last executing test programs:

5.734021049s ago: executing program 3 (id=4022):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x92e5e}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x64, 0x10, 0x403, 0x78bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfb, 0x98f}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x600}, 0x0)

5.45886428s ago: executing program 3 (id=4023):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x17, 0x301, 0x70bd24, 0xfffffffc, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x200448d3}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)

5.045998955s ago: executing program 3 (id=4024):
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xa4, 0x0, &(0x7f0000000600)="878b7cdfd4455cf49da7ba6f280ae012ce80389a2aefe4fd04084554d7015aba5330d1b817d6c08af29938b8a9bc2b83462ddadaad3a3a5c0181a0203e49b12c99ac8757fc317fe672938a06f89c133d615cf8c6e94b3ac320fa50046f5c18ac35b49243870e4e6b90c76177feda5469369b2b5a4739cc0b68c1772f1c9b9320d88426bc8f139429054c85b62f2a1dfc705453bea4cabf1f5eee5a0d301fb7c62e36dba0"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

4.950921687s ago: executing program 1 (id=4026):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x2, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2b}}}]}, 0x38}}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000023c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r9 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r9)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r11 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000800060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c08000340000000042c0001800a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a320000000053ffffff1100010000000000000000000100000a606a2db19beb60e64118a4a83c07e27af3b7c47dd8887ab93c950ba234a52fe5a0150ee7f875041784f66e75023af561a566369410e841bf7b4233bb3bdacd5163b4e23925e1e2f072e3c6e179767892bd900d495c9184e44183625248c01716efda7240f2f168493062acb133bb289e709266db18e21a30bc9049fd8635fcc639160e0d18eccfd58b5dcec2d9a3efc3d98ff7b1ceb879fe71248393bcbedd7c105dca353d157069b2d1788b459f2d1c77cba07d80bf5d0366ae70c94464d50f6272ed30b1af5727e955f86403a66ae6b81a03180c328fa6cbc40b89bb184f51705fd76aa3f4837fda3a068e1df3e581a2884b50ea05827308dbcb32132e9308f9657794382564cfc993a39f354d0b49a743b1636e06b8b3ddf944cb9af423516eb26bda75e48e56c4eddbe7a7b26ff2c3ed1279a1ca0ea76f85"], 0xc0}}, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r11, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r11, &(0x7f0000004180)={0x2020, 0x0, <r13=>0x0}, 0x2020)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r11, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x7, 0xe5e}}, 0x28)
write$FUSE_INIT(r11, &(0x7f0000000040)={0x50, 0x0, r13, {0x7, 0x29, 0x0, 0x440, 0xfffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)

4.828605065s ago: executing program 2 (id=4027):
pipe(&(0x7f00000045c0))
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000003a00010325bd7000fcffffff0700000059b97b2bf7444ffd7c1baba8d110dadbf270019229b2550687127e25a1f962060c3a884bfaa2dcee7cde8c236f2afc6e88040f14fcb79860c84683ffbdaef67f475dbd745f1132ce076b98708cd84a3ed51c6a407d17172e58158c5be6dced6dc943ebc433779baf2c2169549d0b9e4d3771743f57620bfa67eafc2e9b"], 0x14}}, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000080, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20)

4.789574778s ago: executing program 4 (id=4028):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2b}}}]}, 0x38}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000023c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000800060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c08000340000000042c0001800a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a320000000053ffffff1100010000000000000000000100000a606a2db19beb60e64118a4a83c07e27af3b7c47dd8887ab93c950ba234a52fe5a0150ee7f875041784f66e75023af561a566369410e841bf7b4233bb3bdacd5163b4e23925e1e2f072e3c6e179767892bd900d495c9184e44183625248c01716efda7240f2f168493062acb133bb289e709266db18e21a30bc9049fd8635fcc639160e0d18eccfd58b5dcec2d9a3efc3d98ff7b1ceb879fe71248393bcbedd7c105dca353d157069b2d1788b459f2d1c77cba07d80bf5d0366ae70c94464d50f6272ed30b1af5727e955f86403a66ae6b81a03180c328fa6cbc40b89bb184f51705fd76aa3f4837fda3a068e1df3e581a2884b50ea05827308dbcb32132e9308f9657794382564cfc993a39f354d0b49a743b1636e06b8b3ddf944cb9af423516eb26bda75e48e56c4eddbe7a7b26ff2c3ed1279a1ca0ea76f858cd00afa"], 0xc0}}, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r7, &(0x7f0000004180)={0x2020, 0x0, <r9=>0x0}, 0x2020)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r7, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x7, 0xe5e}}, 0x28)
write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x29, 0x0, 0x440, 0xfffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)

4.668108026s ago: executing program 0 (id=4029):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff5644d, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r7, {}, {0xb, 0xb}, {0xf, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x0, 0x32, 0x5, 0xa, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x23, 0x7, 0xc, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000)
sendto$packet(r4, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc9119f992e83de525e4a4", 0x1e, 0x2000041, &(0x7f0000000080)={0x11, 0x88a8, r3, 0x1, 0xda, 0x6, @remote}, 0x14)

4.103338294s ago: executing program 0 (id=4030):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = socket(0x1, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010000d042abd70f8ffffffffffffff00", @ANYRES32=r2, @ANYBLOB="01000000000000002400128009000100626f6e6400000000140002800500010004"], 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, 0x0, 0x0)

3.833725135s ago: executing program 3 (id=4031):
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000400)={0x0, 0x0, '\x00', @raw_data=[0x0, 0xff, 0x6, 0x4, 0x5, 0xff, 0x3, 0xe0b, 0x4, 0x2, 0x1, 0x7d, 0x5, 0x5, 0x0, 0x31b0, 0x5, 0x7f, 0x2, 0xfffffffa, 0xdb9b, 0xd, 0x54, 0x80000000, 0xa, 0x1ff, 0x2, 0x3, 0x8, 0xffffff48, 0xff, 0x10]})
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="660a000000000000611184000000000095020000000000003c"], 0x0}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xff, 0x1, 0x10, 0x3ff, 0x4, 0x6}, {0xf, 0x1, 0x2, 0x1, 0x5}, 0x4, 0x100, 0x1b8c}}, @TCA_TBF_RATE64={0xc, 0x4, 0x2fd9e5fb6e622145}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x4094)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r5)

3.810046151s ago: executing program 2 (id=4032):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd7f4f000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)={0x14, 0x0, 0xf002135a49ffa319, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000a00)='.\x00', &(0x7f0000000040)='ocfs2\x00', 0x800, 0x0)

3.628214488s ago: executing program 1 (id=4033):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x101800, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0xcc88, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0xb201ffff)
r5 = syz_pidfd_open(r3, 0x0)
pidfd_getfd(r5, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xffffffffffffffff)
r7 = fsopen(&(0x7f00000001c0)='romfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r6, 0xc048aec8, &(0x7f0000000500)={0x4, 0xc0011037, 0x0, 0x0})
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400002)
capset(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x181801, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r8, 0xf504, 0x0)

3.627749088s ago: executing program 0 (id=4034):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008340)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0xfa, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8652b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
dup2(r2, r0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x800000000000, 0x0, 0x3ff, 0x4, 0x100000000, 0x8000000000000000}, 0x0, &(0x7f00000001c0)={0x1f, 0x4, 0x7, 0x400000000000, 0x229c, 0x80000000, 0x800000000000004, 0x2}, 0x0, 0x0)

3.560274395s ago: executing program 4 (id=4035):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x17, 0x301, 0x70bd24, 0xfffffffc, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x200448d3}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)

3.52966482s ago: executing program 3 (id=4036):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)="290000002000190f00003fffffffda060a00008bfee80001dd0048040d0006", 0x1f}], 0x1)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@dev, @local, <r2=>0x0}, &(0x7f00000000c0)=0xc)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000080008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_PEC(r4, 0x708, 0x2)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000100)={0x0, 0x6, 0x5, &(0x7f0000000080)={0x1f, "14a6c63d876ff44271f19ca6e4482707dab7299602aed83463604d70b41d4008e3"}})
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000080)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB="001105"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = syz_open_dev$I2C(&(0x7f00000004c0), 0x2, 0x40402)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000200)={0x0, 0x8, 0x5, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x2, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7d1}, 0x1c)
bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(0xffffffffffffffff, 0x6)
r7 = syz_io_uring_complete(0x0)
pselect6(0x40, &(0x7f0000000180)={0x80000001, 0x3, 0x8ea0, 0x17b, 0x6, 0x1, 0xa, 0x1ff}, &(0x7f00000001c0)={0x9, 0x9, 0x4f08, 0x400, 0x175, 0x4, 0x100, 0x7}, 0x0, &(0x7f0000000400), 0x0)
mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8)
ioctl$SG_GET_LOW_DMA(r7, 0x227a, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

3.516447098s ago: executing program 2 (id=4037):
r0 = io_uring_setup(0x71b7, &(0x7f00000000c0)={0x0, 0xc43c, 0x1, 0x0, 0x201})
io_uring_enter(r0, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)

2.366490919s ago: executing program 1 (id=4038):
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2, 0x0, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0xc, 0xfc, 0x0, 0x1, [@typed={0x8, 0x5, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)

2.25643061s ago: executing program 2 (id=4039):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)

2.120654945s ago: executing program 4 (id=4040):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket(0x10, 0x3, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x1a000, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x9, 0x7}]})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x2)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@multicast, @remote, @val={@val={0x88a8, 0x5, 0x0, 0x2}, {0x8100, 0x0, 0x1, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x10, 0x3a, 0xff, @local, @mcast1, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4100}}}}}}, 0x0)

1.411794096s ago: executing program 0 (id=4041):
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xa4, 0x0, &(0x7f0000000600)="878b7cdfd4455cf49da7ba6f280ae012ce80389a2aefe4fd04084554d7015aba5330d1b817d6c08af29938b8a9bc2b83462ddadaad3a3a5c0181a0203e49b12c99ac8757fc317fe672938a06f89c133d615cf8c6e94b3ac320fa50046f5c18ac35b49243870e4e6b90c76177feda5469369b2b5a4739cc0b68c1772f1c9b9320d88426bc8f139429054c85b62f2a1dfc705453bea4cabf1f5eee5a0d301fb7c62e36dba0"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

461.940144ms ago: executing program 0 (id=4042):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000200)='bridge0\x00')

416.305206ms ago: executing program 3 (id=4043):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x2, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2b}}}]}, 0x38}}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000023c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r9 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r9)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r11 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000800060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c08000340000000042c0001800a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a320000000053ffffff1100010000000000000000000100000a606a2db19beb60e64118a4a83c07e27af3b7c47dd8887ab93c950ba234a52fe5a0150ee7f875041784f66e75023af561a566369410e841bf7b4233bb3bdacd5163b4e23925e1e2f072e3c6e179767892bd900d495c9184e44183625248c01716efda7240f2f168493062acb133bb289e709266db18e21a30bc9049fd8635fcc639160e0d18eccfd58b5dcec2d9a3efc3d98ff7b1ceb879fe71248393bcbedd7c105dca353d157069b2d1788b459f2d1c77cba07d80bf5d0366ae70c94464d50f6272ed30b1af5727e955f86403a66ae6b81a03180c328fa6cbc40b89bb184f51705fd76aa3f4837fda3a068e1df3e581a2884b50ea05827308dbcb32132e9308f9657794382564cfc993a39f354d0b49a743b1636e06b8b3ddf944cb9af423516eb26bda75e48e56c4eddbe7a7b26ff2c3ed1279a1ca0ea76f85"], 0xc0}}, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r11, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r11, &(0x7f0000004180)={0x2020, 0x0, <r13=>0x0}, 0x2020)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r11, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x7, 0xe5e}}, 0x28)
write$FUSE_INIT(r11, &(0x7f0000000040)={0x50, 0x0, r13, {0x7, 0x29, 0x0, 0x440, 0xfffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)

340.593762ms ago: executing program 1 (id=4044):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = socket(0x1, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010000d042abd70f8ffffffffffffff00", @ANYRES32=r2, @ANYBLOB="01000000000000002400128009000100626f6e6400000000140002800500010004"], 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, 0x0, 0x0)

306.298086ms ago: executing program 2 (id=4045):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/resume', 0x18b502, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0])
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r2, 0x0, 0x0, 0x50040, &(0x7f00000001c0)={0x11, 0x3, 0x0, 0x1, 0xd8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)

256.263127ms ago: executing program 4 (id=4046):
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000400)={0x0, 0x0, '\x00', @raw_data=[0x0, 0xff, 0x6, 0x4, 0x5, 0xff, 0x3, 0xe0b, 0x4, 0x2, 0x1, 0x7d, 0x5, 0x5, 0x0, 0x31b0, 0x5, 0x7f, 0x2, 0xfffffffa, 0xdb9b, 0xd, 0x54, 0x80000000, 0xa, 0x1ff, 0x2, 0x3, 0x8, 0xffffff48, 0xff, 0x10]})
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xff, 0x1, 0x10, 0x3ff, 0x4, 0x6}, {0xf, 0x1, 0x2, 0x1, 0x5}, 0x4, 0x100, 0x1b8c}}, @TCA_TBF_RATE64={0xc, 0x4, 0x2fd9e5fb6e622145}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x4094)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r5)

180.430943ms ago: executing program 1 (id=4047):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x0, 0x0, 0x0, 0x0, 0x1}})

180.178423ms ago: executing program 0 (id=4048):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
read(r2, &(0x7f00000000c0)=""/20, 0x14)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

93.977427ms ago: executing program 4 (id=4049):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x2000000, 0x0, 0x0, 0x37, 0x0, 0x12, 0x0, 0x2})

72.910684ms ago: executing program 1 (id=4050):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x17, 0x301, 0x70bd24, 0xfffffffc, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x200448d3}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)

265.79µs ago: executing program 2 (id=4051):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000034)
chdir(0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, 0x0, 0x0, 0x4000841)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x20)
socket$isdn(0x22, 0x2, 0x25)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008b40)={0x28, 0x40, 0x1, 0x70bd25, 0x4, {0x4}, [@nested={0x4, 0x48}, @nested={0x4, 0x1}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xba01, 0x0, 0x4000050}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r5, 0x0, 0x0)
listen(r5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_ringparam={0x33, 0x83, 0x20000a2f, 0x401000, 0xe, 0x3, 0x2000000, 0x1, 0x3000000}})

0s ago: executing program 4 (id=4052):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00000000000000130000000000000000005aaadf04fc1c0a0a", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
pselect6(0x40, &(0x7f00000010c0)={0x3, 0x3, 0x7f, 0x8000000000000000, 0x6e, 0x1000, 0x3, 0x240000000000000}, 0x0, &(0x7f0000001140)={0x8, 0x1, 0x3, 0x6, 0x5, 0x9, 0x8}, &(0x7f0000001180), 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

batman_adv: batadv0: Interface activated: batadv_slave_1
[  837.032953][ T1107] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  837.040370][T15416] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  837.053115][T15416] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  837.063708][T15416] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  837.072691][T15416] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  837.081300][ T1107] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  837.090186][T10446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  837.091959][ T4627] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  837.099820][T10446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  837.117811][T15519] dvb-usb: bulk message failed: -22 (8/0)
[  837.130037][T15519] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  837.150120][ T1107] usb 5-1: media controller created
[  837.179890][T15519] ttusb2: i2c transfer failed.
[  837.183942][T15543] tipc: Started in network mode
[  837.188280][ T1107] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  837.189559][T15543] tipc: Node identity feaee455ef53, cluster identity 4711
[  837.199894][T15544] binder: BINDER_SET_CONTEXT_MGR already set
[  837.220850][T15543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  837.227681][T15544] binder: 15541:15544 ioctl 4018620d 200000004a80 returned -16
[  837.257858][ T1107] usb 5-1: selecting invalid altsetting 3
[  837.266588][ T1107] ttusb2: set interface to alts=3 failed
[  837.278832][T15545] device syzkaller0 entered promiscuous mode
[  837.326690][ T1107] DVB: Unable to find symbol tda10086_attach()
[  837.333301][ T1107] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  837.353199][T15543] tipc: Resetting bearer <eth:syzkaller0>
[  837.360777][T15542] tipc: Resetting bearer <eth:syzkaller0>
[  837.368479][T10446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.371877][ T1107] dvb-usb: bulk message failed: -22 (4/0)
[  837.382917][ T1107] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  837.386584][T10446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.394131][ T1107] dvb-usb: bulk message failed: -22 (5/0)
[  837.407352][ T1107] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  837.417749][ T1107] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  837.438305][ T1107] usb 5-1: USB disconnect, device number 40
[  837.456319][T15542] tipc: Disabling bearer <eth:syzkaller0>
[  837.476490][ T1107] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  837.477376][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  837.530378][T10446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.546406][T10446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.558382][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  837.567687][T15550] netlink: 'syz.3.3076': attribute type 1 has an invalid length.
[  837.576327][ T4627] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  837.591606][ T4627] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.609560][ T4627] usb 2-1: config 0 descriptor??
[  837.664033][ T4627] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  838.734482][T15577] input: syz0 as /devices/virtual/input/input39
[  838.979977][T14533] bond4: (slave vlan2): Releasing active interface
[  839.123484][T15576] chnl_net:caif_netlink_parms(): no params data found
[  839.240730][T15576] bridge0: port 1(bridge_slave_0) entered blocking state
[  839.249163][T15576] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.267590][T15576] device bridge_slave_0 entered promiscuous mode
[  839.296229][T15576] bridge0: port 2(bridge_slave_1) entered blocking state
[  839.318255][T15576] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.333190][T15576] device bridge_slave_1 entered promiscuous mode
[  839.390199][ T4627] usb 2-1: USB disconnect, device number 34
[  839.412831][T15576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  839.425310][T15576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  839.460064][T15576] team0: Port device team_slave_0 added
[  839.470157][T15576] team0: Port device team_slave_1 added
[  839.512686][T15576] batman_adv: batadv0: Adding interface: batadv_slave_0
[  839.520026][T15576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  839.547224][T15576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  839.561137][T15576] batman_adv: batadv0: Adding interface: batadv_slave_1
[  839.568332][T15576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  839.597340][T15576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  839.694062][T15576] device hsr_slave_0 entered promiscuous mode
[  839.709350][T15576] device hsr_slave_1 entered promiscuous mode
[  839.722662][T15576] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  839.742210][T15576] Cannot create hsr debugfs directory
[  839.902917][T15576] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  839.914096][T15576] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.020131][T15576] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  840.045826][T15576] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.136355][T15576] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  840.164456][T15576] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.220744][T15598] netlink: 'syz.1.3087': attribute type 1 has an invalid length.
[  840.261283][T15598] 8021q: adding VLAN 0 to HW filter on device bond3
[  840.286104][T15596] tipc: Started in network mode
[  840.291234][T15596] tipc: Node identity 560a6fe93e99, cluster identity 4711
[  840.324424][T15596] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  840.347060][T15601] device syzkaller0 entered promiscuous mode
[  840.391477][T15596] tipc: Resetting bearer <eth:syzkaller0>
[  840.425775][T15576] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  840.437119][T15576] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.450475][T15595] tipc: Resetting bearer <eth:syzkaller0>
[  840.514425][T15608] hugetlbfs: syz.0.3088 (15608): Using mlock ulimits for SHM_HUGETLB is deprecated
[  840.681307][T15595] tipc: Disabling bearer <eth:syzkaller0>
[  840.804755][ T4632] Bluetooth: hci1: command 0x0409 tx timeout
[  841.316495][T15576] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  841.346805][T15576] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  841.414310][T15576] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  841.741899][ T4627] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  841.968559][T15576] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  842.213721][T15635] binder: BINDER_SET_CONTEXT_MGR already set
[  842.223451][ T4627] usb 4-1: Using ep0 maxpacket: 8
[  842.229021][T15635] binder: 15634:15635 ioctl 4018620d 200000000200 returned -16
[  842.263235][T15576] 8021q: adding VLAN 0 to HW filter on device bond0
[  842.284188][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  842.313985][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  842.389056][T15576] 8021q: adding VLAN 0 to HW filter on device team0
[  842.428270][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  842.446244][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  842.465656][ T4598] bridge0: port 1(bridge_slave_0) entered blocking state
[  842.472793][ T4598] bridge0: port 1(bridge_slave_0) entered forwarding state
[  842.482711][T15546] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  842.509428][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  842.518137][ T4627] usb 4-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  842.538006][ T4627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.548728][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  842.568053][ T4627] usb 4-1: Product: syz
[  842.572738][ T4627] usb 4-1: Manufacturer: syz
[  842.577338][ T4627] usb 4-1: SerialNumber: syz
[  842.583846][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  842.594143][ T4598] bridge0: port 2(bridge_slave_1) entered blocking state
[  842.601247][ T4598] bridge0: port 2(bridge_slave_1) entered forwarding state
[  842.641363][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  842.725007][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  842.745433][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  842.755950][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  842.774293][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  842.796417][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  842.812695][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  842.823281][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  842.837490][T15576] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  842.854656][T15576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  842.862464][T15546] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  842.877900][T15546] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  842.888487][T15546] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00
[  842.900884][T15546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.911287][T15546] usb 2-1: config 0 descriptor??
[  842.916505][ T4627] mxuport 4-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  842.926290][ T4624] Bluetooth: hci1: command 0x041b tx timeout
[  842.943888][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  842.954574][ T4627] mxuport 4-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  842.958870][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  842.963837][ T4627] mxuport: probe of 4-1:254.0 failed with error -71
[  842.974850][ T4627] usb 4-1: USB disconnect, device number 39
[  842.996910][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  843.067370][T15654] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  843.157561][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  843.166625][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  843.185008][T15576] 8021q: adding VLAN 0 to HW filter on device batadv0
[  843.205975][T15654] device syzkaller0 entered promiscuous mode
[  843.233408][T15654] tipc: Resetting bearer <eth:syzkaller0>
[  843.253437][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  843.274000][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  843.288632][T15576] device veth0_vlan entered promiscuous mode
[  843.296680][T15653] tipc: Resetting bearer <eth:syzkaller0>
[  843.310652][T15653] tipc: Disabling bearer <eth:syzkaller0>
[  843.330903][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  843.345963][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  843.367135][T15576] device veth1_vlan entered promiscuous mode
[  843.379399][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  843.426942][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  843.441213][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  843.454774][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.480549][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  843.494045][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.497103][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  843.524795][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.540562][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.548541][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.550617][T15662] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input40
[  843.567230][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.576335][T15546] itetech 0003:06CB:73F5.0036: unknown main item tag 0x0
[  843.585437][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  843.599555][T15546] itetech 0003:06CB:73F5.0036: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.1-1/input0
[  843.626910][T15576] device veth0_macvtap entered promiscuous mode
[  843.658075][T15546] usb 2-1: USB disconnect, device number 35
[  843.707287][T15663] device syzkaller0 entered promiscuous mode
[  843.725574][T15576] device veth1_macvtap entered promiscuous mode
[  843.799042][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.848149][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.863006][T15669] fido_id[15669]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  843.888723][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.919731][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.984459][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  844.029830][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.042327][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  844.053182][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.063742][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  844.076701][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.116481][T15576] batman_adv: batadv0: Interface activated: batadv_slave_0
[  844.212348][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  844.231279][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  844.250124][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  844.271167][T10671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  844.302619][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.361115][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.379749][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.436656][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.501350][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.512842][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.524053][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.539833][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.551227][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.562982][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.573707][T15576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.584620][T15576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.595862][T15576] batman_adv: batadv0: Interface activated: batadv_slave_1
[  844.604143][T15557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  844.806419][T15692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3108'.
[  844.863328][T15692] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  844.890654][T15692] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  845.036551][ T4627] Bluetooth: hci1: command 0x040f tx timeout
[  845.046082][T15557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  845.344708][T15576] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  845.379103][T15576] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  845.395693][T15576] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  845.421602][T15576] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  845.552577][    T7] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  845.654853][T11166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.691733][T11166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.794748][T11235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  845.843281][T11166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.870142][T11166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.918560][T11235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  845.941777][    T7] usb 4-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  845.992430][    T7] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  847.821676][   T26] audit: type=1326 audit(1773176991.611:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15704 comm="syz.2.3078" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f58cba0f799 code=0x0
[  848.191002][T15284] Bluetooth: hci1: command 0x0419 tx timeout
[  849.521734][ T4234] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  849.681830][    T7] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  849.703863][    T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.768649][    T7] usb 4-1: Product: syz
[  849.782330][ T4234] usb 5-1: Using ep0 maxpacket: 8
[  849.791836][    T7] usb 4-1: Manufacturer: syz
[  849.907889][ T4234] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  849.938400][ T4234] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  849.956398][ T4234] usb 5-1: config 0 interface 0 has no altsetting 0
[  849.964868][    T7] usb 4-1: can't set config #1, error -71
[  850.154631][    T7] usb 4-1: USB disconnect, device number 40
[  850.391182][ T4234] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  850.556122][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.640527][ T4234] usb 5-1: config 0 descriptor??
[  850.701086][T15728] device syzkaller0 entered promiscuous mode
[  850.714425][T15284] hid (null): global environment stack underflow
[  850.748455][T15284] hid (null): report_id 0 is invalid
[  850.830065][T15284] hid-generic 0004:0040:0009.0037: unknown main item tag 0x5
[  850.867869][T15284] hid-generic 0004:0040:0009.0037: global environment stack underflow
[  850.928291][T15284] hid-generic 0004:0040:0009.0037: item 0 1 1 11 parsing failed
[  850.977077][T15284] hid-generic: probe of 0004:0040:0009.0037 failed with error -22
[  851.006070][T15746] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3120'.
[  851.143891][ T4234] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  851.167219][ T4234] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  851.193856][ T4234] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  851.220803][ T4234] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  851.228767][ T4234] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  851.237776][ T4234] mcp2221 0003:04D8:00DD.0038: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  851.345836][ T4234] usb 5-1: USB disconnect, device number 41
[  851.541723][    T7] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  851.942223][    T7] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  851.962208][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.982149][T15754] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  852.017728][    T7] usb 4-1: config 0 descriptor??
[  852.063692][    T7] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  852.399861][   T26] audit: type=1326 audit(1773176996.281:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.452907][   T26] audit: type=1326 audit(1773176996.331:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.529603][   T26] audit: type=1326 audit(1773176996.341:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.575690][   T26] audit: type=1326 audit(1773176996.361:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.628710][   T26] audit: type=1326 audit(1773176996.381:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.775369][   T26] audit: type=1326 audit(1773176996.441:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  852.883528][   T26] audit: type=1326 audit(1773176996.461:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  853.011182][ T4200] Bluetooth: hci5: unknown advertising packet type: 0x65
[  853.011264][ T4200] Bluetooth: hci5: Dropping invalid advertising data
[  853.025426][   T26] audit: type=1326 audit(1773176996.461:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  853.026294][ T4200] Bluetooth: hci5: Malicious advertising data.
[  853.265626][   T26] audit: type=1326 audit(1773176996.461:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  853.421436][   T26] audit: type=1326 audit(1773176996.481:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  853.551188][   T26] audit: type=1326 audit(1773176996.591:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  853.694819][    T7] usb 4-1: USB disconnect, device number 41
[  853.724482][   T26] audit: type=1326 audit(1773176996.591:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15755 comm="syz.2.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58cba0f799 code=0x7ffc0000
[  854.790173][T15784] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3130'.
[  857.100813][T15810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3136'.
[  857.173693][T15817] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3136'.
[  857.248092][T15820] overlayfs: missing 'lowerdir'
[  858.020390][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  858.030568][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:5 Not tainted syzkaller #0
[  858.038144][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  858.048406][ T4200] Workqueue: hci3 hci_rx_work
[  858.053110][ T4200] Call Trace:
[  858.056394][ T4200]  <TASK>
[  858.059325][ T4200]  dump_stack_lvl+0x188/0x250
[  858.064009][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.069826][ T4200]  ? show_regs_print_info+0x20/0x20
[  858.075033][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.080776][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  858.085903][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  858.090584][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  858.095795][ T4200]  kobject_add_internal+0x6e0/0xd90
[  858.101020][ T4200]  kobject_add+0x160/0x230
[  858.105459][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.111104][ T4200]  ? kobject_init+0x1d0/0x1d0
[  858.115792][ T4200]  ? klist_children_get+0x50/0x50
[  858.120824][ T4200]  ? get_device_parent+0x121/0x3f0
[  858.125942][ T4200]  device_add+0x483/0xfb0
[  858.130291][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  858.135246][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  858.140556][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  858.145691][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  858.150899][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.156559][ T4200]  hci_le_meta_evt+0x285/0x3c90
[  858.161421][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.167063][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  858.172273][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  858.177925][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  858.184003][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  858.189646][ T4200]  ? mark_lock+0x94/0x320
[  858.193981][ T4200]  ? mutex_unlock+0x10/0x10
[  858.198494][ T4200]  ? mark_lock+0x94/0x320
[  858.202831][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  858.208826][ T4200]  hci_event_packet+0xe48/0x1370
[  858.213778][ T4200]  ? rcu_lock_release+0x20/0x20
[  858.218635][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  858.223842][ T4200]  hci_rx_work+0x255/0xa10
[  858.228281][ T4200]  process_one_work+0x85f/0x1010
[  858.233339][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  858.238975][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  858.244270][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  858.249339][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  858.254993][ T4200]  ? wq_worker_running+0x97/0x170
[  858.260038][ T4200]  worker_thread+0xaa6/0x1290
[  858.264756][ T4200]  kthread+0x436/0x520
[  858.268847][ T4200]  ? rcu_lock_release+0x20/0x20
[  858.273705][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  858.278299][ T4200]  ret_from_fork+0x1f/0x30
[  858.282749][ T4200]  </TASK>
[  858.309653][ T4200] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  858.324304][ T4200] Bluetooth: hci3: failed to register connection device
[  859.071129][T15851] device syzkaller0 entered promiscuous mode
[  859.151907][ T4232] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  859.790114][   T26] audit: type=1326 audit(1773177003.421:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15846 comm="syz.0.3144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd8ee1d799 code=0x7ffc0000
[  859.831910][ T4232] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  859.861696][ T4232] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.908431][   T26] audit: type=1326 audit(1773177003.701:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15846 comm="syz.0.3144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd8ee1d799 code=0x7ffc0000
[  859.994646][ T4232] usb 2-1: config 0 descriptor??
[  860.076499][ T4232] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  860.475907][T15867] binder: BINDER_SET_CONTEXT_MGR already set
[  860.501906][T15867] binder: 15866:15867 ioctl 4018620d 200000000100 returned -16
[  860.572239][T15869] binder: BINDER_SET_CONTEXT_MGR already set
[  860.591813][T15869] binder: 15866:15869 ioctl 4018620d 200000004a80 returned -16
[  861.109383][T15881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3153'.
[  861.413146][T15890] device syzkaller0 entered promiscuous mode
[  861.692904][ T4232] usb 2-1: USB disconnect, device number 36
[  861.836162][T15905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3161'.
[  862.012504][T15914] binder: 15913:15914 ioctl c0306201 0 returned -14
[  862.029770][T15907] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  862.247033][T15917] loop2: detected capacity change from 0 to 7
[  862.270856][ T4912] Dev loop2: unable to read RDB block 7
[  862.279831][ T4912]  loop2: AHDI p1 p2 p3
[  862.294965][ T4912] loop2: partition table partially beyond EOD, truncated
[  862.303648][T15918] binder: BINDER_SET_CONTEXT_MGR already set
[  862.319465][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  862.331302][T15918] binder: 15916:15918 ioctl 4018620d 200000004a80 returned -16
[  862.346841][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  862.370387][T15917] Dev loop2: unable to read RDB block 7
[  862.388999][T15917]  loop2: AHDI p1 p2 p3
[  862.407859][T15917] loop2: partition table partially beyond EOD, truncated
[  862.437165][T15917] loop2: p1 start 1601398130 is beyond EOD, truncated
[  862.456463][T15917] loop2: p2 start 1702059890 is beyond EOD, truncated
[  862.799803][T15925] device syzkaller0 entered promiscuous mode
[  862.994271][T15930] device syzkaller0 entered promiscuous mode
[  863.492156][   T26] audit: type=1326 audit(1773177007.381:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  863.645605][   T26] audit: type=1326 audit(1773177007.391:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  863.733119][   T26] audit: type=1326 audit(1773177007.401:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  863.832237][   T26] audit: type=1326 audit(1773177007.411:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  863.936335][   T26] audit: type=1326 audit(1773177007.451:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  864.090430][   T26] audit: type=1326 audit(1773177007.501:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  864.251883][   T26] audit: type=1326 audit(1773177007.501:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15934 comm="syz.3.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  864.274248][    C1] vkms_vblank_simulate: vblank timer overrun
[  864.291738][T15932] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.299029][T15932] bridge0: port 1(bridge_slave_0) entered disabled state
[  864.593064][T15952] binder: 15951:15952 ioctl 4018620d 0 returned -22
[  865.089781][T15932] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  865.163697][T15932] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  865.519632][T15957] loop2: detected capacity change from 0 to 7
[  865.547860][ T4912] Dev loop2: unable to read RDB block 7
[  865.553668][ T4912]  loop2: AHDI p1 p2 p3
[  865.570618][T15958] binder: BINDER_SET_CONTEXT_MGR already set
[  865.581771][T15958] binder: 15956:15958 ioctl 4018620d 200000004a80 returned -16
[  865.581793][ T4912] loop2: partition table partially beyond EOD, truncated
[  865.637851][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  865.653393][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  865.672173][T15957] Dev loop2: unable to read RDB block 7
[  865.678259][T15957]  loop2: AHDI p1 p2 p3
[  865.701716][T15957] loop2: partition table partially beyond EOD, truncated
[  865.722467][T15957] loop2: p1 start 1601398130 is beyond EOD, truncated
[  865.741868][T15957] loop2: p2 start 1702059890 is beyond EOD, truncated
[  865.800490][T15960] binder: BINDER_SET_CONTEXT_MGR already set
[  865.817664][T15960] binder: 15959:15960 ioctl 4018620d 200000004a80 returned -16
[  865.895502][T15932] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  865.910663][T15932] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  865.930250][T15932] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  865.941010][T15932] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  866.012838][T15963] binder: 15962:15963 ioctl c0306201 0 returned -14
[  866.163445][T11343] tipc: Left network mode
[  866.210470][T15968] device syzkaller0 entered promiscuous mode
[  866.260069][T11343] device ip6gretap0 left promiscuous mode
[  866.269186][T11343] bond4: (slave ip6gretap1): Removing an active aggregator
[  866.279463][T11343] bond4: (slave ip6gretap1): Releasing backup interface
[  866.304623][T15971] device syzkaller0 entered promiscuous mode
[  866.437279][T15973] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  867.148259][T15993] binder: 15991:15993 ioctl 4018620d 0 returned -22
[  867.209204][T15999] binder: 15998:15999 ioctl c0306201 0 returned -14
[  867.222546][T15999] loop2: detected capacity change from 0 to 7
[  867.261869][T15999] Dev loop2: unable to read RDB block 7
[  867.279056][T15999]  loop2: AHDI p1 p2 p3
[  867.305045][T15999] loop2: partition table partially beyond EOD, truncated
[  867.339007][T15999] loop2: p1 start 1601398130 is beyond EOD, truncated
[  867.348715][T15999] loop2: p2 start 1702059890 is beyond EOD, truncated
[  868.318064][T16016] device syzkaller0 entered promiscuous mode
[  868.484191][T16032] device syzkaller0 entered promiscuous mode
[  868.529184][T16027] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  869.158675][T11343] device bridge0 left promiscuous mode
[  869.167459][T11343] device team0 left promiscuous mode
[  869.187135][T11343] device hsr_slave_0 left promiscuous mode
[  869.199707][T11343] device hsr_slave_1 left promiscuous mode
[  869.326446][T11343] device veth1_macvtap left promiscuous mode
[  869.347457][T11343] device veth0_macvtap left promiscuous mode
[  869.370419][T11343] device veth1_vlan left promiscuous mode
[  869.401168][T11343] device veth0_vlan left promiscuous mode
[  869.923500][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  869.930280][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  870.033030][T16058] binder: 16055:16058 ioctl c0306201 0 returned -14
[  870.044906][T16058] loop2: detected capacity change from 0 to 7
[  870.102108][T16058] Dev loop2: unable to read RDB block 7
[  870.115300][T16058]  loop2: AHDI p1 p2 p3
[  870.131771][T16058] loop2: partition table partially beyond EOD, truncated
[  870.165616][T16058] loop2: p1 start 1601398130 is beyond EOD, truncated
[  870.181864][T16058] loop2: p2 start 1702059890 is beyond EOD, truncated
[  870.259363][T16065] binder: 16064:16065 ioctl 4018620d 0 returned -22
[  870.489255][T11343] bond6 (unregistering): Released all slaves
[  872.088781][T16068] nfs: Unknown parameter 'acÿÿÿÿ'
[  872.220041][T11343] bond5 (unregistering): Released all slaves
[  872.255067][T11343] bond4 (unregistering): Released all slaves
[  872.269808][T11343] bond3 (unregistering): Released all slaves
[  872.284951][T11343] bond2 (unregistering): Released all slaves
[  872.310788][T11343] bond1 (unregistering): Released all slaves
[  872.675612][T11343] bond0 (unregistering): Released all slaves
[  872.738747][T16072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3202'.
[  873.586644][T16090] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  874.359700][T16109] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3211'.
[  874.400684][T16117] binder: 16115:16117 ioctl c0306201 0 returned -14
[  874.429078][T16117] loop2: detected capacity change from 0 to 7
[  874.446980][ T4912] Dev loop2: unable to read RDB block 7
[  874.453309][ T4912]  loop2: AHDI p1 p2 p3
[  874.462761][ T4912] loop2: partition table partially beyond EOD, truncated
[  874.486771][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  874.512736][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  874.543385][T16117] Dev loop2: unable to read RDB block 7
[  874.549984][T16117]  loop2: AHDI p1 p2 p3
[  874.557711][T16117] loop2: partition table partially beyond EOD, truncated
[  874.573658][T16117] loop2: p1 start 1601398130 is beyond EOD, truncated
[  874.595751][T16117] loop2: p2 start 1702059890 is beyond EOD, truncated
[  875.185773][T16138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3219'.
[  875.233699][T16137] ipt_ECN: cannot use operation on non-tcp rule
[  875.997560][T16150] loop6: detected capacity change from 0 to 7
[  876.085390][ T4912] Dev loop6: unable to read RDB block 7
[  876.090993][ T4912]  loop6: AHDI p2 p3
[  876.101904][ T4912] loop6: partition table partially beyond EOD, truncated
[  876.109699][ T4912] loop6: p2 size 157513074 extends beyond EOD, truncated
[  876.149736][   T26] audit: type=1326 audit(1773177020.031:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16147 comm="syz.4.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  876.172143][    C0] vkms_vblank_simulate: vblank timer overrun
[  876.192793][T16150] Dev loop6: unable to read RDB block 7
[  876.250983][T16150]  loop6: AHDI p2 p3
[  876.311030][T16150] loop6: partition table partially beyond EOD, truncated
[  876.483531][T16150] loop6: p2 size 157513074 extends beyond EOD, truncated
[  876.624382][   T26] audit: type=1326 audit(1773177020.511:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16147 comm="syz.4.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  877.246003][T16163] binder: 16162:16163 ioctl c0306201 0 returned -14
[  877.307379][T16165] loop2: detected capacity change from 0 to 7
[  877.332394][T16165] Dev loop2: unable to read RDB block 7
[  877.338013][T16165]  loop2: AHDI p1 p2 p3
[  877.351352][T16165] loop2: partition table partially beyond EOD, truncated
[  877.361084][T16165] loop2: p1 start 1601398130 is beyond EOD, truncated
[  877.368587][T16165] loop2: p2 start 1702059890 is beyond EOD, truncated
[  877.409135][ T3561] Dev loop2: unable to read RDB block 7
[  877.424603][ T3561]  loop2: AHDI p1 p2 p3
[  877.428804][ T3561] loop2: partition table partially beyond EOD, truncated
[  877.447887][ T3561] loop2: p1 start 1601398130 is beyond EOD, truncated
[  877.460464][ T3561] loop2: p2 start 1702059890 is beyond EOD, truncated
[  877.491680][ T4627] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  877.739737][T16186] netlink: 'syz.2.3231': attribute type 1 has an invalid length.
[  877.773753][T16186] 8021q: adding VLAN 0 to HW filter on device bond1
[  877.891786][ T4627] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  877.924804][ T4627] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.959041][ T4627] usb 4-1: config 0 descriptor??
[  878.005136][T16197] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3233'.
[  878.016392][ T4627] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  878.355902][   T26] audit: type=1326 audit(1773177022.241:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.468687][   T26] audit: type=1326 audit(1773177022.271:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.503195][T16209] loop6: detected capacity change from 0 to 7
[  878.528073][ T4268] Dev loop6: unable to read RDB block 7
[  878.538676][ T4268]  loop6: AHDI p2 p3
[  878.565282][ T4268] loop6: partition table partially beyond EOD, truncated
[  878.589692][ T4268] loop6: p2 size 157513074 extends beyond EOD, truncated
[  878.650591][   T26] audit: type=1326 audit(1773177022.271:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.713361][T16209] Dev loop6: unable to read RDB block 7
[  878.724366][   T26] audit: type=1326 audit(1773177022.271:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.746857][T16209]  loop6: AHDI p2 p3
[  878.746886][T16209] loop6: partition table partially beyond EOD, truncated
[  878.776715][T16209] loop6: p2 size 157513074 extends beyond EOD, truncated
[  878.786110][   T26] audit: type=1326 audit(1773177022.271:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.786182][   T26] audit: type=1326 audit(1773177022.271:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.786213][   T26] audit: type=1326 audit(1773177022.271:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.786243][   T26] audit: type=1326 audit(1773177022.271:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16208 comm="syz.1.3237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[  878.808798][    C0] vkms_vblank_simulate: vblank timer overrun
[  878.876233][    C0] vkms_vblank_simulate: vblank timer overrun
[  879.059035][ T4268] udevd[4268]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  879.145851][ T4268] udevd[4268]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  879.633592][ T4627] usb 4-1: USB disconnect, device number 42
[  880.157279][T16221] loop2: detected capacity change from 0 to 7
[  880.206231][T16223] netlink: 'syz.3.3242': attribute type 1 has an invalid length.
[  880.231040][T16221] Dev loop2: unable to read RDB block 7
[  880.256435][T16221]  loop2: AHDI p1 p2 p3
[  880.269379][T16223] 8021q: adding VLAN 0 to HW filter on device bond1
[  880.275956][T16221] loop2: partition table partially beyond EOD, truncated
[  880.326354][T16221] loop2: p1 start 1601398130 is beyond EOD, truncated
[  880.333715][T16221] loop2: p2 start 1702059890 is beyond EOD, truncated
[  880.412531][T16240] binder: 16238:16240 ioctl c0306201 0 returned -14
[  880.584765][T16243] loop6: detected capacity change from 0 to 7
[  880.611100][ T4912] Dev loop6: unable to read RDB block 7
[  880.619034][ T4912]  loop6: AHDI p2 p3
[  880.623413][ T4912] loop6: partition table partially beyond EOD, truncated
[  880.632554][ T4912] loop6: p2 size 157513074 extends beyond EOD, truncated
[  880.650408][T16243] Dev loop6: unable to read RDB block 7
[  880.658430][T16243]  loop6: AHDI p2 p3
[  880.666295][T16243] loop6: partition table partially beyond EOD, truncated
[  880.716883][T16243] loop6: p2 size 157513074 extends beyond EOD, truncated
[  880.820980][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  880.864967][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  881.229509][T16265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3252'.
[  882.011778][T16278] netlink: 'syz.4.3257': attribute type 1 has an invalid length.
[  882.216553][T16278] 8021q: adding VLAN 0 to HW filter on device bond1
[  882.273747][T16283] loop2: detected capacity change from 0 to 7
[  882.284398][ T4912] Dev loop2: unable to read RDB block 7
[  882.290446][ T4912]  loop2: AHDI p1 p2 p3
[  882.296226][ T4912] loop2: partition table partially beyond EOD, truncated
[  882.304658][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  882.312498][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  882.324284][T16283] Dev loop2: unable to read RDB block 7
[  882.353919][T16283]  loop2: AHDI p1 p2 p3
[  882.391725][T16283] loop2: partition table partially beyond EOD, truncated
[  882.429245][T16283] loop2: p1 start 1601398130 is beyond EOD, truncated
[  882.472061][T16283] loop2: p2 start 1702059890 is beyond EOD, truncated
[  882.639668][   T26] kauditd_printk_skb: 91 callbacks suppressed
[  882.639682][   T26] audit: type=1326 audit(1773177026.521:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.709835][T16294] loop6: detected capacity change from 0 to 7
[  882.733592][   T26] audit: type=1326 audit(1773177026.561:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.751150][ T4912] Dev loop6: unable to read RDB block 7
[  882.756077][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.758747][   T26] audit: type=1326 audit(1773177026.571:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.790278][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.804774][ T4912]  loop6: AHDI p2 p3
[  882.807861][   T26] audit: type=1326 audit(1773177026.571:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.841285][ T4912] loop6: partition table partially beyond EOD, truncated
[  882.841404][   T26] audit: type=1326 audit(1773177026.581:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.873327][   T26] audit: type=1326 audit(1773177026.581:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.891174][ T4912] loop6: p2 size 157513074 extends beyond EOD, 
[  882.896152][   T26] audit: type=1326 audit(1773177026.581:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.924946][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.932361][   T26] audit: type=1326 audit(1773177026.581:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.954735][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.961685][   T26] audit: type=1326 audit(1773177026.581:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  882.961748][ T4912] truncated
[  882.987085][   T26] audit: type=1326 audit(1773177026.581:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16292 comm="syz.3.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42f4799799 code=0x7ffc0000
[  883.010068][    C0] vkms_vblank_simulate: vblank timer overrun
[  883.080908][T16294] Dev loop6: unable to read RDB block 7
[  883.086988][T16294]  loop6: AHDI p2 p3
[  883.122713][T16294] loop6: partition table partially beyond EOD, truncated
[  883.138553][T16302] binder: 16301:16302 ioctl c0306201 0 returned -14
[  883.139910][T16294] loop6: p2 size 157513074 extends beyond EOD, truncated
[  883.200993][T16304] binder: 16303:16304 ioctl 4018620d 0 returned -22
[  883.239473][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  883.263305][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  884.143259][T16321] netlink: 'syz.3.3270': attribute type 1 has an invalid length.
[  884.227984][T16321] 8021q: adding VLAN 0 to HW filter on device bond2
[  884.839634][T16326] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  884.865013][T16336] loop2: detected capacity change from 0 to 7
[  884.936418][ T4912] Dev loop2: unable to read RDB block 7
[  884.961833][ T4912]  loop2: AHDI p1 p2 p3
[  884.977512][ T4912] loop2: partition table partially beyond EOD, truncated
[  885.011329][T16344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3275'.
[  885.029190][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  885.056365][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  885.080081][T16336] Dev loop2: unable to read RDB block 7
[  885.107197][T16336]  loop2: AHDI p1 p2 p3
[  885.126671][T16338] loop6: detected capacity change from 0 to 7
[  885.151697][T16336] loop2: partition table partially beyond EOD, truncated
[  885.165450][T16336] loop2: p1 start 1601398130 is beyond EOD, truncated
[  885.181760][T16336] loop2: p2 start 1702059890 is beyond EOD, truncated
[  885.225308][ T4268] Dev loop6: unable to read RDB block 7
[  885.232581][ T4268]  loop6: AHDI p2 p3
[  885.258083][ T4268] loop6: partition table partially beyond EOD, truncated
[  885.319456][ T4268] loop6: p2 size 157513074 extends beyond EOD, truncated
[  885.400920][T16338] Dev loop6: unable to read RDB block 7
[  885.426666][T16338]  loop6: AHDI p2 p3
[  885.434744][T16338] loop6: partition table partially beyond EOD, truncated
[  885.461831][T16338] loop6: p2 size 157513074 extends beyond EOD, truncated
[  885.565867][ T4268] udevd[4268]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  885.711216][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  885.758843][T16355] binder: 16354:16355 ioctl 4018620d 0 returned -22
[  886.306158][T16365] netlink: 'syz.1.3283': attribute type 1 has an invalid length.
[  886.343102][T16365] 8021q: adding VLAN 0 to HW filter on device bond4
[  886.582190][T14750] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  886.667907][T16377] loop2: detected capacity change from 0 to 7
[  886.697552][T16377] Dev loop2: unable to read RDB block 7
[  886.707373][T16377]  loop2: AHDI p1 p2 p3
[  886.724973][T16377] loop2: partition table partially beyond EOD, truncated
[  886.741241][T16377] loop2: p1 start 1601398130 is beyond EOD, truncated
[  886.752906][T16377] loop2: p2 start 1702059890 is beyond EOD, truncated
[  886.855891][T16379] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  886.971860][T14750] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  886.994357][T14750] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.066874][T14750] usb 4-1: config 0 descriptor??
[  887.153897][T14750] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  887.352536][T15284] Bluetooth: hci5: command 0x0406 tx timeout
[  887.947034][T16412] netlink: 'syz.0.3294': attribute type 1 has an invalid length.
[  888.034549][T16412] 8021q: adding VLAN 0 to HW filter on device bond1
[  888.269215][T16418] binder: 16416:16418 ioctl 4018620d 0 returned -22
[  888.386065][T16425] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3296'.
[  888.815752][T14750] usb 4-1: USB disconnect, device number 43
[  889.111499][T16432] loop2: detected capacity change from 0 to 7
[  889.132778][T16432] Dev loop2: unable to read RDB block 7
[  889.138510][T16432]  loop2: AHDI p1 p2 p3
[  889.149595][T16432] loop2: partition table partially beyond EOD, truncated
[  889.170443][T16432] loop2: p1 start 1601398130 is beyond EOD, truncated
[  889.192521][T16432] loop2: p2 start 1702059890 is beyond EOD, truncated
[  889.506948][T16453] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  889.893131][T16468] netlink: 'syz.4.3309': attribute type 1 has an invalid length.
[  889.949693][T16468] 8021q: adding VLAN 0 to HW filter on device bond2
[  890.069472][T16475] binder: 16474:16475 ioctl c0306201 0 returned -14
[  890.690131][T16490] loop2: detected capacity change from 0 to 7
[  890.731161][ T4912] Dev loop2: unable to read RDB block 7
[  890.737556][ T4912]  loop2: AHDI p1 p2 p3
[  890.769386][ T4912] loop2: partition table partially beyond EOD, truncated
[  890.810328][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  890.843565][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  890.872861][T16490] Dev loop2: unable to read RDB block 7
[  890.883660][T16490]  loop2: AHDI p1 p2 p3
[  890.899015][T16490] loop2: partition table partially beyond EOD, truncated
[  890.949620][T16490] loop2: p1 start 1601398130 is beyond EOD, truncated
[  890.998379][T16490] loop2: p2 start 1702059890 is beyond EOD, truncated
[  891.141967][ T4231] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  891.159691][T16503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3316'.
[  891.318291][T16512] netlink: 'syz.0.3321': attribute type 1 has an invalid length.
[  891.344503][T16512] 8021q: adding VLAN 0 to HW filter on device bond2
[  891.585862][ T4231] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  891.611390][ T4231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.640661][ T4231] usb 3-1: config 0 descriptor??
[  891.705720][ T4231] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  892.532374][T16530] binder: 16529:16530 ioctl c0306201 0 returned -14
[  892.677847][T16533] loop2: detected capacity change from 0 to 7
[  892.687791][ T4268] Dev loop2: unable to read RDB block 7
[  892.694916][ T4268]  loop2: AHDI p1 p2 p3
[  892.699385][ T4268] loop2: partition table partially beyond EOD, truncated
[  892.708016][ T4268] loop2: p1 start 1601398130 is beyond EOD, truncated
[  892.716626][ T4268] loop2: p2 start 1702059890 is beyond EOD, truncated
[  892.731346][T16533] Dev loop2: unable to read RDB block 7
[  892.739091][T16533]  loop2: AHDI p1 p2 p3
[  892.745364][T16533] loop2: partition table partially beyond EOD, truncated
[  892.754579][T16533] loop2: p1 start 1601398130 is beyond EOD, truncated
[  892.761404][T16533] loop2: p2 start 1702059890 is beyond EOD, truncated
[  892.948290][T16546] binder: 16545:16546 ioctl 4018620d 0 returned -22
[  893.369936][ T4231] usb 3-1: USB disconnect, device number 47
[  893.709360][T16559] netlink: 'syz.4.3334': attribute type 1 has an invalid length.
[  893.762248][T16559] 8021q: adding VLAN 0 to HW filter on device bond3
[  894.053846][T16569] device syzkaller0 entered promiscuous mode
[  894.409529][T16584] binder: 16583:16584 ioctl c0306201 0 returned -14
[  894.874745][T16593] binder: 16591:16593 ioctl 4018620d 0 returned -22
[  895.972879][T16604] netlink: 'syz.4.3351': attribute type 1 has an invalid length.
[  896.868904][T16604] 8021q: adding VLAN 0 to HW filter on device bond4
[  896.900620][T16623] device syzkaller0 entered promiscuous mode
[  897.575868][T16646] binder: 16645:16646 ioctl 4018620d 0 returned -22
[  898.468419][T16658] device syzkaller0 entered promiscuous mode
[  898.575472][T16665] netlink: 'syz.1.3365': attribute type 1 has an invalid length.
[  898.608524][T16665] 8021q: adding VLAN 0 to HW filter on device bond5
[  899.554539][T16679] device syzkaller0 entered promiscuous mode
[  899.617591][T16686] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3371'.
[  901.211124][T16717] binder: 16716:16717 ioctl c0306201 0 returned -14
[  901.251177][T16715] device syzkaller0 entered promiscuous mode
[  901.509590][T16725] fuse: Bad value for 'fd'
[  902.531027][T16736] device syzkaller0 entered promiscuous mode
[  902.763774][T16740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3385'.
[  902.931255][   T26] kauditd_printk_skb: 61 callbacks suppressed
[  902.931269][   T26] audit: type=1326 audit(1773177046.811:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.041329][T16746] loop6: detected capacity change from 0 to 7
[  903.059891][   T26] audit: type=1326 audit(1773177046.851:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.086710][ T4912] Dev loop6: unable to read RDB block 7
[  903.093741][ T4912]  loop6: AHDI p2 p3
[  903.106635][ T4912] loop6: partition table partially beyond EOD, truncated
[  903.121343][ T4912] loop6: p2 size 157513074 extends beyond EOD, truncated
[  903.130595][   T26] audit: type=1326 audit(1773177046.901:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.184694][T16746] Dev loop6: unable to read RDB block 7
[  903.199710][   T26] audit: type=1326 audit(1773177046.901:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.226876][   T26] audit: type=1326 audit(1773177046.901:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.253117][T16746]  loop6: AHDI p2 p3
[  903.273412][T16746] loop6: partition table partially beyond EOD, truncated
[  903.281351][T16746] loop6: p2 size 157513074 extends beyond EOD, truncated
[  903.290163][   T26] audit: type=1326 audit(1773177046.901:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.408872][   T26] audit: type=1326 audit(1773177046.901:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.459793][T16761] binder: 16759:16761 ioctl c0306201 0 returned -14
[  903.478873][   T26] audit: type=1326 audit(1773177046.901:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.509170][   T26] audit: type=1326 audit(1773177046.901:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  903.511780][ T4230] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  903.543111][   T26] audit: type=1326 audit(1773177046.901:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16741 comm="syz.4.3386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  904.529896][ T4230] usb 3-1: Using ep0 maxpacket: 32
[  904.661937][ T4230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  904.684174][ T4230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  904.730442][ T4230] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  904.795518][ T4230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.829661][ T4230] usb 3-1: config 0 descriptor??
[  904.847711][T16771] device syzkaller0 entered promiscuous mode
[  904.869919][T16775] device syzkaller0 entered promiscuous mode
[  905.335859][ T4230] ft260 0003:0403:6030.0039: unknown main item tag 0x0
[  905.348227][ T4230] ft260 0003:0403:6030.0039: unknown main item tag 0x0
[  905.373323][ T4230] ft260 0003:0403:6030.0039: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[  905.552037][ T4230] ft260 0003:0403:6030.0039: chip code: 0000 0000
[  905.771886][ T4230] ft260 0003:0403:6030.0039: failed to retrieve system status
[  905.803870][ T4230] ft260: probe of 0003:0403:6030.0039 failed with error -32
[  905.925710][T16794] netlink: 'syz.1.3401': attribute type 1 has an invalid length.
[  906.071858][T16794] 8021q: adding VLAN 0 to HW filter on device bond6
[  906.439465][T16809] binder: 16808:16809 ioctl c0306201 0 returned -14
[  907.319206][T16826] device syzkaller0 entered promiscuous mode
[  907.427317][T16829] device syzkaller0 entered promiscuous mode
[  907.438577][T16830] loop6: detected capacity change from 0 to 7
[  907.460567][ T4912] Dev loop6: unable to read RDB block 7
[  907.477487][ T4912]  loop6: AHDI p2 p3
[  907.501495][ T4912] loop6: partition table partially beyond EOD, 
[  907.615402][ T4632] usb 3-1: USB disconnect, device number 48
[  907.735542][ T4912] truncated
[  907.740450][ T4912] loop6: p2 size 157513074 extends beyond EOD, truncated
[  908.076373][T16830] Dev loop6: unable to read RDB block 7
[  908.169477][T16830]  loop6: AHDI p2 p3
[  908.179846][T16830] loop6: partition table partially beyond EOD, truncated
[  908.189208][T16830] loop6: p2 size 157513074 extends beyond EOD, truncated
[  908.277540][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  908.353112][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  909.791120][T16864] device syzkaller0 entered promiscuous mode
[  909.901737][ T4231] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  910.272440][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  910.300873][ T4231] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  910.327264][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.378330][ T4231] usb 5-1: config 0 descriptor??
[  910.494418][T16876] device syzkaller0 entered promiscuous mode
[  910.495081][T16859] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  911.373409][T16886] binder: 16885:16886 ioctl c0306201 2000000003c0 returned -14
[  911.823218][ T4231] usbhid 5-1:0.0: can't add hid device: -71
[  912.061870][ T4231] usbhid: probe of 5-1:0.0 failed with error -71
[  912.105639][ T4231] usb 5-1: USB disconnect, device number 42
[  912.573113][T16915] device syzkaller0 entered promiscuous mode
[  912.696413][T16919] (syz.2.3432,16919,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  912.705918][T16919] (syz.2.3432,16919,1):ocfs2_fill_super:1177 ERROR: status = -22
[  913.355104][T15284] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  914.521774][T15284] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  914.531110][T15284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.554744][T15284] usb 5-1: config 0 descriptor??
[  914.617712][T15284] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  914.820126][T16939] device syzkaller0 entered promiscuous mode
[  915.030213][T16953] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3441'.
[  915.997185][    C0] MPTCP: addr_signal error, add_addr=3, echo=1
[  916.053738][T16968] netlink: 'syz.3.3445': attribute type 1 has an invalid length.
[  916.233650][T16968] 8021q: adding VLAN 0 to HW filter on device bond3
[  916.701750][T15284] gspca_stv06xx: I2C: Read error writing address: -71
[  916.713417][T15284] usb 5-1: USB disconnect, device number 43
[  918.302422][T17005] device syzkaller0 entered promiscuous mode
[  920.774445][T17034] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  920.796667][T17034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  920.806962][T17034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  923.170091][T17070] device syzkaller0 entered promiscuous mode
[  923.219523][ T4632] Bluetooth: hci4: command 0x0406 tx timeout
[  923.851689][T16102] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  924.212217][T16102] usb 2-1: Using ep0 maxpacket: 16
[  924.984283][T16102] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  925.370895][T16102] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7
[  925.432403][T17103] binder: BINDER_SET_CONTEXT_MGR already set
[  925.462358][T17103] binder: 17100:17103 ioctl 4018620d 200000004a80 returned -16
[  925.465996][T17106] binder: BINDER_SET_CONTEXT_MGR already set
[  925.487059][T17106] binder: 17104:17106 ioctl 4018620d 200000004a80 returned -16
[  925.612097][T16102] usb 2-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  925.621969][T16102] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.630118][T16102] usb 2-1: Product: syz
[  925.635065][T16102] usb 2-1: Manufacturer: syz
[  925.639934][T16102] usb 2-1: SerialNumber: syz
[  928.453231][T17151] (syz.0.3495,17151,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  928.462235][T16102] usb 2-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  928.481643][T17151] (syz.0.3495,17151,1):ocfs2_fill_super:1177 ERROR: status = -22
[  928.502827][T16102] usb 2-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  928.558919][T16102] snd-usb-audio: probe of 2-1:1.0 failed with error -22
[  928.662912][T16102] usb 2-1: USB disconnect, device number 37
[  928.883337][ T4912] udevd[4912]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  928.908078][   T26] kauditd_printk_skb: 61 callbacks suppressed
[  928.908091][   T26] audit: type=1326 audit(1773177072.791:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  928.960717][   T26] audit: type=1326 audit(1773177072.831:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  928.968090][T17171] loop6: detected capacity change from 0 to 7
[  928.992293][   T26] audit: type=1326 audit(1773177072.831:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.028396][   T26] audit: type=1326 audit(1773177072.831:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.060225][ T4912] Dev loop6: unable to read RDB block 7
[  929.066058][ T4912]  loop6: AHDI p2 p3
[  929.080133][ T4912] loop6: partition table partially beyond EOD, truncated
[  929.087576][   T26] audit: type=1326 audit(1773177072.831:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.111787][   T26] audit: type=1326 audit(1773177072.831:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.134728][   T26] audit: type=1326 audit(1773177072.831:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.134765][ T4912] loop6: p2 size 157513074 extends beyond EOD, 
[  929.159083][   T26] audit: type=1326 audit(1773177072.831:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.194781][ T4912] truncated
[  929.194828][   T26] audit: type=1326 audit(1773177072.831:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.227004][   T26] audit: type=1326 audit(1773177072.831:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcea472799 code=0x7ffc0000
[  929.263751][T17171] Dev loop6: unable to read RDB block 7
[  929.269561][T17171]  loop6: AHDI p2 p3
[  929.278370][T17171] loop6: partition table partially beyond EOD, truncated
[  929.286638][T17171] loop6: p2 size 157513074 extends beyond EOD, truncated
[  930.188896][T17186] binder: BINDER_SET_CONTEXT_MGR already set
[  930.201751][T17186] binder: 17184:17186 ioctl 4018620d 200000004a80 returned -16
[  930.383615][T17196] (syz.1.3508,17196,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  930.399834][T17196] (syz.1.3508,17196,1):ocfs2_fill_super:1177 ERROR: status = -22
[  931.363613][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  931.370051][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  932.171167][T17216] binder: BINDER_SET_CONTEXT_MGR already set
[  932.194205][T17218] binder: BINDER_SET_CONTEXT_MGR already set
[  932.215812][T17216] binder: 17215:17216 ioctl 4018620d 200000004a80 returned -16
[  932.250082][T17218] binder: 17217:17218 ioctl 4018620d 200000004a80 returned -16
[  933.540672][T17235] netlink: 'syz.1.3519': attribute type 1 has an invalid length.
[  933.673480][T17235] 8021q: adding VLAN 0 to HW filter on device bond7
[  933.792251][T17240] (syz.2.3520,17240,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  933.801063][T17240] (syz.2.3520,17240,1):ocfs2_fill_super:1177 ERROR: status = -22
[  936.492099][    C0] MPTCP: addr_signal error, add_addr=3, echo=1
[  937.886733][T17279] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  938.152766][ T4624] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  938.224161][T17283] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  938.302104][T17283] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  938.421663][ T4624] usb 3-1: Using ep0 maxpacket: 8
[  938.832048][ T4624] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  938.868236][ T4624] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239
[  938.918210][ T4624] usb 3-1: Product: syz
[  938.934650][ T4624] usb 3-1: Manufacturer: syz
[  938.945793][ T4624] usb 3-1: SerialNumber: syz
[  938.995655][ T4624] usb 3-1: config 0 descriptor??
[  939.135274][ T4624] gspca_main: sq905-2.14.0 probing 2770:9120
[  939.941755][T11042] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  940.183946][T17307] binder: 17306:17307 ioctl c0306201 0 returned -14
[  940.211578][ T4231] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  940.252280][ T4624] gspca_sq905: bulk read fail (-22) len 0/4
[  940.258264][ T4624] sq905: probe of 3-1:0.0 failed with error -5
[  940.343201][T11042] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  940.352804][T11042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.381802][T11042] usb 2-1: config 0 descriptor??
[  940.434623][T11042] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  940.454667][T16102] usb 3-1: USB disconnect, device number 49
[  940.461705][ T4231] usb 5-1: Using ep0 maxpacket: 32
[  940.581937][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  940.625311][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  940.636310][ T4231] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  940.658185][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.690097][ T4231] usb 5-1: config 0 descriptor??
[  941.028871][T17315] device syzkaller0 entered promiscuous mode
[  941.173586][ T4231] ft260 0003:0403:6030.003A: unknown main item tag 0x0
[  941.184176][ T4231] ft260 0003:0403:6030.003A: unknown main item tag 0x0
[  941.193707][ T4231] ft260 0003:0403:6030.003A: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  941.391954][ T4231] ft260 0003:0403:6030.003A: chip code: 0000 0000
[  941.426724][T17322] netlink: 'syz.3.3546': attribute type 1 has an invalid length.
[  941.477914][T17322] 8021q: adding VLAN 0 to HW filter on device bond4
[  941.612475][ T4231] ft260 0003:0403:6030.003A: failed to retrieve system status
[  941.628060][ T4231] ft260: probe of 0003:0403:6030.003A failed with error -5
[  942.511757][T11042] gspca_stv06xx: I2C: Read error writing address: -71
[  942.534120][T11042] usb 2-1: USB disconnect, device number 38
[  943.119963][T17349] device syzkaller0 entered promiscuous mode
[  943.130519][T17351] device syzkaller0 entered promiscuous mode
[  943.856435][ T4231] usb 5-1: USB disconnect, device number 44
[  943.938107][T17360] netlink: 'syz.0.3557': attribute type 1 has an invalid length.
[  943.968264][T17360] 8021q: adding VLAN 0 to HW filter on device bond3
[  944.702154][ T4231] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  945.111862][ T4231] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  945.126259][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.142738][ T4231] usb 4-1: config 0 descriptor??
[  945.194477][ T4231] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  945.251589][T11042] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  945.531745][T11042] usb 3-1: Using ep0 maxpacket: 32
[  945.547480][T17407] device syzkaller0 entered promiscuous mode
[  945.661943][T11042] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.679566][T11042] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  945.696845][T11042] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  945.706408][T11042] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.715118][T17409] device syzkaller0 entered promiscuous mode
[  945.718633][T11042] usb 3-1: config 0 descriptor??
[  946.354487][T11042] ft260 0003:0403:6030.003B: unknown main item tag 0x0
[  946.375494][T11042] ft260 0003:0403:6030.003B: unknown main item tag 0x0
[  946.421166][T11042] ft260 0003:0403:6030.003B: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[  946.602262][T11042] ft260 0003:0403:6030.003B: chip code: 0000 0000
[  946.830732][T11042] ft260 0003:0403:6030.003B: failed to retrieve system status
[  946.840263][T11042] ft260: probe of 0003:0403:6030.003B failed with error -5
[  947.061852][ T4231] gspca_stv06xx: I2C: Read error writing address: -71
[  947.063155][T17441] binder: BINDER_SET_CONTEXT_MGR already set
[  947.085441][ T4231] usb 4-1: USB disconnect, device number 44
[  947.091797][T17441] binder: 17440:17441 ioctl 4018620d 200000004a80 returned -16
[  947.102845][T17415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.130490][T17441] binder: 17440:17441 ioctl c0306201 0 returned -14
[  947.270712][T17446] device syzkaller0 entered promiscuous mode
[  947.519549][T17449] device syzkaller0 entered promiscuous mode
[  947.929093][T17460] (syz.4.3585,17460,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  947.938580][T17460] (syz.4.3585,17460,1):ocfs2_fill_super:1177 ERROR: status = -22
[  948.868710][T14750] Bluetooth: hci3: command 0x0406 tx timeout
[  948.914313][T15546] usb 3-1: USB disconnect, device number 50
[  948.943401][T17470] netlink: 'syz.3.3590': attribute type 1 has an invalid length.
[  949.140632][T17470] 8021q: adding VLAN 0 to HW filter on device bond5
[  949.479044][T17486] device syzkaller0 entered promiscuous mode
[  949.781383][T17492] device syzkaller0 entered promiscuous mode
[  950.193210][ T4624] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  950.308001][T17505] (syz.0.3599,17505,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  950.316887][T17505] (syz.0.3599,17505,1):ocfs2_fill_super:1177 ERROR: status = -22
[  950.572005][ T4624] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  950.908224][ T4624] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.940141][ T4624] usb 2-1: config 0 descriptor??
[  951.047683][ T4624] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  951.758417][T17516] loop2: detected capacity change from 0 to 7
[  951.773138][ T4268] Dev loop2: unable to read RDB block 7
[  951.779706][ T4268]  loop2: AHDI p1 p2 p3
[  951.801660][ T4268] loop2: partition table partially beyond EOD, truncated
[  951.815389][ T4268] loop2: p1 start 1601398130 is beyond EOD, truncated
[  951.822830][ T4268] loop2: p2 start 1702059890 is beyond EOD, truncated
[  951.823846][T17519] netlink: 'syz.2.3604': attribute type 1 has an invalid length.
[  951.844775][    C1] MPTCP: addr_signal error, add_addr=3, echo=1
[  951.849731][T17516] Dev loop2: unable to read RDB block 7
[  951.875376][T17516]  loop2: AHDI p1 p2 p3
[  951.880027][T17516] loop2: partition table partially beyond EOD, truncated
[  951.897160][T17516] loop2: p1 start 1601398130 is beyond EOD, truncated
[  951.904692][T17516] loop2: p2 start 1702059890 is beyond EOD, truncated
[  951.915872][T17519] 8021q: adding VLAN 0 to HW filter on device bond2
[  952.040231][T17524] device syzkaller0 entered promiscuous mode
[  952.690810][T17535] device syzkaller0 entered promiscuous mode
[  952.851844][ T4624] gspca_stv06xx: I2C: Read error writing address: -71
[  952.920856][ T4624] usb 2-1: USB disconnect, device number 39
[  953.420266][T17540] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3610'.
[  954.428762][T17560] ipt_ECN: cannot use operation on non-tcp rule
[  954.773637][T17563] loop2: detected capacity change from 0 to 7
[  954.808015][ T4912] Dev loop2: unable to read RDB block 7
[  954.815216][ T4912]  loop2: AHDI p1 p2 p3
[  954.835913][ T4912] loop2: partition table partially beyond EOD, truncated
[  954.866488][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  954.874051][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  954.886399][T17563] Dev loop2: unable to read RDB block 7
[  954.898504][T17563]  loop2: AHDI p1 p2 p3
[  954.926270][T17563] loop2: partition table partially beyond EOD, truncated
[  954.955645][T17563] loop2: p1 start 1601398130 is beyond EOD, truncated
[  954.964990][T17563] loop2: p2 start 1702059890 is beyond EOD, truncated
[  955.829812][T17572] device syzkaller0 entered promiscuous mode
[  956.066501][T17575] device syzkaller0 entered promiscuous mode
[  957.154587][T17600] binder: BINDER_SET_CONTEXT_MGR already set
[  957.160610][T17600] binder: 17599:17600 ioctl 4018620d 200000004a80 returned -16
[  957.193015][T17602] ipt_ECN: cannot use operation on non-tcp rule
[  957.410057][T17611] device syzkaller0 entered promiscuous mode
[  957.661840][ T4632] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  957.994674][ T4632] usb 2-1: Using ep0 maxpacket: 8
[  958.122530][ T4632] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  958.144327][ T4632] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  958.170033][ T4632] usb 2-1: config 0 interface 0 has no altsetting 0
[  958.195171][ T4632] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  958.227026][ T4632] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  958.277899][ T4632] usb 2-1: config 0 descriptor??
[  958.774918][ T4632] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  958.782744][ T4632] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  958.789917][ T4632] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  958.797963][ T4632] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  958.805744][ T4632] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  958.816865][ T4632] mcp2221 0003:04D8:00DD.003C: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  959.428104][ T4632] usb 2-1: USB disconnect, device number 40
[  959.632888][T17629] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3636'.
[  959.646161][T17627] device syzkaller0 entered promiscuous mode
[  960.471019][T17649] device syzkaller0 entered promiscuous mode
[  960.627146][T17651] input: syz0 as /devices/virtual/input/input44
[  960.794082][T17654] ipt_ECN: cannot use operation on non-tcp rule
[  961.316701][ T4231] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  962.051639][ T4231] usb 2-1: Using ep0 maxpacket: 32
[  962.171733][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  962.238047][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  962.265566][ T4231] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  962.278418][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.346924][ T4231] usb 2-1: config 0 descriptor??
[  962.437776][T17669] device syzkaller0 entered promiscuous mode
[  962.751269][T17678] netlink: 'syz.0.3653': attribute type 1 has an invalid length.
[  962.792015][T17678] 8021q: adding VLAN 0 to HW filter on device bond4
[  962.869501][ T4231] ft260 0003:0403:6030.003D: unknown main item tag 0x0
[  962.881853][ T4231] ft260 0003:0403:6030.003D: unknown main item tag 0x0
[  962.897163][ T4231] ft260 0003:0403:6030.003D: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  962.996229][T17683] device syzkaller0 entered promiscuous mode
[  963.072031][ T4231] ft260 0003:0403:6030.003D: chip code: 0000 0000
[  963.271774][T16102] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  963.281827][ T4231] ft260 0003:0403:6030.003D: failed to retrieve system status
[  963.319700][ T4231] ft260: probe of 0003:0403:6030.003D failed with error -5
[  963.651709][T16102] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  963.661651][T16102] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.690706][T16102] usb 3-1: config 0 descriptor??
[  963.745886][T16102] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  964.122828][T17702] device syzkaller0 entered promiscuous mode
[  964.563221][T17711] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3662'.
[  965.142871][T17716] device syzkaller0 entered promiscuous mode
[  965.197082][T17719] netlink: 'syz.3.3665': attribute type 1 has an invalid length.
[  965.236488][ T4231] usb 2-1: USB disconnect, device number 41
[  965.238323][T17719] 8021q: adding VLAN 0 to HW filter on device bond6
[  965.251214][T17721] ipt_ECN: cannot use operation on non-tcp rule
[  965.350022][T17727] device syzkaller0 entered promiscuous mode
[  965.928780][T17745] netlink: 'syz.0.3672': attribute type 1 has an invalid length.
[  965.969506][T17745] 8021q: adding VLAN 0 to HW filter on device bond5
[  966.001675][T16102] gspca_stv06xx: I2C: Read error writing address: -71
[  966.048242][T16102] usb 3-1: USB disconnect, device number 51
[  966.071931][T17745] bond5: (slave gretap1): making interface the new active one
[  966.099119][T17745] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  966.119150][T10446] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[  966.269422][T17745] syz.0.3672 (17745) used greatest stack depth: 20176 bytes left
[  967.011855][ T4632] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  967.391949][ T4632] usb 4-1: Using ep0 maxpacket: 32
[  967.472345][T17769] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3679'.
[  967.672318][ T4632] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  967.817077][ T4632] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  967.827767][ T4632] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  967.849220][ T4632] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.891222][ T4632] usb 4-1: config 0 descriptor??
[  967.996777][T17771] device syzkaller0 entered promiscuous mode
[  968.029664][T17775] device syzkaller0 entered promiscuous mode
[  968.376325][ T4632] ft260 0003:0403:6030.003E: unknown main item tag 0x0
[  968.395287][ T4632] ft260 0003:0403:6030.003E: unknown main item tag 0x0
[  968.430035][ T4632] ft260 0003:0403:6030.003E: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  968.591863][ T4632] ft260 0003:0403:6030.003E: chip code: 0000 0000
[  968.811754][ T4632] ft260 0003:0403:6030.003E: failed to retrieve system status
[  968.821077][ T4632] ft260: probe of 0003:0403:6030.003E failed with error -5
[  969.311860][ T4231] Bluetooth: hci1: command 0x0406 tx timeout
[  969.417431][T17808] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3691'.
[  970.103710][T17817] device syzkaller0 entered promiscuous mode
[  970.122155][T17818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3692'.
[  970.459633][T17829] device syzkaller0 entered promiscuous mode
[  970.794530][ T4632] usb 4-1: USB disconnect, device number 45
[  971.160210][T17846] device syzkaller0 entered promiscuous mode
[  971.799111][T17859] block nbd2: shutting down sockets
[  972.679204][T17869] (syz.4.3703,17869,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  972.688068][T17869] (syz.4.3703,17869,1):ocfs2_fill_super:1177 ERROR: status = -22
[  973.379661][T17874] device syzkaller0 entered promiscuous mode
[  973.406934][T17876] loop2: detected capacity change from 0 to 7
[  973.423474][ T4912] Dev loop2: unable to read RDB block 7
[  973.433357][ T4912]  loop2: AHDI p1 p2 p3
[  973.439044][ T4912] loop2: partition table partially beyond EOD, truncated
[  973.452356][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  973.460461][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  973.474786][T17876] Dev loop2: unable to read RDB block 7
[  973.522688][T17876]  loop2: AHDI p1 p2 p3
[  973.526899][T17876] loop2: partition table partially beyond EOD, truncated
[  973.651086][T17876] loop2: p1 start 1601398130 is beyond EOD, truncated
[  973.697511][T17876] loop2: p2 start 1702059890 is beyond EOD, truncated
[  973.962869][T17621] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  973.978609][T17882] binder: 17881:17882 ioctl c0306201 0 returned -14
[  974.044807][T17884] device syzkaller0 entered promiscuous mode
[  974.262029][T17621] usb 5-1: Using ep0 maxpacket: 32
[  974.604653][T17621] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  974.616545][T17621] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  974.632018][T17621] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  974.642329][T17621] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.706368][T17621] usb 5-1: config 0 descriptor??
[  975.006733][T17903] device syzkaller0 entered promiscuous mode
[  975.183909][T17621] ft260 0003:0403:6030.003F: unknown main item tag 0x0
[  975.199579][T17621] ft260 0003:0403:6030.003F: unknown main item tag 0x0
[  975.226062][T17621] ft260 0003:0403:6030.003F: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  975.393146][T17621] ft260 0003:0403:6030.003F: chip code: 0000 0000
[  975.602687][T17621] ft260 0003:0403:6030.003F: failed to retrieve system status
[  975.627594][T17621] ft260: probe of 0003:0403:6030.003F failed with error -5
[  975.771461][T17912] device syzkaller0 entered promiscuous mode
[  976.553157][T17921] binder: BINDER_SET_CONTEXT_MGR already set
[  976.559189][T17921] binder: 17920:17921 ioctl 4018620d 200000000200 returned -16
[  976.873620][T17930] loop2: detected capacity change from 0 to 7
[  976.897007][ T4912] Dev loop2: unable to read RDB block 7
[  976.903253][ T4912]  loop2: AHDI p1 p2 p3
[  976.914803][ T4912] loop2: partition table partially beyond EOD, truncated
[  976.940434][ T4912] loop2: p1 start 1601398130 is beyond EOD, truncated
[  976.955151][ T4912] loop2: p2 start 1702059890 is beyond EOD, truncated
[  976.970378][T17930] Dev loop2: unable to read RDB block 7
[  976.993998][T17930]  loop2: AHDI p1 p2 p3
[  977.006234][T17930] loop2: partition table partially beyond EOD, truncated
[  977.021080][T17930] loop2: p1 start 1601398130 is beyond EOD, truncated
[  977.031690][T17930] loop2: p2 start 1702059890 is beyond EOD, truncated
[  977.217259][T17936] device syzkaller0 entered promiscuous mode
[  977.653510][ T4233] usb 5-1: USB disconnect, device number 45
[  978.862126][ T4230] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  979.081686][ T4230] usb 4-1: device descriptor read/64, error -71
[  979.204161][T17962] netlink: 'syz.1.3731': attribute type 1 has an invalid length.
[  979.259601][T17962] 8021q: adding VLAN 0 to HW filter on device bond8
[  979.286122][T17965] bond8: (slave gretap1): making interface the new active one
[  979.335597][T17965] bond8: (slave gretap1): Enslaving as an active interface with an up link
[  979.341844][T16102] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  979.359468][T10767] IPv6: ADDRCONF(NETDEV_CHANGE): bond8: link becomes ready
[  979.367630][ T4230] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  979.561845][ T4230] usb 4-1: device descriptor read/64, error -71
[  979.592325][T16102] usb 3-1: Using ep0 maxpacket: 8
[  979.682066][ T4230] usb usb4-port1: attempt power cycle
[  979.882666][T16102] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  979.894380][T16102] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  979.904467][T16102] usb 3-1: config 0 interface 0 has no altsetting 0
[  979.911261][T16102] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  979.920634][T16102] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.932698][T16102] usb 3-1: config 0 descriptor??
[  980.251656][ T4231] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  980.281750][ T4230] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  980.371762][ T4230] usb 4-1: device descriptor read/8, error -71
[  980.414535][T16102] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  980.425671][T17982] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3737'.
[  980.430402][T16102] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  980.444873][T17980] loop2: detected capacity change from 0 to 7
[  980.450488][T16102] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  980.460670][T16102] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  980.473549][T17980] Dev loop2: unable to read RDB block 7
[  980.476893][T16102] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  980.480423][T17980]  loop2: AHDI p1 p2 p3
[  980.490351][T16102] mcp2221 0003:04D8:00DD.0040: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  980.501895][ T4231] usb 5-1: Using ep0 maxpacket: 32
[  980.516936][T17980] loop2: partition table partially beyond EOD, truncated
[  980.531165][T17980] loop2: p1 start 1601398130 is beyond EOD, truncated
[  980.539391][T17980] loop2: p2 start 1702059890 is beyond EOD, truncated
[  981.074313][T16102] usb 3-1: USB disconnect, device number 52
[  981.082434][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  981.103723][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  981.114018][ T4230] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  981.124801][ T4231] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  981.137852][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  981.263473][ T4231] usb 5-1: config 0 descriptor??
[  981.977096][ T4230] usb 4-1: device not accepting address 49, error -71
[  982.044828][ T4231] ft260 0003:0403:6030.0041: unknown main item tag 0x0
[  982.065251][ T4230] usb usb4-port1: unable to enumerate USB device
[  982.164305][ T4231] ft260 0003:0403:6030.0041: unknown main item tag 0x0
[  982.178328][ T4231] ft260 0003:0403:6030.0041: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  982.312245][ T4231] ft260 0003:0403:6030.0041: chip code: 0000 0000
[  982.320159][T17996] device syzkaller0 entered promiscuous mode
[  982.731704][ T4231] ft260 0003:0403:6030.0041: failed to retrieve system status
[  982.746927][ T4231] ft260: probe of 0003:0403:6030.0041 failed with error -5
[  983.020363][T18014] binder: 18013:18014 ioctl c0306201 0 returned -14
[  984.181674][ T4231] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  984.381675][ T4231] usb 2-1: device descriptor read/64, error -71
[  984.471993][ T4230] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  984.658661][ T4233] usb 5-1: USB disconnect, device number 46
[  984.661635][ T4231] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  984.721726][ T4230] usb 3-1: Using ep0 maxpacket: 8
[  984.752997][T18037] netlink: 'syz.4.3752': attribute type 1 has an invalid length.
[  984.841932][ T4230] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  984.872689][ T4230] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  984.889239][ T4230] usb 3-1: config 0 interface 0 has no altsetting 0
[  984.898456][ T4230] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  984.911572][ T4230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.923526][ T4231] usb 2-1: device descriptor read/64, error -71
[  984.999534][T18037] 8021q: adding VLAN 0 to HW filter on device bond5
[  985.006499][ T4230] usb 3-1: config 0 descriptor??
[  985.082961][ T4231] usb usb2-port1: attempt power cycle
[  985.380640][T18041] bond5: (slave gretap1): making interface the new active one
[  985.403834][T18041] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  985.437169][T16044] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[  985.700673][T18049] device syzkaller0 entered promiscuous mode
[  985.709846][T18054] binder: 18053:18054 ioctl c0306201 0 returned -14
[  985.791671][ T4231] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  985.874571][ T4230] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  985.882312][ T4231] usb 2-1: device descriptor read/8, error -71
[  985.888809][ T4230] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  985.901613][ T4230] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  985.908716][ T4230] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  985.916296][ T4230] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  985.924268][ T4230] mcp2221 0003:04D8:00DD.0042: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  986.027102][T18058] overlayfs: missing 'lowerdir'
[  986.176661][ T4231] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  986.593952][ T4230] usb 3-1: USB disconnect, device number 53
[  986.595580][T18061] device syzkaller0 entered promiscuous mode
[  986.672186][ T4231] usb 2-1: device descriptor read/8, error -71
[  986.802008][ T4231] usb usb2-port1: unable to enumerate USB device
[  987.461243][T18088] (syz.3.3768,18088,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[  987.470202][T18088] (syz.3.3768,18088,1):ocfs2_fill_super:1177 ERROR: status = -22
[  988.049298][ T4231] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  988.083187][    C0] MPTCP: addr_signal error, add_addr=2, echo=1
[  988.168976][T18093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3770'.
[  988.351636][ T4231] usb 2-1: Using ep0 maxpacket: 32
[  988.472616][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  988.489606][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  988.512931][ T4231] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  988.528964][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.569544][ T4231] usb 2-1: config 0 descriptor??
[  989.532683][T18104] binder: 18103:18104 ioctl c0306201 0 returned -14
[  989.551696][ T4230] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  989.582273][T18108] device syzkaller0 entered promiscuous mode
[  989.684392][ T4231] ft260 0003:0403:6030.0043: unknown main item tag 0x0
[  989.691368][ T4231] ft260 0003:0403:6030.0043: unknown main item tag 0x0
[  989.700682][ T4231] ft260 0003:0403:6030.0043: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  989.761804][ T4230] usb 4-1: device descriptor read/64, error -71
[  989.857037][T18113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3777'.
[  989.866307][   T13] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  989.880655][T18113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3777'.
[  989.901731][ T4231] ft260 0003:0403:6030.0043: chip code: 0000 0000
[  990.041625][ T4230] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  990.111842][   T13] usb 5-1: Using ep0 maxpacket: 8
[  990.121718][ T4231] ft260 0003:0403:6030.0043: failed to retrieve system status
[  990.134354][ T4231] ft260: probe of 0003:0403:6030.0043 failed with error -5
[  990.241717][   T13] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  990.253182][ T4230] usb 4-1: device descriptor read/64, error -71
[  990.259558][   T13] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  990.269853][   T13] usb 5-1: config 0 interface 0 has no altsetting 0
[  990.276669][   T13] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  990.286315][   T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.296483][   T13] usb 5-1: config 0 descriptor??
[  990.371865][ T4230] usb usb4-port1: attempt power cycle
[  990.782009][ T4230] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  990.791930][   T13] mcp2221 0003:04D8:00DD.0044: unknown main item tag 0x0
[  990.799162][   T13] mcp2221 0003:04D8:00DD.0044: unknown main item tag 0x0
[  990.807209][   T13] mcp2221 0003:04D8:00DD.0044: unknown main item tag 0x0
[  990.814540][   T13] mcp2221 0003:04D8:00DD.0044: unknown main item tag 0x0
[  990.821868][   T13] mcp2221 0003:04D8:00DD.0044: unknown main item tag 0x0
[  990.829445][   T13] mcp2221 0003:04D8:00DD.0044: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  990.881702][ T4230] usb 4-1: device descriptor read/8, error -71
[  990.994131][   T13] usb 5-1: USB disconnect, device number 47
[  991.151666][ T4230] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  991.241771][ T4230] usb 4-1: device descriptor read/8, error -71
[  991.384251][ T4230] usb usb4-port1: unable to enumerate USB device
[  991.962592][T11042] usb 2-1: USB disconnect, device number 46
[  992.226732][T18141] device syzkaller0 entered promiscuous mode
[  992.546364][T18151] binder: 18150:18151 ioctl c0306201 0 returned -14
[  992.576191][T18153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3790'.
[  992.629900][T18153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3790'.
[  992.793284][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  992.800059][    C1] MPTCP: addr_signal error, add_addr=2, echo=1
[  992.800235][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  992.868996][T18157] fuse: Bad value for 'group_id'
[  994.011248][T18178] device syzkaller0 entered promiscuous mode
[  994.116834][T11042] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  995.211805][T11042] usb 2-1: Using ep0 maxpacket: 32
[  996.969735][T11042] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  996.981718][T11042] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  996.998067][T11042] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  997.010031][T11042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.059657][T11042] usb 2-1: config 0 descriptor??
[  997.070621][T18209] fuse: Bad value for 'group_id'
[  997.081798][T11042] usb 2-1: can't set config #0, error -71
[  997.091906][T11042] usb 2-1: USB disconnect, device number 47
[  998.979227][T18223] binder: BINDER_SET_CONTEXT_MGR already set
[  999.032405][T18223] binder: 18218:18223 ioctl 4018620d 200000004a80 returned -16
[  999.374712][T18236] device syzkaller0 entered promiscuous mode
[ 1001.331928][T18254] fuse: Bad value for 'group_id'
[ 1002.489199][T18281] device syzkaller0 entered promiscuous mode
[ 1003.058579][T18290] netlink: 'syz.1.3836': attribute type 1 has an invalid length.
[ 1003.102762][T18293] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3837'.
[ 1003.402413][T18290] 8021q: adding VLAN 0 to HW filter on device bond9
[ 1004.701784][ T4632] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1004.951660][ T4632] usb 5-1: Using ep0 maxpacket: 32
[ 1005.079394][ T4632] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1005.101643][ T4632] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1005.132226][ T4632] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1005.167515][ T4632] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1005.200563][ T4632] usb 5-1: config 0 descriptor??
[ 1005.420632][T18338] netlink: 'syz.2.3852': attribute type 1 has an invalid length.
[ 1005.441054][T18338] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1005.464698][T18338] bond3: (slave gretap1): making interface the new active one
[ 1005.477506][T18338] bond3: (slave gretap1): Enslaving as an active interface with an up link
[ 1005.488413][T10847] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[ 1005.602826][T18346] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3854'.
[ 1006.104072][ T4632] ft260 0003:0403:6030.0045: unknown main item tag 0x0
[ 1006.111164][ T4632] ft260 0003:0403:6030.0045: unknown main item tag 0x0
[ 1006.121013][ T4632] ft260 0003:0403:6030.0045: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[ 1006.442236][ T4632] ft260 0003:0403:6030.0045: chip code: 0000 0000
[ 1006.812047][ T4632] ft260 0003:0403:6030.0045: failed to retrieve status: -32
[ 1006.903593][   T26] kauditd_printk_skb: 36 callbacks suppressed
[ 1006.903607][   T26] audit: type=1326 audit(1773177150.791:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1006.944196][T18372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3860'.
[ 1007.002374][ T4235] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1007.021114][T18371] loop6: detected capacity change from 0 to 7
[ 1007.029554][   T26] audit: type=1326 audit(1773177150.801:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.059670][T18313] ft260 0003:0403:6030.0045: ft260_i2c_read: failed to start transaction, ret -38
[ 1007.104337][   T26] audit: type=1326 audit(1773177150.801:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.126778][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1007.134360][   T26] audit: type=1326 audit(1773177150.821:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.157143][ T4912] Dev loop6: unable to read RDB block 7
[ 1007.164870][ T4912]  loop6: AHDI p2 p3
[ 1007.168888][ T4912] loop6: partition table partially beyond EOD, truncated
[ 1007.170328][ T4230] usb 5-1: USB disconnect, device number 48
[ 1007.176683][ T4912] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1007.197608][   T26] audit: type=1326 audit(1773177150.821:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.225024][   T26] audit: type=1326 audit(1773177150.821:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.247492][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1007.269725][   T26] audit: type=1326 audit(1773177150.831:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.312652][T18371] Dev loop6: unable to read RDB block 7
[ 1007.348926][T18371]  loop6: AHDI p2 p3
[ 1007.360143][T18371] loop6: partition table partially beyond EOD, truncated
[ 1007.367837][ T4235] usb 3-1: no configurations
[ 1007.380429][ T4235] usb 3-1: can't read configurations, error -22
[ 1007.396946][   T26] audit: type=1326 audit(1773177150.841:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.425665][   T26] audit: type=1326 audit(1773177150.841:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.461947][   T26] audit: type=1326 audit(1773177150.841:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.1.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2c64d799 code=0x7ffc0000
[ 1007.492201][T18371] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1007.551670][ T4235] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1007.764960][ T4912] udevd[4912]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1007.818154][T18382] netlink: 'syz.4.3863': attribute type 1 has an invalid length.
[ 1007.842117][ T4235] usb 3-1: no configurations
[ 1007.847008][ T4235] usb 3-1: can't read configurations, error -22
[ 1007.877537][ T4235] usb usb3-port1: attempt power cycle
[ 1007.947489][T18382] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1008.153215][    C1] MPTCP: addr_signal error, add_addr=2, echo=1
[ 1008.263430][    C0] MPTCP: addr_signal error, add_addr=2, echo=1
[ 1008.331790][ T4235] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1008.482474][ T4235] usb 3-1: no configurations
[ 1008.487228][ T4235] usb 3-1: can't read configurations, error -22
[ 1008.651699][ T4235] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1008.939945][ T4235] usb 3-1: no configurations
[ 1008.947375][ T4235] usb 3-1: can't read configurations, error -22
[ 1008.962897][ T4235] usb usb3-port1: unable to enumerate USB device
[ 1009.309191][T18404] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3869'.
[ 1010.519085][T18426] device syzkaller0 entered promiscuous mode
[ 1010.613373][ T4234] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1010.872044][ T4234] usb 3-1: Using ep0 maxpacket: 32
[ 1011.641806][ T4234] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1011.685581][ T4234] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.251912][ T4234] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1012.277609][ T4234] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.315907][ T4234] usb 3-1: config 0 descriptor??
[ 1012.805009][ T4234] ft260 0003:0403:6030.0046: unknown main item tag 0x0
[ 1012.831134][T18466] binder: BINDER_SET_CONTEXT_MGR already set
[ 1012.841083][ T4234] ft260 0003:0403:6030.0046: unknown main item tag 0x0
[ 1012.868157][ T4234] ft260 0003:0403:6030.0046: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[ 1012.880343][T18466] binder: 18465:18466 ioctl 4018620d 200000004a80 returned -16
[ 1013.025332][ T4234] ft260 0003:0403:6030.0046: chip code: 0000 0000
[ 1013.255641][T18475] (syz.4.3886,18475,0):ocfs2_fill_super:991 ERROR: superblock probe failed!
[ 1013.264673][T18475] (syz.4.3886,18475,0):ocfs2_fill_super:1177 ERROR: status = -22
[ 1013.272558][    C1] MPTCP: addr_signal error, add_addr=2, echo=1
[ 1013.343586][T18477] device syzkaller0 entered promiscuous mode
[ 1013.357538][T15473] tipc: Left network mode
[ 1013.426409][T15473] bond11: (slave ip6gretap1): Removing an active aggregator
[ 1013.437209][T15473] bond11: (slave ip6gretap1): Releasing backup interface
[ 1013.461832][ T4234] ft260 0003:0403:6030.0046: failed to retrieve status: -32
[ 1013.709322][T18416] ft260 0003:0403:6030.0046: ft260_i2c_read: failed to start transaction, ret -38
[ 1013.720639][T17621] usb 3-1: USB disconnect, device number 58
[ 1015.643914][T15473] device hsr_slave_0 left promiscuous mode
[ 1015.651081][T15473] device hsr_slave_1 left promiscuous mode
[ 1015.659063][T15473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1015.661754][T17621] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1015.667279][T15473] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1015.683098][T15473] device bridge_slave_1 left promiscuous mode
[ 1015.689848][T15473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.706046][T15473] device bridge_slave_0 left promiscuous mode
[ 1015.712535][T15473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.734261][T15473] device veth1_to_batadv left promiscuous mode
[ 1015.741195][T15473] device veth1_macvtap left promiscuous mode
[ 1015.747940][T15473] device veth0_macvtap left promiscuous mode
[ 1015.762389][T15473] device veth1_vlan left promiscuous mode
[ 1015.768601][T15473] device veth0_vlan left promiscuous mode
[ 1015.921791][T17621] usb 5-1: Using ep0 maxpacket: 8
[ 1015.959279][T15473] bond14 (unregistering): Released all slaves
[ 1015.984449][T15473] bond13 (unregistering): Released all slaves
[ 1016.012841][T15473] bond12 (unregistering): Released all slaves
[ 1016.041972][T17621] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1016.059976][T15473] bond11 (unregistering): Released all slaves
[ 1016.072880][T17621] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1016.094268][T17621] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1016.099275][T15473] bond10 (unregistering): Released all slaves
[ 1016.101184][T17621] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1016.126039][T17621] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1016.138881][T15473] bond9 (unregistering): Released all slaves
[ 1016.155979][T17621] usb 5-1: config 0 descriptor??
[ 1016.178748][T15473] bond8 (unregistering): Released all slaves
[ 1016.233801][T15473] bond7 (unregistering): Released all slaves
[ 1016.274383][T15473] bond6 (unregistering): Released all slaves
[ 1016.295145][T15473] bond5 (unregistering): Released all slaves
[ 1016.321152][T15473] bond4 (unregistering): Released all slaves
[ 1016.338358][T15473] bond3 (unregistering): Released all slaves
[ 1016.369329][T15473] bond2 (unregistering): Released all slaves
[ 1016.389579][T15473] bond1 (unregistering): Released all slaves
[ 1016.548408][T15473] team0 (unregistering): Port device team_slave_1 removed
[ 1016.570931][T15473] team0 (unregistering): Port device team_slave_0 removed
[ 1016.644350][T17621] mcp2221 0003:04D8:00DD.0047: unknown main item tag 0x0
[ 1016.661601][T17621] mcp2221 0003:04D8:00DD.0047: unknown main item tag 0x0
[ 1016.671955][T17621] mcp2221 0003:04D8:00DD.0047: unknown main item tag 0x0
[ 1016.689531][T17621] mcp2221 0003:04D8:00DD.0047: unknown main item tag 0x0
[ 1016.706936][T17621] mcp2221 0003:04D8:00DD.0047: unknown main item tag 0x0
[ 1016.722051][T17621] mcp2221 0003:04D8:00DD.0047: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[ 1016.784007][T18528] device syzkaller0 entered promiscuous mode
[ 1016.861737][T17621] usb 5-1: USB disconnect, device number 49
[ 1017.252683][T18535] sctp: [Deprecated]: syz.1.3900 (pid 18535) Use of int in max_burst socket option.
[ 1017.252683][T18535] Use struct sctp_assoc_value instead
[ 1019.165632][    C1] MPTCP: addr_signal error, add_addr=2, echo=1
[ 1019.591638][T18548] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1020.791818][T18548] usb 4-1: Using ep0 maxpacket: 32
[ 1020.901656][T18545] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1020.912950][T18548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1020.931966][T18548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1020.954381][T18548] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1020.980984][T18548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.035493][T18548] usb 4-1: config 0 descriptor??
[ 1021.161696][T18545] usb 3-1: Using ep0 maxpacket: 32
[ 1021.281805][T18545] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1021.312783][T18545] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1021.354204][T18545] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1021.379279][T18545] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.406612][T18545] usb 3-1: config 0 descriptor??
[ 1021.536371][T18548] ft260 0003:0403:6030.0048: unknown main item tag 0x0
[ 1021.551375][T18548] ft260 0003:0403:6030.0048: unknown main item tag 0x0
[ 1021.580783][T18548] ft260 0003:0403:6030.0048: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[ 1021.684746][T18581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3912'.
[ 1021.751754][T18548] ft260 0003:0403:6030.0048: chip code: 0000 0000
[ 1021.806267][T18583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3912'.
[ 1021.889566][T18545] savu 0003:1E7D:2D5A.0049: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 1022.163515][ T4234] usb 3-1: USB disconnect, device number 59
[ 1022.181712][T18548] ft260 0003:0403:6030.0048: failed to retrieve status: -32
[ 1022.447221][T18561] ft260 0003:0403:6030.0048: ft260_i2c_read: failed to start transaction, ret -38
[ 1022.488921][T18548] usb 4-1: USB disconnect, device number 54
[ 1022.667282][T18593] fido_id[18593]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1025.065153][ T4234] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1025.905261][ T4234] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1026.416996][ T4234] usb 2-1: config 0 has no interfaces?
[ 1026.437202][ T4234] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1026.467927][ T4234] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1026.498260][ T4234] usb 2-1: config 0 descriptor??
[ 1026.693494][T18655] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3931'.
[ 1027.300810][T18658] device syzkaller0 entered promiscuous mode
[ 1027.995892][T11042] usb 2-1: USB disconnect, device number 48
[ 1028.020190][T18691] binder: BINDER_SET_CONTEXT_MGR already set
[ 1028.028973][T18691] binder: 18690:18691 ioctl 4018620d 200000000200 returned -16
[ 1028.341418][T18698] blk_update_request: I/O error, dev loop3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1028.353769][T18698] ADFS-fs (loop3): error: unable to read block 3, try 0
[ 1028.532649][T18694] usb usb3: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1028.753415][T18704] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3945'.
[ 1029.938825][T18712] input: syz1 as /devices/virtual/input/input45
[ 1030.106680][T18717] device syzkaller0 entered promiscuous mode
[ 1030.401673][T17621] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1030.467383][T18727] device syzkaller0 entered promiscuous mode
[ 1030.772395][T17621] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1030.791863][T17621] usb 4-1: config 0 has no interfaces?
[ 1030.798346][T17621] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1030.814386][T17621] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.846318][T17621] usb 4-1: config 0 descriptor??
[ 1031.418258][T18748] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3957'.
[ 1031.447252][T18748] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3957'.
[ 1032.126496][T18761] device syzkaller0 entered promiscuous mode
[ 1032.517376][ T4230] usb 4-1: USB disconnect, device number 55
[ 1034.535834][T18796] device syzkaller0 entered promiscuous mode
[ 1034.849419][T18804] netlink: 'syz.1.3972': attribute type 1 has an invalid length.
[ 1036.178958][T18804] 8021q: adding VLAN 0 to HW filter on device bond10
[ 1036.330561][T18817] device syzkaller0 entered promiscuous mode
[ 1037.467794][T18833] ptrace attach of "./syz-executor exec"[18834] was attempted by "./syz-executor exec"[18833]
[ 1038.943383][    C0] MPTCP: addr_signal error, add_addr=3, echo=1
[ 1039.511806][T11042] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1039.590242][T18851] device syzkaller0 entered promiscuous mode
[ 1039.781790][T11042] usb 3-1: Using ep0 maxpacket: 8
[ 1039.902086][T11042] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[ 1039.919401][T11042] usb 3-1: config 0 has no interface number 0
[ 1039.930241][T11042] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1040.031932][T11042] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1040.048946][T11042] usb 3-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[ 1040.058967][T11042] usb 3-1: Product: syz
[ 1040.073045][T11042] usb 3-1: config 0 descriptor??
[ 1040.094451][T18858] device syzkaller0 entered promiscuous mode
[ 1040.116397][T11042] iowarrior 3-1:0.8: IOWarrior product=0x1512, serial= interface=8 now attached to iowarrior0
[ 1040.391159][ T4234] usb 3-1: USB disconnect, device number 60
[ 1040.720859][T18875] device syzkaller0 entered promiscuous mode
[ 1040.905842][T18879] device syzkaller0 entered promiscuous mode
[ 1041.245569][T18893] netlink: 'syz.3.3997': attribute type 1 has an invalid length.
[ 1041.264495][T18893] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1041.313125][ T4234] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1041.741986][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1041.767955][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1041.825779][ T4234] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1041.909751][ T4234] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1041.922906][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1041.947680][ T4234] usb 5-1: config 0 descriptor??
[ 1042.036512][T18915] device syzkaller0 entered promiscuous mode
[ 1042.424318][ T4234] plantronics 0003:047F:FFFF.004A: No inputs registered, leaving
[ 1042.443316][ T4234] plantronics 0003:047F:FFFF.004A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1042.642849][ T4230] usb 5-1: USB disconnect, device number 50
[ 1042.663653][T18925] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1042.757440][T18929] device syzkaller0 entered promiscuous mode
[ 1043.102316][T18930] device syzkaller0 entered promiscuous mode
[ 1043.228195][T18925] tipc: Resetting bearer <eth:syzkaller0>
[ 1043.269357][T18924] tipc: Resetting bearer <eth:syzkaller0>
[ 1043.280366][T18924] tipc: Disabling bearer <eth:syzkaller0>
[ 1043.337795][T18938] netlink: 'syz.2.4008': attribute type 1 has an invalid length.
[ 1043.386933][T18938] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1043.521789][ T4230] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1044.506968][ T4230] usb 2-1: Using ep0 maxpacket: 8
[ 1044.671781][ T4230] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1044.701502][T18965] device syzkaller0 entered promiscuous mode
[ 1044.709453][ T4230] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1044.735142][ T4230] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1044.751609][ T4230] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1044.761120][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1044.800576][ T4230] usb 2-1: config 0 descriptor??
[ 1044.836305][T18969] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1044.955878][T18972] device syzkaller0 entered promiscuous mode
[ 1045.304354][ T4230] mcp2221 0003:04D8:00DD.004B: unknown main item tag 0x0
[ 1045.329701][ T4230] mcp2221 0003:04D8:00DD.004B: unknown main item tag 0x0
[ 1045.379679][ T4230] mcp2221 0003:04D8:00DD.004B: unknown main item tag 0x0
[ 1045.397164][ T4230] mcp2221 0003:04D8:00DD.004B: unknown main item tag 0x0
[ 1045.433807][ T4230] mcp2221 0003:04D8:00DD.004B: unknown main item tag 0x0
[ 1045.469689][ T4230] mcp2221 0003:04D8:00DD.004B: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[ 1045.531999][T18988] netlink: 'syz.3.4022': attribute type 1 has an invalid length.
[ 1045.565455][ T4230] usb 2-1: USB disconnect, device number 49
[ 1045.646084][T18988] 8021q: adding VLAN 0 to HW filter on device bond8
[ 1046.489333][T19012] device syzkaller0 entered promiscuous mode
[ 1047.549785][T19025] (syz.2.4032,19025,1):ocfs2_fill_super:991 ERROR: superblock probe failed!
[ 1047.558917][T19025] (syz.2.4032,19025,1):ocfs2_fill_super:1177 ERROR: status = -22
[ 1048.095098][T19037] ptrace attach of "./syz-executor exec"[19038] was attempted by "./syz-executor exec"[19037]
[ 1048.795739][T19042] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1049.105429][T19051] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[ 1049.116944][T14750] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1049.141814][T19051] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1049.741694][T14750] usb 4-1: Using ep0 maxpacket: 8
[ 1049.861775][T14750] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1050.057335][T19058] binder: BINDER_SET_CONTEXT_MGR already set
[ 1050.071766][T19058] binder: 19057:19058 ioctl 4018620d 200000004a80 returned -16
[ 1050.341625][T19062] netlink: set zone limit has 8 unknown bytes
[ 1050.519633][T14750] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1050.548785][T19062] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4038'.
[ 1050.612716][T14750] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1050.642451][T14750] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1050.696704][T14750] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1050.734869][T14750] usb 4-1: config 0 descriptor??
[ 1050.769793][T14750] usb 4-1: can't set config #0, error -71
[ 1050.792860][T19069] bridge0: port 3(gretap0) entered blocking state
[ 1050.802958][T19069] bridge0: port 3(gretap0) entered disabled state
[ 1050.810263][T14750] usb 4-1: USB disconnect, device number 56
[ 1050.837731][T19069] device gretap0 entered promiscuous mode
[ 1050.993179][T19074] device syzkaller0 entered promiscuous mode
[ 1051.158295][T19092] 
[ 1051.160664][T19092] ======================================================
[ 1051.167692][T19092] WARNING: possible circular locking dependency detected
[ 1051.168261][T19096] loop2: detected capacity change from 0 to 7
[ 1051.174723][T19092] syzkaller #0 Not tainted
[ 1051.174737][T19092] ------------------------------------------------------
[ 1051.174743][T19092] syz.0.4048/19092 is trying to acquire lock:
[ 1051.174753][T19092] ffff888023f80120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0
[ 1051.174803][T19092] 
[ 1051.174803][T19092] but task is already holding lock:
[ 1051.174807][T19092] ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30
[ 1051.174846][T19092] 
[ 1051.174846][T19092] which lock already depends on the new lock.
[ 1051.174846][T19092] 
[ 1051.174851][T19092] 
[ 1051.174851][T19092] the existing dependency chain (in reverse order) is:
[ 1051.174858][T19092] 
[ 1051.174858][T19092] -> #1 (rtnl_mutex){+.+.}-{3:3}:
[ 1051.174880][T19092]        __mutex_lock_common+0x1e3/0x2400
[ 1051.174909][T19092]        mutex_lock_nested+0x17/0x20
[ 1051.184508][ T4912] Dev loop2: unable to read RDB block 7
[ 1051.185394][T19092]        ax25_setsockopt+0x859/0xa60
[ 1051.194749][ T4912]  loop2: AHDI p1 p2 p3
[ 1051.199174][T19092]        __sys_setsockopt+0x2bf/0x3d0
[ 1051.225590][ T4912] loop2: partition table partially beyond EOD, 
[ 1051.235277][T19092]        __x64_sys_setsockopt+0xb1/0xc0
[ 1051.235309][T19092]        do_syscall_64+0x4c/0xa0
[ 1051.235325][T19092]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1051.235344][T19092] 
[ 1051.235344][T19092] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}:
[ 1051.235369][T19092]        __lock_acquire+0x2c42/0x7d10
[ 1051.235390][T19092]        lock_acquire+0x19e/0x400
[ 1051.235406][T19092]        lock_sock_nested+0x44/0x100
[ 1051.235422][T19092]        ax25_device_event+0x217/0x4f0
[ 1051.235439][T19092]        raw_notifier_call_chain+0xcb/0x160
[ 1051.249350][ T4912] truncated
[ 1051.253499][T19092]        __dev_notify_flags+0x158/0x300
[ 1051.253528][T19092]        dev_change_flags+0xe3/0x1a0
[ 1051.253544][T19092]        dev_ifsioc+0x130/0xd50
[ 1051.253558][T19092]        dev_ioctl+0x545/0xe30
[ 1051.253571][T19092]        sock_do_ioctl+0x245/0x320
[ 1051.253586][T19092]        sock_ioctl+0x4d2/0x710
[ 1051.253599][T19092]        __se_sys_ioctl+0xfa/0x170
[ 1051.260674][ T4912] loop2: p1 start 1601398130 is beyond EOD, 
[ 1051.264799][T19092]        do_syscall_64+0x4c/0xa0
[ 1051.264825][T19092]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1051.264848][T19092] 
[ 1051.264848][T19092] other info that might help us debug this:
[ 1051.264848][T19092] 
[ 1051.264853][T19092]  Possible unsafe locking scenario:
[ 1051.264853][T19092] 
[ 1051.264857][T19092]        CPU0                    CPU1
[ 1051.264862][T19092]        ----                    ----
[ 1051.264866][T19092]   lock(rtnl_mutex);
[ 1051.264887][T19092]                                lock(sk_lock-AF_AX25);
[ 1051.264902][T19092]                                lock(rtnl_mutex);
[ 1051.264915][T19092]   lock(sk_lock-AF_AX25);
[ 1051.264926][T19092] 
[ 1051.264926][T19092]  *** DEADLOCK ***
[ 1051.264926][T19092] 
[ 1051.264931][T19092] 1 lock held by syz.0.4048/19092:
[ 1051.264942][T19092]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30
[ 1051.280794][ T4912] truncated
[ 1051.285731][T19092] 
[ 1051.285731][T19092] stack backtrace:
[ 1051.285740][T19092] CPU: 1 PID: 19092 Comm: syz.0.4048 Not tainted syzkaller #0
[ 1051.285758][T19092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1051.285767][T19092] Call Trace:
[ 1051.285774][T19092]  <TASK>
[ 1051.285780][T19092]  dump_stack_lvl+0x188/0x250
[ 1051.285801][T19092]  ? load_image+0x400/0x400
[ 1051.285816][T19092]  ? show_regs_print_info+0x20/0x20
[ 1051.285839][T19092]  ? print_circular_bug+0x12b/0x1a0
[ 1051.295199][ T4912] loop2: p2 start 1702059890 is beyond EOD, 
[ 1051.297688][T19092]  check_noncircular+0x296/0x330
[ 1051.297714][T19092]  ? stack_trace_snprint+0xf0/0xf0
[ 1051.303993][ T4912] truncated
[ 1051.309767][T19092]  ? add_chain_block+0x940/0x940
[ 1051.309793][T19092]  ? lockdep_lock+0xf1/0x1f0
[ 1051.555867][T19092]  ? mark_lock+0x94/0x320
[ 1051.560191][T19092]  __lock_acquire+0x2c42/0x7d10
[ 1051.565040][T19092]  ? mark_lock+0x94/0x320
[ 1051.569363][T19092]  ? verify_lock_unused+0x140/0x140
[ 1051.574548][T19092]  ? verify_lock_unused+0x140/0x140
[ 1051.579736][T19092]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1051.585707][T19092]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[ 1051.591681][T19092]  ? mark_lock+0x94/0x320
[ 1051.595999][T19092]  lock_acquire+0x19e/0x400
[ 1051.600587][T19092]  ? ax25_device_event+0x217/0x4f0
[ 1051.605745][T19092]  ? lock_chain_count+0x20/0x20
[ 1051.610696][T19092]  ? read_lock_is_recursive+0x10/0x10
[ 1051.616056][T19092]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1051.621592][T19092]  ? lockdep_hardirqs_on+0x94/0x140
[ 1051.626784][T19092]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1051.632142][T19092]  ? _local_bh_enable+0xa0/0xa0
[ 1051.636979][T19092]  lock_sock_nested+0x44/0x100
[ 1051.641731][T19092]  ? ax25_device_event+0x217/0x4f0
[ 1051.646960][T19092]  ax25_device_event+0x217/0x4f0
[ 1051.652127][T19092]  raw_notifier_call_chain+0xcb/0x160
[ 1051.657584][T19092]  __dev_notify_flags+0x158/0x300
[ 1051.662700][T19092]  ? __dev_change_flags+0x6a0/0x6a0
[ 1051.667896][T19092]  ? __dev_change_flags+0x4d0/0x6a0
[ 1051.673102][T19092]  ? dev_get_flags+0x1c0/0x1c0
[ 1051.677881][T19092]  ? __mutex_lock_common+0x465/0x2400
[ 1051.683256][T19092]  dev_change_flags+0xe3/0x1a0
[ 1051.688029][T19092]  dev_ifsioc+0x130/0xd50
[ 1051.692543][T19092]  ? dev_ioctl+0xe30/0xe30
[ 1051.697522][T19092]  ? apparmor_capable+0x12c/0x190
[ 1051.702895][T19092]  ? full_name_hash+0x8e/0xe0
[ 1051.707587][T19092]  dev_ioctl+0x545/0xe30
[ 1051.711842][T19092]  ? _copy_from_user+0x111/0x170
[ 1051.716902][T19092]  sock_do_ioctl+0x245/0x320
[ 1051.721500][T19092]  ? sock_show_fdinfo+0xb0/0xb0
[ 1051.726382][T19092]  sock_ioctl+0x4d2/0x710
[ 1051.730701][T19092]  ? sock_poll+0x410/0x410
[ 1051.735192][T19092]  ? bpf_lsm_file_ioctl+0x5/0x10
[ 1051.740161][T19092]  ? security_file_ioctl+0x7c/0xa0
[ 1051.745262][T19092]  ? sock_poll+0x410/0x410
[ 1051.749667][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1051.754258][T19092]  do_syscall_64+0x4c/0xa0
[ 1051.758680][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1051.763353][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1051.768182][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1051.774265][T19092] RIP: 0033:0x7fdd8ee1d799
[ 1051.778857][T19092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1051.801043][T19092] RSP: 002b:00007fdd8d035028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1051.809561][T19092] RAX: ffffffffffffffda RBX: 00007fdd8f097180 RCX: 00007fdd8ee1d799
[ 1051.818091][T19092] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004
[ 1051.826690][T19092] RBP: 00007fdd8eeb3c99 R08: 0000000000000000 R09: 0000000000000000
[ 1051.834665][T19092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1051.842986][T19092] R13: 00007fdd8f097218 R14: 00007fdd8f097180 R15: 00007ffda3b98d68
[ 1051.851060][T19092]  </TASK>
[ 1051.858023][T19092] ==================================================================
[ 1051.866210][T19092] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520
[ 1051.873950][T19092] Write of size 4 at addr ffff888024606bb8 by task syz.0.4048/19092
[ 1051.881939][T19092] 
[ 1051.883725][T19096] Dev loop2: unable to read RDB block 7
[ 1051.884264][T19092] CPU: 0 PID: 19092 Comm: syz.0.4048 Not tainted syzkaller #0
[ 1051.894597][T19096]  loop2: AHDI p1 p2 p3
[ 1051.897341][T19092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1051.897355][T19092] Call Trace:
[ 1051.897361][T19092]  <TASK>
[ 1051.897368][T19092]  dump_stack_lvl+0x188/0x250
[ 1051.905391][T19096] loop2: partition table partially beyond EOD, 
[ 1051.911658][T19092]  ? show_regs_print_info+0x20/0x20
[ 1051.911693][T19092]  ? _printk+0xda/0x130
[ 1051.911707][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1051.911728][T19092]  ? load_image+0x400/0x400
[ 1051.911743][T19092]  ? _raw_spin_lock_irqsave+0xbc/0x100
[ 1051.916086][T19096] truncated
[ 1051.918040][T19092]  print_address_description+0x60/0x2d0
[ 1051.918068][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1051.923266][T19096] loop2: p1 start 1601398130 is beyond EOD, 
[ 1051.929038][T19092]  kasan_report+0xdf/0x130
[ 1051.929065][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1051.929089][T19092]  kasan_check_range+0x235/0x290
[ 1051.935393][T19096] truncated
[ 1051.938524][T19092]  ax25_dev_device_down+0x35e/0x520
[ 1051.944076][T19096] loop2: p2 start 1702059890 is beyond EOD, 
[ 1051.948470][T19092]  ax25_device_event+0x4b4/0x4f0
[ 1051.948495][T19092]  raw_notifier_call_chain+0xcb/0x160
[ 1051.960098][T19096] truncated
[ 1051.962600][T19092]  __dev_notify_flags+0x158/0x300
[ 1051.962628][T19092]  ? __dev_change_flags+0x6a0/0x6a0
[ 1052.026923][T19092]  ? __dev_change_flags+0x4d0/0x6a0
[ 1052.032237][T19092]  ? dev_get_flags+0x1c0/0x1c0
[ 1052.037210][T19092]  ? __mutex_lock_common+0x465/0x2400
[ 1052.042604][T19092]  dev_change_flags+0xe3/0x1a0
[ 1052.047767][T19092]  dev_ifsioc+0x130/0xd50
[ 1052.052880][T19092]  ? dev_ioctl+0xe30/0xe30
[ 1052.057517][T19092]  ? apparmor_capable+0x12c/0x190
[ 1052.062548][T19092]  ? full_name_hash+0x8e/0xe0
[ 1052.067231][T19092]  dev_ioctl+0x545/0xe30
[ 1052.071479][T19092]  ? _copy_from_user+0x111/0x170
[ 1052.076403][T19092]  sock_do_ioctl+0x245/0x320
[ 1052.081214][T19092]  ? sock_show_fdinfo+0xb0/0xb0
[ 1052.086233][T19092]  sock_ioctl+0x4d2/0x710
[ 1052.090553][T19092]  ? sock_poll+0x410/0x410
[ 1052.094967][T19092]  ? bpf_lsm_file_ioctl+0x5/0x10
[ 1052.099922][T19092]  ? security_file_ioctl+0x7c/0xa0
[ 1052.105144][T19092]  ? sock_poll+0x410/0x410
[ 1052.109753][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1052.114361][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.118800][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1052.123596][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1052.128501][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.134415][T19092] RIP: 0033:0x7fdd8ee1d799
[ 1052.138852][T19092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1052.158990][T19092] RSP: 002b:00007fdd8d035028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1052.167407][T19092] RAX: ffffffffffffffda RBX: 00007fdd8f097180 RCX: 00007fdd8ee1d799
[ 1052.175474][T19092] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004
[ 1052.183595][T19092] RBP: 00007fdd8eeb3c99 R08: 0000000000000000 R09: 0000000000000000
[ 1052.192298][T19092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1052.200456][T19092] R13: 00007fdd8f097218 R14: 00007fdd8f097180 R15: 00007ffda3b98d68
[ 1052.208569][T19092]  </TASK>
[ 1052.211581][T19092] 
[ 1052.213985][T19092] Allocated by task 15455:
[ 1052.218399][T19092]  __kasan_kmalloc+0xb5/0xf0
[ 1052.222992][T19092]  ax25_dev_device_up+0x50/0x580
[ 1052.227921][T19092]  ax25_device_event+0x483/0x4f0
[ 1052.232928][T19092]  raw_notifier_call_chain+0xcb/0x160
[ 1052.238284][T19092]  __dev_notify_flags+0x194/0x300
[ 1052.243294][T19092]  dev_change_flags+0xe3/0x1a0
[ 1052.248046][T19092]  dev_ifsioc+0x130/0xd50
[ 1052.252361][T19092]  dev_ioctl+0x545/0xe30
[ 1052.256591][T19092]  sock_do_ioctl+0x245/0x320
[ 1052.261168][T19092]  sock_ioctl+0x4d2/0x710
[ 1052.265482][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1052.270055][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.274460][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.280349][T19092] 
[ 1052.282689][T19092] Freed by task 19092:
[ 1052.286761][T19092]  kasan_set_track+0x4b/0x70
[ 1052.292056][T19092]  kasan_set_free_info+0x1f/0x40
[ 1052.297171][T19092]  ____kasan_slab_free+0xd5/0x110
[ 1052.302367][T19092]  slab_free_freelist_hook+0xea/0x170
[ 1052.307824][T19092]  kfree+0xef/0x2a0
[ 1052.311622][T19092]  ax25_dev_device_down+0x1c0/0x520
[ 1052.316983][T19092]  ax25_device_event+0x4b4/0x4f0
[ 1052.321910][T19092]  raw_notifier_call_chain+0xcb/0x160
[ 1052.327358][T19092]  __dev_notify_flags+0x158/0x300
[ 1052.332387][T19092]  dev_change_flags+0xe3/0x1a0
[ 1052.337143][T19092]  dev_ifsioc+0x130/0xd50
[ 1052.341718][T19092]  dev_ioctl+0x545/0xe30
[ 1052.345961][T19092]  sock_do_ioctl+0x245/0x320
[ 1052.350594][T19092]  sock_ioctl+0x4d2/0x710
[ 1052.354910][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1052.359485][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.364066][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.369944][T19092] 
[ 1052.372254][T19092] Last potentially related work creation:
[ 1052.377953][T19092]  kasan_save_stack+0x35/0x60
[ 1052.382627][T19092]  kasan_record_aux_stack+0xb8/0x100
[ 1052.387988][T19092]  insert_work+0x54/0x3d0
[ 1052.392389][T19092]  __queue_work+0x9c5/0xd50
[ 1052.396876][T19092]  queue_work_on+0x124/0x1f0
[ 1052.401545][T19092]  call_usermodehelper_exec+0x2e3/0x520
[ 1052.407083][T19092]  __request_module+0x40b/0x980
[ 1052.411918][T19092]  dev_ioctl+0x3c0/0xe30
[ 1052.416231][T19092]  sock_do_ioctl+0x245/0x320
[ 1052.420807][T19092]  sock_ioctl+0x4d2/0x710
[ 1052.425119][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1052.429693][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.434098][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.439977][T19092] 
[ 1052.442285][T19092] Second to last potentially related work creation:
[ 1052.448883][T19092]  kasan_save_stack+0x35/0x60
[ 1052.453557][T19092]  kasan_record_aux_stack+0xb8/0x100
[ 1052.458830][T19092]  insert_work+0x54/0x3d0
[ 1052.463232][T19092]  __queue_work+0x9c5/0xd50
[ 1052.467840][T19092]  queue_work_on+0x124/0x1f0
[ 1052.472682][T19092]  inet6addr_event+0x9c/0xc0
[ 1052.477560][T19092]  atomic_notifier_call_chain+0x15d/0x280
[ 1052.483445][T19092]  ipv6_add_addr+0xb57/0xe10
[ 1052.488925][T19092]  inet6_addr_add+0x43a/0x9c0
[ 1052.493828][T19092]  inet6_rtm_newaddr+0x64c/0x8f0
[ 1052.498881][T19092]  rtnetlink_rcv_msg+0x844/0xf30
[ 1052.504067][T19092]  netlink_rcv_skb+0x1f5/0x440
[ 1052.509066][T19092]  netlink_unicast+0x774/0x920
[ 1052.514389][T19092]  netlink_sendmsg+0x8ba/0xbe0
[ 1052.519162][T19092]  __sys_sendto+0x46d/0x620
[ 1052.523658][T19092]  __x64_sys_sendto+0xda/0xf0
[ 1052.528499][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.532943][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.539044][T19092] 
[ 1052.541417][T19092] The buggy address belongs to the object at ffff888024606b00
[ 1052.541417][T19092]  which belongs to the cache kmalloc-192 of size 192
[ 1052.556142][T19092] The buggy address is located 184 bytes inside of
[ 1052.556142][T19092]  192-byte region [ffff888024606b00, ffff888024606bc0)
[ 1052.569546][T19092] The buggy address belongs to the page:
[ 1052.575182][T19092] page:ffffea0000918180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24606
[ 1052.585432][T19092] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 1052.592983][T19092] raw: 00fff00000000200 0000000000000000 0000000100000001 ffff888016c41a00
[ 1052.601558][T19092] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 1052.610227][T19092] page dumped because: kasan: bad access detected
[ 1052.616643][T19092] page_owner tracks the page as allocated
[ 1052.622436][T19092] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4189, ts 59339530407, free_ts 59317046001
[ 1052.638400][T19092]  get_page_from_freelist+0x1bbd/0x1ca0
[ 1052.643945][T19092]  __alloc_pages+0x1ee/0x480
[ 1052.648613][T19092]  new_slab+0xb6/0x4b0
[ 1052.652698][T19092]  ___slab_alloc+0x80a/0xdd0
[ 1052.657271][T19092]  __kmalloc_node+0x200/0x3b0
[ 1052.661932][T19092]  memcg_alloc_page_obj_cgroups+0x81/0x120
[ 1052.667830][T19092]  slab_post_alloc_hook+0xba/0x380
[ 1052.672973][T19092]  kmem_cache_alloc+0x100/0x290
[ 1052.677908][T19092]  sock_alloc_inode+0x17/0xb0
[ 1052.682591][T19092]  new_inode_pseudo+0x5f/0x210
[ 1052.687463][T19092]  __sock_create+0x129/0x900
[ 1052.692222][T19092]  __sys_socket+0xe2/0x170
[ 1052.696671][T19092]  __x64_sys_socket+0x76/0x80
[ 1052.701370][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.705879][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.711762][T19092] page last free stack trace:
[ 1052.716411][T19092]  free_unref_page_prepare+0x637/0x6c0
[ 1052.721866][T19092]  free_unref_page+0x8f/0x2a0
[ 1052.726528][T19092]  __unfreeze_partials+0x1a5/0x200
[ 1052.731629][T19092]  put_cpu_partial+0x12d/0x190
[ 1052.736509][T19092]  qlist_free_all+0x35/0x90
[ 1052.741450][T19092]  kasan_quarantine_reduce+0x150/0x160
[ 1052.746902][T19092]  __kasan_slab_alloc+0x2f/0xd0
[ 1052.751745][T19092]  slab_post_alloc_hook+0x4c/0x380
[ 1052.756853][T19092]  kmem_cache_alloc+0x100/0x290
[ 1052.761693][T19092]  getname_flags+0xb5/0x500
[ 1052.766202][T19092]  do_sys_openat2+0xdd/0x4b0
[ 1052.770800][T19092]  __x64_sys_openat+0x135/0x160
[ 1052.775644][T19092]  do_syscall_64+0x4c/0xa0
[ 1052.780056][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1052.785938][T19092] 
[ 1052.788246][T19092] Memory state around the buggy address:
[ 1052.793859][T19092]  ffff888024606a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1052.802083][T19092]  ffff888024606b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1052.810123][T19092] >ffff888024606b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1052.818163][T19092]                                         ^
[ 1052.824034][T19092]  ffff888024606c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1052.832162][T19092]  ffff888024606c80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 1052.840203][T19092] ==================================================================
[ 1052.899373][T19092] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1052.906688][T19092] CPU: 1 PID: 19092 Comm: syz.0.4048 Tainted: G    B             syzkaller #0
[ 1052.915653][T19092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1052.925904][T19092] Call Trace:
[ 1052.929279][T19092]  <TASK>
[ 1052.932213][T19092]  dump_stack_lvl+0x188/0x250
[ 1052.936904][T19092]  ? show_regs_print_info+0x20/0x20
[ 1052.942124][T19092]  ? load_image+0x400/0x400
[ 1052.946642][T19092]  panic+0x2e5/0x810
[ 1052.950570][T19092]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1052.956741][T19092]  ? bpf_jit_dump+0xd0/0xd0
[ 1052.961265][T19092]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 1052.967515][T19092]  ? _raw_spin_unlock+0x40/0x40
[ 1052.972439][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1052.977825][T19092]  check_panic_on_warn+0x80/0xa0
[ 1052.982787][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1052.988543][T19092]  end_report+0x6d/0xf0
[ 1052.992712][T19092]  kasan_report+0x102/0x130
[ 1052.997326][T19092]  ? ax25_dev_device_down+0x35e/0x520
[ 1053.002715][T19092]  kasan_check_range+0x235/0x290
[ 1053.007665][T19092]  ax25_dev_device_down+0x35e/0x520
[ 1053.012871][T19092]  ax25_device_event+0x4b4/0x4f0
[ 1053.017822][T19092]  raw_notifier_call_chain+0xcb/0x160
[ 1053.023220][T19092]  __dev_notify_flags+0x158/0x300
[ 1053.028374][T19092]  ? __dev_change_flags+0x6a0/0x6a0
[ 1053.033687][T19092]  ? __dev_change_flags+0x4d0/0x6a0
[ 1053.038908][T19092]  ? dev_get_flags+0x1c0/0x1c0
[ 1053.043692][T19092]  ? __mutex_lock_common+0x465/0x2400
[ 1053.049086][T19092]  dev_change_flags+0xe3/0x1a0
[ 1053.053862][T19092]  dev_ifsioc+0x130/0xd50
[ 1053.058378][T19092]  ? dev_ioctl+0xe30/0xe30
[ 1053.062804][T19092]  ? apparmor_capable+0x12c/0x190
[ 1053.068405][T19092]  ? full_name_hash+0x8e/0xe0
[ 1053.073143][T19092]  dev_ioctl+0x545/0xe30
[ 1053.077962][T19092]  ? _copy_from_user+0x111/0x170
[ 1053.083446][T19092]  sock_do_ioctl+0x245/0x320
[ 1053.088313][T19092]  ? sock_show_fdinfo+0xb0/0xb0
[ 1053.093292][T19092]  sock_ioctl+0x4d2/0x710
[ 1053.098542][T19092]  ? sock_poll+0x410/0x410
[ 1053.103066][T19092]  ? bpf_lsm_file_ioctl+0x5/0x10
[ 1053.108124][T19092]  ? security_file_ioctl+0x7c/0xa0
[ 1053.113396][T19092]  ? sock_poll+0x410/0x410
[ 1053.117825][T19092]  __se_sys_ioctl+0xfa/0x170
[ 1053.122430][T19092]  do_syscall_64+0x4c/0xa0
[ 1053.126851][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1053.131720][T19092]  ? clear_bhb_loop+0x30/0x80
[ 1053.136404][T19092]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1053.142290][T19092] RIP: 0033:0x7fdd8ee1d799
[ 1053.146700][T19092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1053.166650][T19092] RSP: 002b:00007fdd8d035028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1053.175088][T19092] RAX: ffffffffffffffda RBX: 00007fdd8f097180 RCX: 00007fdd8ee1d799
[ 1053.183187][T19092] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004
[ 1053.191644][T19092] RBP: 00007fdd8eeb3c99 R08: 0000000000000000 R09: 0000000000000000
[ 1053.200051][T19092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1053.208115][T19092] R13: 00007fdd8f097218 R14: 00007fdd8f097180 R15: 00007ffda3b98d68
[ 1053.216265][T19092]  </TASK>
[ 1053.219752][T19092] Kernel Offset: disabled
[ 1053.224079][T19092] Rebooting in 86400 seconds..