_workqueue+0x16c/0x13d0
[ 1540.396271][ T8433]  ? flush_workqueue+0x150/0x13d0
[ 1540.401292][ T8433]  ? __lock_acquire+0x7d10/0x7d10
[ 1540.406299][ T8433]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1540.412613][ T8433]  ? _raw_spin_lock_irqsave+0x8b/0x100
[ 1540.418102][ T8433]  ? rcu_work_rcufn+0x120/0x120
[ 1540.422942][ T8433]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 1540.428556][ T8433]  ? finish_wait+0xc0/0x1d0
[ 1540.433044][ T8433]  drain_workqueue+0xcf/0x380
[ 1540.437705][ T8433]  destroy_workqueue+0x7b/0xb20
[ 1540.442536][ T8433]  __loop_clr_fd+0x234/0xb90
[ 1540.447128][ T8433]  ? lo_release+0x172/0x1f0
[ 1540.451713][ T8433]  ? lo_open+0x100/0x100
[ 1540.456042][ T8433]  blkdev_put+0x53f/0x7d0
[ 1540.460360][ T8433]  blkdev_close+0x76/0xa0
[ 1540.464841][ T8433]  ? blkdev_open+0x2c0/0x2c0
[ 1540.469522][ T8433]  __fput+0x234/0x930
[ 1540.473963][ T8433]  task_work_run+0x125/0x1a0
[ 1540.478652][ T8433]  exit_to_user_mode_loop+0x10f/0x130
[ 1540.484221][ T8433]  exit_to_user_mode_prepare+0xee/0x180
[ 1540.489933][ T8433]  syscall_exit_to_user_mode+0x16/0x40
[ 1540.495555][ T8433]  do_syscall_64+0x58/0xa0
[ 1540.500038][ T8433]  ? clear_bhb_loop+0x30/0x80
[ 1540.504705][ T8433]  ? clear_bhb_loop+0x30/0x80
[ 1540.509403][ T8433]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1540.515297][ T8433] RIP: 0033:0x7f036fde5407
[ 1540.519814][ T8433] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1540.539498][ T8433] RSP: 002b:00007ffe534c90e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[ 1540.548165][ T8433] RAX: 0000000000000000 RBX: 00007f036fcf7880 RCX: 00007f036fde5407
[ 1540.556313][ T8433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[ 1540.564555][ T8433] RBP: 00007f036fcf76e8 R08: 0000000000000000 R09: 0000000000000000
[ 1540.572898][ T8433] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[ 1540.581134][ T8433] R13: 00005592dc998410 R14: 0000000000000008 R15: 00005592dc9b1b30
[ 1540.589192][ T8433]  </TASK>