last executing test programs:

5m29.904676344s ago: executing program 3 (id=933):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x1, {0x2, 0xff, 0x3}, 0xfe}, 0x18)
sendmmsg(r0, &(0x7f0000000100)=[{{&(0x7f0000000040)=@can={0x1d, 0x0, 0xc7}, 0x80, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000400)="53dabf52f5bacfa47f1672bd8f5c722667c03abe6f23c5a680dcfd693235e85f809bf5ef1f7f5bdc3c799525af0fa3c9243290d14741f96a14f64172b930b1564c4de70d27e110ae4a3584744694b37d9c6b9df26d7a3f115a836bb3b5ca340db94da6ad5991f89121d358eda762c79a08a764a86d2cf22e5af22630befd70b3acd8696d81e38dd2febb6fb8a56b500147a5c4ce1e1d1b8170bbf595a43bc555bd15b0ce493e1fc62e1d9d622657ecb355957cf86c15e6844af4db136b7dea09c277ec91fb702f887927b34ddacf3bfec1b032f772019b76dbabcfec247ef3ced6a682e036cd2e1aa5374903d23e1b554b26e424449a8ff04b019b8ccbaded49d9e7e7b770eb94c4665cebaab6ac64466728b507eb293f60addcdb3fee5355d0e8a1760847be95c51e3869341b7c79cee2ade0a6f1b413c6ce98a0c164856fac64d93faf425d544c544d7350882195910428a6c8513695e39638c09fed546ea0d3f6f67879e4c2f936a0d64c118629ef78278043226c8c8e9349e647de02789dc60e72229d2d2133238dd92c2950a3530dd6a548274f13babe791876e053abf109656ad5d5a6a1162c5872ff710813b93fc3965789f30ed9e200c76419dbf10d9a80c8a23089b7cb7e5308fc2ac1f420f194baa2370e581dd785540652915ac2a535678d378d666f06751020d68085d47e455433ade5471489d4164dac3bfbd253c49e91dca900fa1e3087e5c0910b770efd17bf48ab3d059e1de2c0f67b8d0ff5ee775be4d0da394f439341193f5aa5da52a33634be99007db81a5a607a735f7cd8c8af36245410a45fd1eb85425f4ce5124bfb92c0b36823589259a1f5bee86bc37a9c8321db14f908f550fb5f7bd5600db5659c3e8b43d6340a0981fae5a98b6d16a0c37e49c807296e965782cc9cd057dfba639797362a6400935ddba6efa0f4e4cc2938fe5d", 0x2a8}], 0x2}}], 0x1, 0xf5)

5m29.703931885s ago: executing program 3 (id=935):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000980)={0x18, 0x1402, 0x1, 0x70bd2b, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)

5m29.703731505s ago: executing program 3 (id=936):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0xc00, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x181240, 0x4e)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
listen(r0, 0xa1)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_async', 0x42, 0xbc)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48881)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

5m28.725879145s ago: executing program 3 (id=945):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

5m28.607948746s ago: executing program 3 (id=947):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29c}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x86}, 0x69}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="27030200dc0f14000e00003c0ff000000000ff840000000200000003125ce882cbf490d908f1523f00", 0x29}, {&(0x7f0000002680)="76e69c0141b4", 0x6}], 0x2}, 0x4005)

5m27.385865976s ago: executing program 3 (id=955):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0xc00, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x181240, 0x4e)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
listen(r0, 0xa1)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_async', 0x42, 0xbc)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48881)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

5m27.217619755s ago: executing program 32 (id=955):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0xc00, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x181240, 0x4e)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
listen(r0, 0xa1)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_async', 0x42, 0xbc)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48881)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

3m43.197300776s ago: executing program 5 (id=1237):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x56f2, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00')
writev(r3, &(0x7f0000003740)=[{&(0x7f00000001c0)='deny', 0x4}], 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001480)={0x0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pselect6(0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, &(0x7f0000005b00)={&(0x7f0000005ac0)={[0x2]}, 0x8})
r4 = fsopen(&(0x7f00000006c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000)
getdents(0xffffffffffffffff, 0x0, 0xffffffffffffff6d)
socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0x0, 0x11, 0x148, 0x0, 0x0, 0x190, 0x2a8, 0x2a8, 0x190, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x6, 0xd04, 'netbios-ns\x00', {0x5}}}}, {{@ip={@multicast1, @private=0xa010102, 0xffffffff, 0xffffff00, 'nr0\x00', 'macsec0\x00', {0xff}, {}, 0x6, 0x2, 0x8}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)

3m40.533921782s ago: executing program 5 (id=1241):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10)
socket(0x40000000015, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x200048c4)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x300)
setsockopt$inet_int(r0, 0x0, 0xd, 0x0, 0x0)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

3m38.664854114s ago: executing program 5 (id=1244):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mq_open(&(0x7f0000000180)='.\\\x00', 0x2, 0x40, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000007580)=[{&(0x7f0000006280)=""/76, 0x4c}, {&(0x7f00000064c0)=""/34, 0x22}], 0x2)
ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f00000000c0))
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000280), &(0x7f00000002c0)=@v1={0x1000000, [{0x38000000, 0x53f5}]}, 0xc, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x25dfdbfc, [@sadb_key={0x2, 0x8, 0x8, 0x0, 'f'}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x2b, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000380)=""/39, 0x27}], 0x1, 0x0, 0xfffffffd)
r3 = syz_open_dev$dvb_frontend(0x0, 0x0, 0x0)
ioctl$FE_GET_PROPERTY(r3, 0x80106f53, &(0x7f0000000400)={0x4, &(0x7f00000000c0)=[{0x31, '\x00', @st={0x4, [{0x1, @svalue=0x9}, {0x1, @svalue=0x6}, {0x0, @uvalue=0x57f5}, {0x0, @svalue=0xffffffffffffc68f}]}, 0x7}, {0x1f, '\x00', @st={0x4, [{0x3, @svalue=0x895}, {0x1, @svalue=0x54}, {0x2, @uvalue=0x9}, {0x3, @svalue=0x9}]}, 0x6}, {0x1a, '\x00', @buffer={"ae2ea93f39e9d72df9e1079b55913355f933502c0a9975e7de66b90754f408ec", 0x20}, 0x6}, {0x3, '\x00', @data=0x6, 0x8}]})

3m37.419355668s ago: executing program 5 (id=1247):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x418, 0x208, 0x208, 0xffffffff, 0x2b0, 0x168, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x130, 0x168, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "48ae43e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478)
ioctl$INCFS_IOC_FILL_BLOCKS(r3, 0x80106720, 0x0)
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000dc0), 0x100, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r5, 0x0, 0x805)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$dvb_dvr(0x0, 0x0, 0x100)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1816c1, 0x1ff)
close(r6)
execve(&(0x7f0000000380)='./file1\x00', 0x0, 0xfffffffffffffffe)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_type(r7, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r8, &(0x7f0000000280), 0x9)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_NUM_PEER_NOTIF={0x5, 0x10, 0x7}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22004002}, 0x4040800)

3m35.634716761s ago: executing program 5 (id=1251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x4000000, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0xc0)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000480)="b310fad079935150aaf84313356a198665e47a670c1f3b0543a3d1e708117d32d89b953f7b6c71cbb3f732123508ac9395aaa712f6682919af0eb17478f4cc2beb6a31bee448c20d07a904d59b505e2e2f91c408fb0a061ccdfc907e3b458c39ce6577a1c5b9fb4a24f91f45e544ea2480edda3443cada9288890bf06ddd956a6a734f039d1da8b300c8b88287c18dc2933affcf69f70299729a18fc3a2f1898883ddcc56eb2fc0645af3d464ae01673420cbda0e0cd764b0d", 0xb9)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000005c0)={0xffffffffffffffff, 0x800, {0x2a00, 0x80010000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001280)={r5, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})

3m29.307886148s ago: executing program 5 (id=1260):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0xa, 0x3, 0x3a)
socket$key(0xf, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r1, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x10}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
getrusage(0xfffffffffffffffe, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1a000000090020221b1f8cee", @ANYRESOCT], 0x50)
ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d3, &(0x7f0000000100))

3m12.922018078s ago: executing program 33 (id=1260):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0xa, 0x3, 0x3a)
socket$key(0xf, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r1, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x10}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
getrusage(0xfffffffffffffffe, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1a000000090020221b1f8cee", @ANYRESOCT], 0x50)
ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d3, &(0x7f0000000100))

1m2.90275443s ago: executing program 2 (id=1774):
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc000, 0x0)
mount(0x0, &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0)='sysfs\x00', 0x8000, 0x0)
truncate(&(0x7f00000000c0)='./file0\x00', 0x240)

1m2.677490349s ago: executing program 2 (id=1775):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, &(0x7f0000001680), 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0xc0d0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))

58.90364996s ago: executing program 2 (id=1789):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/227, 0xe3}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000001d80)=""/161, 0xa1}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000002d00)=""/128, 0x80}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/88, 0x58}], 0x8}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0x8}], 0x6, 0x40000100, 0x0)

58.447790226s ago: executing program 2 (id=1791):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000640)='./file0/../file0\x00')

58.235927896s ago: executing program 2 (id=1795):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)

56.892813447s ago: executing program 2 (id=1800):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c8000000020101020000000000000000000000006c00028006000340000400001400"], 0xc8}, 0x1, 0x0, 0x0, 0x4048040}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000480), 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000005c0)={r5, 0x800, {0x2a00, 0x80010000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r6 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x8a502)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
semctl$SETVAL(0x0, 0x1, 0x8, 0x0)
semctl$SETALL(0x0, 0x0, 0x9, &(0x7f0000000200)=[0x1c, 0x7, 0x9b])
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001280)={r4, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000010000000000000000000000850000008700000018010000202073250000c986bfbcc24de92dd2b9eb29030000002020207b1af8ff00000000bfa10000000000000700b7030000feffffff850000007b0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

56.762527433s ago: executing program 34 (id=1800):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c8000000020101020000000000000000000000006c00028006000340000400001400"], 0xc8}, 0x1, 0x0, 0x0, 0x4048040}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000480), 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000005c0)={r5, 0x800, {0x2a00, 0x80010000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r6 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x8a502)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
semctl$SETVAL(0x0, 0x1, 0x8, 0x0)
semctl$SETALL(0x0, 0x0, 0x9, &(0x7f0000000200)=[0x1c, 0x7, 0x9b])
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001280)={r4, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000010000000000000000000000850000008700000018010000202073250000c986bfbcc24de92dd2b9eb29030000002020207b1af8ff00000000bfa10000000000000700b7030000feffffff850000007b0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

7.317231526s ago: executing program 4 (id=2118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x0, 0x8000000000000001, 0x7, 0x6, 0x7f, 0x7fffffff}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000080)="ba", 0x1, 0x40844, &(0x7f00000001c0)={0x11, 0x2, r5, 0x1, 0xdb, 0x6, @random="b4112d397bb5"}, 0x14)

6.451943831s ago: executing program 7 (id=2121):
r0 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x42ab, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000100)=""/122, 0x7a}], 0x1}, 0x4}], 0x1, 0x40000020, 0x0)

6.239905574s ago: executing program 7 (id=2125):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@gettfilter={0x2c, 0x2e, 0x10, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0xffff, 0x5}, {0x0, 0x8}}, [{0x8, 0xb, 0x5}]}, 0x2c}}, 0x4008080)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000007000010010ab4be68e8da23507000000", @ANYRES32=r2, @ANYBLOB="100001800400"], 0x28}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

6.239656633s ago: executing program 7 (id=2126):
socket$l2tp6(0xa, 0x2, 0x73)
r0 = socket$inet(0x2, 0x3, 0x2)
close(0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
socket(0x14, 0x2, 0x4)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)

3.819550352s ago: executing program 1 (id=2133):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)

3.527886197s ago: executing program 7 (id=2134):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="01980000000000001c0012800b00010067656e65766500000c00028005000300010000", @ANYRES16=r0], 0x3c}, 0x1, 0x0, 0x0, 0x24000016}, 0x4000082)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendfile(r3, r4, 0x0, 0xffffffff004)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
close(r5)
unshare(0x20000400)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0x1338000, 0x800}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r7, 0x0, 0x1b, 0x0, &(0x7f0000000000)="b905000000d5712c045ca325475c691460b800000000f30981fd1a", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x88d}, 0x50)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b9b423e381b5f000000000000000000000000000071409d0dff0c20c6835fa3acfbd821926227052883202ee74b8d131717defb1252a4c6dc178d93a4443a5fe1c0453719c5f71cc72d636671b325d03f6f33712795829fe8dca3148bf62742cabb1fef211c117f93cc79fe4e3d6b91af7118f21e3ae699d9c7a753a6613eafecd2ba45094588afcd0318744673005fd1664aa2777a05250ca6a8c31480a3a8da7448ed4df9c6258b80de3b58"], 0x78)

2.79512659s ago: executing program 1 (id=2136):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10)

2.642122791s ago: executing program 4 (id=2138):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/uts\x00')
socket(0x8, 0x3, 0x3)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0xffff, @loopback}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4000)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PPPIOCUNBRIDGECHAN(r2, 0x7434)

2.621779587s ago: executing program 0 (id=2139):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="600000001000030400000000fedbdf2500007400f728ab93db3c140d69363e3273752c18fb3ff28f25abc8f645000ea41d2c292d330aaf5f6c5bf158a72d1c01b4de725a894ffa6fc8934ef3402a646fc57b88bf57de4902c3699b4f6c9b7fa498e9356c7906056c02f02b4f9b6708737b9fe80ffb8fda620b071256eb58a45c85d673480dcf8a9036c4ea97302c3a5dbcfe7135c8ac04e1fd50fb", @ANYRES32=r1, @ANYBLOB="0008000000000000400034801400350076657468315f766c616e0000000000001400350076657468305f746f5f7465616d00000014003500776c616e3000"/72], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
setsockopt(0xffffffffffffffff, 0xc, 0x7f, 0x0, 0x0)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fbdbdd250401f2800c00160002ac0f0000000000140017"], 0x114}], 0x1, 0x0, 0x0, 0x41}, 0x4008080)
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f00000007c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @null, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
connect$rose(r9, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)
connect$rose(r9, &(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @null}, 0x1c)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000340)={0xfffbfffc, 0x2000000, 0x5, 0x6}, 0x10)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wrr\x00', 0x11, 0xff, 0xf}, 0x2c)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="7800000010000104fcfffffffcdbdf2500000000", @ANYBLOB="c1eba4c6cf4a98e37f4691347e0765dc6e66eb3c3c4a0f85fd89eee9ce3018b8e5fbec544de0d40f4bd3848f5f6e62d4902f5933ebe6dc963272b14abbdd881e25a338a75616b473e0d9669a28ecc85ff3f97250149f41569d4489f831", @ANYBLOB="0315000000000000480012800b0001006772657461700000380002800400120008001500d570020005001300000000000800050000000000050008000900010005000a000000000008000400ff0300000800b5a5", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x78}, 0x1, 0x0, 0x0, 0x24000891}, 0x0)
syz_extract_tcp_res$synack(&(0x7f00000001c0), 0x1, 0x0)

2.560049985s ago: executing program 1 (id=2140):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f0000000240), 0x0, 0x24000044, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='highspeed', 0x41)
shutdown(r0, 0x1)

2.515897578s ago: executing program 1 (id=2141):
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
rmdir(&(0x7f0000000140)='./file1\x00')
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(r3, 0x0, 0xf3)
chdir(&(0x7f0000000200)='./file0\x00')
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)

2.454750906s ago: executing program 4 (id=2142):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
readv(r5, &(0x7f0000000080), 0x0)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r8=>0x0})
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0x1}, 0x2}, 0x18)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000202}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x400c800}, 0x4000000)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)

2.079872557s ago: executing program 7 (id=2143):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, &(0x7f0000001680), 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0xc0d0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))

2.015979925s ago: executing program 0 (id=2144):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)={0x24, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
socket$pppoe(0x18, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet(0x2, 0x3, 0x2)
socket(0x1e, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001000), r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r3, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001d"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc31fe084736598c)

2.015741455s ago: executing program 4 (id=2145):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)

1.944759502s ago: executing program 0 (id=2146):
r0 = socket$tipc(0x1e, 0x2, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
bind$tipc(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000000)=0x1, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b2a, &(0x7f0000000040))
ioctl(r3, 0x8b1a, &(0x7f0000000040))

1.889809121s ago: executing program 6 (id=2147):
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x8f5, 0x100000000000000)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000500)=0x2)
ioctl$PPPIOCBRIDGECHAN(r3, 0x40047435, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x88001, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000500)=0x2)

1.750052456s ago: executing program 4 (id=2148):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xa}, 0x94)
socket$netlink(0x10, 0x3, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x1e, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {}, {0x0, 0x1}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0xc9, 0x8}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.748213266s ago: executing program 6 (id=2149):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)

1.360690764s ago: executing program 1 (id=2150):
preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000580)=""/85, 0x55}], 0x1, 0x0, 0xffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="66b8006800000f23c80f21f86635080000000f23f80f00d166b8519900000f23d00f21f86635000000000f23f80f20e06635400000000f22e02665f30f22e40f0f14a0b806018ed00f0fbd0070bf360f23892e650f32", 0x56}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x48, 0x0, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x101)
r4 = syz_open_procfs(0x0, &(0x7f0000000840)='net/igmp6\x00')
pread64(r4, &(0x7f0000000100)=""/220, 0xdc, 0x81)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

777.503684ms ago: executing program 7 (id=2151):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r0, &(0x7f0000000280)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={<r1=>0x0, 0xf32f, 0xfe000000}, &(0x7f00000000c0)=0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1e000000000000002200000009", @ANYRES16=r0, @ANYRES32=r0, @ANYRESHEX=r0], 0x33)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="0008000000000000400034801400350076657468315f766c616e0000000000001400350076657468305f746f5f7465616d00000014003500776c616e3000000000000000"], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x20004010)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'tunl0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000100)={'wg1\x00'})
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x6400c095}, 0x8010)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, 0x0, 0x4008080)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f00000007c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @null, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)
connect$rose(r7, &(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @null}, 0x1c)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x810, 0x208, 0xe, 0x2, 0x3, 0x8, 0x9, r1}, 0x20)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
connect$ax25(r0, 0x0, 0x0)
syz_emit_ethernet(0x80, &(0x7f0000000580)=ANY=[], 0x0)

616.901285ms ago: executing program 6 (id=2152):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2b, 0x1, 0x1)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$kcm(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000280), &(0x7f0000000000)=r1}, 0x20)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x11, &(0x7f00000005c0)={@remote, @random="001a00e100", @void, {@mpls_uc={0x8847, {[], @llc={@llc={0x42, 0xaa, "d4"}}}}}}, 0x0)

599.436682ms ago: executing program 0 (id=2153):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
write$tun(r1, 0x0, 0xffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x300}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000040000701feffffff00000000017c0000040042801c00018006000600050a0000100004002524298d275c232f262d2b00040002"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)

596.085351ms ago: executing program 4 (id=2154):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2201, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000100)="48e5205d35c0d9c693431fccf558e1c3b1b81b0b9ff8cb5a0213bf47", 0x1c}], 0x2)

556.154373ms ago: executing program 6 (id=2155):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000200000000050037000000000008000200", @ANYRES32=r3, @ANYBLOB="06000600fe00000006000400f6ff0000"], 0x50}, 0x4, 0x700000000000000}, 0x0)

411.316347ms ago: executing program 0 (id=2156):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'erspan0\x00'})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x1, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56441, 0x70b925, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0xfff3, 0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x200c000)
ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

410.508097ms ago: executing program 1 (id=2157):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x40)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000980)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd600a843500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200a50ee9"], 0x0)

295.813305ms ago: executing program 6 (id=2158):
ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000140)={<r0=>0xffffffffffffffff, &(0x7f00000005c0)='/,-:@\x00\x1a\xac\xc4\xa1J\x17R\x7f\xba\xd54\x03\x01\xc9\x7f\xec_U\x9c\x02\xbd\x87\x88\x1c)5\x14?Xk\xa7h\x11\x81\xa2Qr\xcb\xf6>NA\xa1(\x13\x90\x87\xa1i\xe4\xe8\xdd\xf3\xe2\x88\x05)\x1c\x1aN1\xb6\x88R\x928\x9dD\xcc\x94\x84\xb7\xd6\xd4\xf1F\xbb]\xf7z5Ao\xb5\xfd\rL\x9dQ\x8aFk\xbc\xf6eG\x84\x97\x9d\x0e\x18V\xb0~`\x83@A\x17\xcd6\x18&\x1f\x0fB\x02H\x9b\xefM\x15\x83\xe7\x0e\x03\xa6\x81o.\x02\x1d=+\xd10\xd9\xa3\xf6\x16\xa9z\xa0D\'\x9c\x95\xfd^\xbbpB]\xfe+\xd5\x10<\xb3\x98?\xb3\v\xf1\n\x9f\xb9w\xad\x06\x1co\xc9\r\xee<\xa4\x11\r\x91]\x17\x18\xb5\xe2#\xb0\xad>\xd9\xbdwr\x95\xc2B\aG\x9e\x97\xfc\xba\x97f\r\xb2\xbb \xbctX\x8a', 0x100, &(0x7f0000000080)={@align=0x6, {0x7, 0x7fff, 0x7ff, 0x8}}, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x3})
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x64, r1, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfffffffb}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfff}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x47d4c1fe}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fffffff}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r2, 0x104, 0x4, 0x0, &(0x7f0000000040))
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3062b, 0x980c}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x1}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'geneve1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000226bd7000ffdbdf25180000001800308014000400c1c6fcb751a3b5f4691be9f7cf7882bb08000300", @ANYRES32=r6, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x48090}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r2, 0xc0385868, &(0x7f00000009c0)={<r10=>r0, &(0x7f0000000700)='\x00', 0x80080, &(0x7f0000000740)={@align=0x2, {0x0, 0x7f, 0x3, 0x40}}, 0x8, &(0x7f0000000780), &(0x7f0000000800)=0xfff})
sendmsg$NBD_CMD_RECONFIGURE(r9, &(0x7f0000000b00)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x90, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x40, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r10}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x80000001}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x7}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xffffffffffffbe9b}]}, 0x90}}, 0x20040000)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), r3)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r8, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x74, r11, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_LEVEL={0x34, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x85}, 0x20040080)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r12, 0x0, '\x00', 0x0, 0x0}, 0x50)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800621060090390000100002"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r3)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000200)={'wpan1\x00', <r16=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x78, r15, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x78}, 0x1, 0x0, 0x0, 0x10}, 0x4000810)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x110}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r13}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r7, &(0x7f0000004680)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000004600)={0x18, 0x1404, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x48081}, 0x4)
r17 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r17, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=@newtaction={0x48, 0x32, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x200408d0}, 0x0)

142.616247ms ago: executing program 0 (id=2159):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0xffff89f5}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_emit_ethernet(0x42, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0xa, "09df168a00000000"}]}}}}}}}, 0x0)

0s ago: executing program 6 (id=2160):
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
rmdir(&(0x7f0000000140)='./file1\x00')
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(r3, 0x0, 0xf3)
chdir(&(0x7f0000000200)='./file0\x00')
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)

kernel console output (not intermixed with test programs):

 to 1024
[  345.865901][ T7533] FAT-fs (loop3): Filesystem has been set read-only
[  345.872989][ T7533] attempt to access beyond end of device
[  345.872989][ T7533] loop3: rw=524288, want=2073, limit=128
[  345.899120][ T7533] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  345.910200][ T7533] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  345.918912][ T7541] Cannot find add_set index 65532 as target
[  345.944327][ T7537] EXT4-fs (loop0): inline encryption not supported
[  345.968531][ T7537] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  345.992506][ T7532] attempt to access beyond end of device
[  345.992506][ T7532] loop3: rw=0, want=2073, limit=128
[  346.007833][ T7533] attempt to access beyond end of device
[  346.007833][ T7533] loop3: rw=0, want=2073, limit=128
[  346.036303][ T7537] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,norecovery,nombcache,grpquota,discard,user_xattr,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000001,nodiscard,,errors=continue. Quota mode: writeback.
[  346.074973][ T7540] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  346.083153][ T7540] attempt to access beyond end of device
[  346.083153][ T7540] loop3: rw=524288, want=2073, limit=128
[  346.109707][ T7532] attempt to access beyond end of device
[  346.109707][ T7532] loop3: rw=0, want=2073, limit=128
[  346.121452][ T7540] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  346.235278][ T7540] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  346.243635][ T7540] attempt to access beyond end of device
[  346.243635][ T7540] loop3: rw=0, want=2073, limit=128
[  346.255547][ T7540] attempt to access beyond end of device
[  346.255547][ T7540] loop3: rw=0, want=2073, limit=128
[  346.268931][ T7533] attempt to access beyond end of device
[  346.268931][ T7533] loop3: rw=0, want=2073, limit=128
[  346.301972][ T7533] attempt to access beyond end of device
[  346.301972][ T7533] loop3: rw=0, want=2073, limit=128
[  346.316571][ T7533] attempt to access beyond end of device
[  346.316571][ T7533] loop3: rw=0, want=2073, limit=128
[  346.325287][ T7546] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  346.375418][ T7546] device syzkaller0 entered promiscuous mode
[  346.484347][ T7546] tipc: Resetting bearer <eth:syzkaller0>
[  346.508232][ T7545] tipc: Resetting bearer <eth:syzkaller0>
[  346.542862][ T7545] tipc: Disabling bearer <eth:syzkaller0>
[  347.249268][ T7563] overlayfs: failed to resolve './file0': -2
[  347.458108][ T7571] loop1: detected capacity change from 0 to 512
[  347.634793][ T7571] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x000000000000007f,,errors=continue. Quota mode: writeback.
[  347.703739][ T7571] ext4 filesystem being mounted at /199/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.921049][ T7577] netlink: 64 bytes leftover after parsing attributes in process `syz.4.926'.
[  348.377167][ T7584] Cannot find add_set index 65532 as target
[  348.388910][ T7585] loop2: detected capacity change from 0 to 2048
[  348.459541][ T4174] Alternate GPT is invalid, using primary GPT.
[  348.470866][ T4174]  loop2: p2 p3 p7
[  348.771446][ T7585] Alternate GPT is invalid, using primary GPT.
[  348.826688][ T7585]  loop2: p2 p3 p7
[  348.840614][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.934'.
[  348.856338][ T7590] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  348.916631][ T7601] vxcan0: tx drop: invalid sa for name 0x0000000000000001
[  349.403563][ T7617] overlayfs: failed to resolve './file0': -2
[  349.569682][ T7621] loop2: detected capacity change from 0 to 512
[  349.595218][ T7621] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.942: invalid indirect mapped block 4294967295 (level 1)
[  349.615763][ T7621] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.942: invalid indirect mapped block 4294967295 (level 1)
[  349.626904][ T5577] udevd[5577]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  349.636307][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory
[  349.649846][ T7621] EXT4-fs (loop2): 2 truncates cleaned up
[  349.659271][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  349.672207][ T7621] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,init_itable=0x0000000000004004,nojournal_checksum,acl,nobarrier,,errors=continue. Quota mode: writeback.
[  349.808265][ T7625] loop4: detected capacity change from 0 to 1024
[  349.818907][ T7621] EXT4-fs (loop2): re-mounted. Opts: noauto_da_alloc,user_xattr,init_itable=0x0000000000004004,nojournal_checksum,acl,nobarrier,. Quota mode: writeback.
[  349.910914][ T7625] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  349.989682][ T7628] loop2: detected capacity change from 0 to 1764
[  349.990008][ T7625] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000004,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000346,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none.
[  350.164397][   T26] audit: type=1800 audit(1773178943.002:4): pid=7625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.943" name="file1" dev="loop4" ino=15 res=0 errno=0
[  350.175375][ T7628] ISOFS: Unable to identify CD-ROM format.
[  350.214030][ T7633] loop0: detected capacity change from 0 to 2048
[  350.346136][ T7633] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,,errors=continue. Quota mode: none.
[  351.189945][ T7646] netlink: 'syz.4.950': attribute type 49 has an invalid length.
[  351.515327][ T7660] loop1: detected capacity change from 0 to 512
[  352.403431][ T7663] overlayfs: failed to resolve './file1': -2
[  352.628366][ T7669] loop4: detected capacity change from 0 to 512
[  352.636230][ T7665] loop1: detected capacity change from 0 to 1024
[  352.649163][ T7671] loop2: detected capacity change from 0 to 256
[  352.703375][ T7669] EXT4-fs (loop4): Ignoring removed oldalloc option
[  352.750815][ T7665] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,journal_dev=0x00000000000000ff,nombcache,nobarrier,init_itable,errors=remount-ro,. Quota mode: none.
[  352.821025][ T7669] EXT4-fs (loop4): 1 truncate cleaned up
[  352.849164][ T7669] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,bsdgroups,lazytime,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000001,. Quota mode: writeback.
[  352.948999][ T7681] handle_bad_sector: 2434 callbacks suppressed
[  352.949020][ T7681] attempt to access beyond end of device
[  352.949020][ T7681] loop2: rw=2049, want=352, limit=256
[  353.902160][ T7688] netlink: 'syz.2.966': attribute type 28 has an invalid length.
[  353.963023][   T26] audit: type=1326 audit(1773178946.567:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7693 comm="syz.4.967" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84d0270799 code=0x0
[  354.116278][ T7678] chnl_net:caif_netlink_parms(): no params data found
[  355.618349][ T4173] Bluetooth: hci0: command 0x0409 tx timeout
[  355.794336][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.809633][ T7678] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.871810][ T7678] device bridge_slave_0 entered promiscuous mode
[  355.919892][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.952725][ T7678] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.044051][ T7717] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  356.055391][ T7717] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  356.079244][ T7678] device bridge_slave_1 entered promiscuous mode
[  356.666549][ T7719] device bond_slave_0 entered promiscuous mode
[  356.673284][ T7719] device bond_slave_1 entered promiscuous mode
[  356.776045][ T7719] device vlan2 entered promiscuous mode
[  356.783584][ T7719] device bond0 entered promiscuous mode
[  356.829215][ T7678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.883122][ T7678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.951756][ T7721] loop2: detected capacity change from 0 to 256
[  357.024874][ T7678] team0: Port device team_slave_0 added
[  357.046243][ T7678] team0: Port device team_slave_1 added
[  357.104348][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.107744][ T7721] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  357.111490][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.152432][ T7678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.209442][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.216590][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.297200][ T7678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.386411][ T7678] device hsr_slave_0 entered promiscuous mode
[  358.055417][ T4173] Bluetooth: hci0: command 0x041b tx timeout
[  358.089904][   T26] audit: type=1800 audit(1773178950.423:6): pid=7721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.977" name="file1" dev="loop2" ino=1048598 res=0 errno=0
[  358.112154][ T7678] device hsr_slave_1 entered promiscuous mode
[  358.141959][ T7678] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  358.160699][ T7678] Cannot create hsr debugfs directory
[  358.416342][ T7741] usb usb7: usbfs: process 7741 (syz.2.984) did not claim interface 0 before use
[  358.526105][ T7678] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  358.556043][ T7678] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  358.579173][ T7678] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  358.609416][ T7678] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  358.861069][ T7749] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  358.872597][ T7749] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  359.300147][ T7678] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.576282][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  359.628212][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  359.679006][ T7678] 8021q: adding VLAN 0 to HW filter on device team0
[  359.749551][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  359.759411][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  359.768147][ T4977] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.775305][ T4977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.784572][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  359.823447][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  359.838545][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  359.879894][ T1275] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.887042][ T1275] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.897665][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  360.029317][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  360.091030][ T7678] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  360.101619][ T7678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  360.185688][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  360.217456][ T4271] Bluetooth: hci0: command 0x040f tx timeout
[  360.285356][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  360.295416][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  360.304706][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  360.316708][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  360.325616][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  360.339158][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  360.435041][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  360.491184][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  360.954716][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  361.255823][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  361.270737][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  361.283283][ T7678] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.401097][ T7775] Cannot find add_set index 65532 as target
[  361.585522][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  361.606901][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  361.680793][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  361.854783][ T7800] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  361.865171][ T7800] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  362.434188][ T4230] Bluetooth: hci0: command 0x0419 tx timeout
[  362.605967][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  362.635476][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  362.673833][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  362.734464][ T7678] device veth0_vlan entered promiscuous mode
[  362.770293][ T7678] device veth1_vlan entered promiscuous mode
[  362.851251][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  362.873419][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  362.908611][ T7678] device veth0_macvtap entered promiscuous mode
[  362.939732][ T7678] device veth1_macvtap entered promiscuous mode
[  363.154640][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.166408][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.188049][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.202265][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.214709][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.299897][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.712849][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.735694][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.765063][ T7678] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.941650][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  363.958155][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  363.975581][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  363.989202][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  364.010418][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.224181][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.235347][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.246448][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.256822][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.267843][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.278033][ T7678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.290682][ T7678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.302982][ T7678] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.326478][ T7678] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.362352][ T7678] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.417990][ T7678] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.428175][ T7678] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  365.152178][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  365.218406][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  365.270101][ T7840] loop2: detected capacity change from 0 to 2048
[  365.353942][ T7840] EXT4-fs (loop2): mounted filesystem without journal. Opts: stripe=0x0000000004000005,,errors=continue. Quota mode: none.
[  365.477096][ T7847] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  365.512919][ T7847] device syzkaller0 entered promiscuous mode
[  365.535003][ T4424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.546611][ T4424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.585738][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  365.603269][ T7847] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1016'.
[  365.636508][ T7847] tipc: Resetting bearer <eth:syzkaller0>
[  365.678764][ T7846] tipc: Resetting bearer <eth:syzkaller0>
[  365.713862][ T7846] tipc: Disabling bearer <eth:syzkaller0>
[  365.753079][ T4289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.769325][ T4289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.818876][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  366.146262][   T26] audit: type=1800 audit(1773178957.965:7): pid=7840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1014" name="file1" dev="loop2" ino=15 res=0 errno=0
[  366.193538][   T26] audit: type=1800 audit(1773178957.984:8): pid=7848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1014" name="file1" dev="loop2" ino=15 res=0 errno=0
[  366.362637][ T7858] loop0: detected capacity change from 0 to 256
[  366.432018][ T7858] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  366.460205][ T7860] loop2: detected capacity change from 0 to 1024
[  366.552824][ T7860] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  366.652441][   T26] audit: type=1800 audit(1773178958.433:9): pid=7860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1020" name="file1" dev="loop2" ino=15 res=0 errno=0
[  366.690439][   T13] Process accounting resumed
[  366.713565][   T13] FAT-fs (loop0): error, corrupted file size (i_pos 196, 16779264)
[  366.735605][ T7868] EXT4-fs (loop2): shut down requested (0)
[  366.746313][   T13] FAT-fs (loop0): Filesystem has been set read-only
[  366.863558][ T7860] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3885: comm syz.2.1020: Allocating blocks 497-513 which overlap fs metadata
[  366.949496][ T7860] EXT4-fs (loop2): pa ffff88807499be00: logic 256, phys. 385, len 8
[  366.958169][ T7860] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1
[  367.523417][ T7882] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  367.552027][   T26] audit: type=1326 audit(1773178959.275:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  367.576291][   T26] audit: type=1326 audit(1773178959.285:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  367.600391][   T26] audit: type=1326 audit(1773178959.285:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  367.623227][   T26] audit: type=1326 audit(1773178959.285:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  367.729124][   T26] audit: type=1326 audit(1773178959.285:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  367.818617][ T7896] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1033'.
[  367.840170][ T7896] device geneve2 entered promiscuous mode
[  367.972221][   T26] audit: type=1326 audit(1773178959.294:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  368.011531][   T26] audit: type=1326 audit(1773178959.294:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7881 comm="syz.0.1026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154c4c7799 code=0x7ffc0000
[  368.193922][ T7326] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  368.610679][ T7326] usb 6-1: Using ep0 maxpacket: 32
[  369.445006][ T7326] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  369.453169][ T7326] usb 6-1: config 0 has no interface number 0
[  369.459642][ T7326] usb 6-1: config 0 interface 12 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  369.471871][ T7326] usb 6-1: config 0 interface 12 has no altsetting 0
[  369.732887][ T7326] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  369.953451][ T7326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.071256][ T7326] usb 6-1: Product: syz
[  370.075809][ T7326] usb 6-1: Manufacturer: syz
[  370.080581][ T7326] usb 6-1: SerialNumber: syz
[  370.091842][ T7326] usb 6-1: config 0 descriptor??
[  370.793799][ T7326] f81534 6-1:0.12: required endpoints missing
[  371.160109][ T7952] overlayfs: failed to resolve './file1': -2
[  371.191711][ T7326] usb 6-1: USB disconnect, device number 2
[  371.247498][ T7955] loop5: detected capacity change from 0 to 512
[  371.375478][ T7955] EXT4-fs warning (device loop5): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  371.414472][ T7955] EXT4-fs warning (device loop5): dx_probe:881: Enable large directory feature to access it
[  371.470094][ T7955] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.1054: Corrupt directory, running e2fsck is recommended
[  371.533492][ T7955] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117
[  371.548089][ T7955] EXT4-fs error (device loop5): ext4_iget_extra_inode:4566: inode #15: comm syz.5.1054: corrupted in-inode xattr
[  371.566946][ T7955] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1054: couldn't read orphan inode 15 (err -117)
[  371.580093][ T7955] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,auto_da_alloc=0x0000000000000004,jqfmt=vfsold,nolazytime,grpjquota=.nouid32,resuid=0x0000000000000000,barrier=0x0000000000001000,grpid,,,errors=continue. Quota mode: writeback.
[  372.462579][ T7960] loop5: detected capacity change from 0 to 8192
[  372.520287][ T7960] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  373.451784][ T4231] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  374.188779][ T4231] usb 2-1: Using ep0 maxpacket: 32
[  374.941799][ T4231] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  374.950799][ T4231] usb 2-1: config 0 has no interface number 0
[  374.957165][ T4231] usb 2-1: config 0 interface 12 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  374.975626][ T4231] usb 2-1: config 0 interface 12 has no altsetting 0
[  375.210056][ T4231] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  375.221094][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.236466][ T4231] usb 2-1: Product: syz
[  375.249281][ T4231] usb 2-1: Manufacturer: syz
[  375.258488][ T4231] usb 2-1: SerialNumber: syz
[  375.294279][ T4231] usb 2-1: config 0 descriptor??
[  375.498424][ T4231] f81534 2-1:0.12: required endpoints missing
[  375.538977][ T8001] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  376.784947][ T8019] overlayfs: failed to resolve './file1': -2
[  381.488278][ T8049] netlink: 'syz.0.1084': attribute type 12 has an invalid length.
[  382.439085][ T4231] usb 2-1: USB disconnect, device number 7
[  382.459047][ T8054] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1086'.
[  382.468047][ T8054] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1086'.
[  383.882465][ T8056] overlayfs: failed to resolve './file1': -2
[  386.311602][ T8074] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  389.690751][ T8123] overlayfs: failed to clone upperpath
[  390.315382][ T8125] netlink: 'syz.5.1104': attribute type 12 has an invalid length.
[  392.007336][ T8134] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  392.030047][ T8134] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  394.823684][   T21] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  395.112146][   T21] usb 6-1: Using ep0 maxpacket: 32
[  395.230998][ T8156] Cannot find add_set index 65532 as target
[  395.270493][   T21] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  395.289551][   T21] usb 6-1: config 0 has no interface number 0
[  395.302723][   T21] usb 6-1: config 0 interface 12 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  395.368550][   T21] usb 6-1: config 0 interface 12 has no altsetting 0
[  395.405235][ T8165] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1115'.
[  395.414840][ T8165] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1115'.
[  395.657838][ T8168] overlayfs: failed to resolve './file0': -2
[  395.992967][   T21] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  396.502144][   T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.522741][   T21] usb 6-1: Product: syz
[  396.531913][   T21] usb 6-1: Manufacturer: syz
[  396.542727][   T21] usb 6-1: SerialNumber: syz
[  396.719203][ T8175] netlink: 'syz.1.1118': attribute type 12 has an invalid length.
[  397.538471][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  397.584754][   T21] usb 6-1: config 0 descriptor??
[  397.612758][   T21] usb 6-1: can't set config #0, error -71
[  397.688483][   T21] usb 6-1: USB disconnect, device number 3
[  397.891261][ T8185] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  398.787468][ T8185] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  400.435908][ T8208] overlayfs: failed to clone upperpath
[  401.268194][ T8211] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1129'.
[  404.231336][ T8250] device syzkaller0 entered promiscuous mode
[  404.685910][ T8262] Cannot find add_set index 65532 as target
[  404.726114][ T8254] Cannot find add_set index 65532 as target
[  406.703008][ T4230] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  408.623481][ T4230] usb 3-1: Using ep0 maxpacket: 32
[  408.742303][ T4230] usb 3-1: device descriptor read/all, error -71
[  410.513138][ T8296] Cannot find add_set index 65532 as target
[  413.232175][ T8323] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1151'.
[  416.682480][ T8344] Cannot find add_set index 65532 as target
[  420.969158][ T8360] Cannot find add_set index 65532 as target
[  421.728813][   T21] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  422.628742][   T21] usb 6-1: Using ep0 maxpacket: 32
[  422.767889][   T21] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  422.886445][   T21] usb 6-1: config 0 has no interface number 0
[  422.896144][   T21] usb 6-1: config 0 interface 12 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  422.917360][   T21] usb 6-1: config 0 interface 12 has no altsetting 0
[  423.205786][   T21] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  423.226540][   T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.248588][   T21] usb 6-1: Product: syz
[  423.252826][   T21] usb 6-1: Manufacturer: syz
[  423.257430][   T21] usb 6-1: SerialNumber: syz
[  423.307200][   T21] usb 6-1: config 0 descriptor??
[  423.356392][   T21] f81534 6-1:0.12: required endpoints missing
[  425.487455][ T8407] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1182'.
[  426.798810][ T8419] Cannot find add_set index 65532 as target
[  430.073082][ T8426] Cannot find add_set index 65532 as target
[  430.082120][ T4232] usb 6-1: USB disconnect, device number 4
[  434.403968][ T8469] Cannot find add_set index 65532 as target
[  437.393462][ T4267] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  438.917082][ T4267] usb 2-1: Using ep0 maxpacket: 32
[  438.923226][ T8499] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1197'.
[  440.062301][ T4267] usb 2-1: unable to read config index 0 descriptor/all
[  440.109784][ T4267] usb 2-1: can't read configurations, error -71
[  440.447701][ T8512] Cannot find add_set index 65532 as target
[  441.084827][ T8497] Cannot find add_set index 65532 as target
[  446.347468][ T8543] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1217'.
[  447.875787][ T8557] Cannot find add_set index 65532 as target
[  448.769615][ T8564] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1224'.
[  449.899412][ T4230] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  450.868645][ T8572] Cannot find add_set index 65532 as target
[  450.992602][ T4230] usb 6-1: Using ep0 maxpacket: 32
[  451.203775][ T4230] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  451.222851][ T4230] usb 6-1: config 0 has no interface number 0
[  451.287919][ T4230] usb 6-1: config 0 interface 12 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  451.306848][ T4230] usb 6-1: config 0 interface 12 has no altsetting 0
[  452.455370][ T4230] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  452.474797][ T4230] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.515450][ T4230] usb 6-1: Product: syz
[  452.526283][ T4230] usb 6-1: Manufacturer: syz
[  452.538906][ T4230] usb 6-1: SerialNumber: syz
[  452.554606][ T4230] usb 6-1: config 0 descriptor??
[  453.064533][ T4230] f81534 6-1:0.12: required endpoints missing
[  453.083315][ T4230] usb 6-1: USB disconnect, device number 5
[  454.836421][ T8609] Cannot find add_set index 65532 as target
[  455.954074][ T8619] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1231'.
[  460.064589][ T8624] Cannot find add_set index 65532 as target
[  462.311297][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  462.331333][ T8663] Cannot find add_set index 65532 as target
[  463.323990][ T8672] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1250'.
[  470.776412][ T8706] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1261'.
[  470.785635][ T8706] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1261'.
[  472.039677][ T8720] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1263'.
[  474.494897][ T8730] Cannot find add_set index 65532 as target
[  475.935219][ T8738] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1267'.
[  476.913994][ T8740] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  477.530799][ T8760] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1273'.
[  477.539829][ T8760] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1273'.
[  478.659537][ T8770] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1276'.
[  479.710426][ T8776] Cannot find add_set index 65532 as target
[  482.516804][ T8785] netlink: 'syz.1.1279': attribute type 12 has an invalid length.
[  486.043874][ T8813] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1287'.
[  486.872681][ T8817] netlink: 'syz.2.1290': attribute type 12 has an invalid length.
[  487.408781][ T4230] Bluetooth: hci0: command 0x0406 tx timeout
[  487.412036][ T8822] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  488.305181][ T8823] chnl_net:caif_netlink_parms(): no params data found
[  488.581043][ T8823] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.588849][ T8823] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.598732][ T8823] device bridge_slave_0 entered promiscuous mode
[  488.740301][ T8823] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.749959][ T8823] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.759340][ T8823] device bridge_slave_1 entered promiscuous mode
[  488.884220][ T8823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.901278][ T8823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.970378][ T8823] team0: Port device team_slave_0 added
[  488.986433][ T8823] team0: Port device team_slave_1 added
[  489.042400][ T8823] batman_adv: batadv0: Adding interface: batadv_slave_0
[  489.049556][ T8823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.101539][ T8823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  489.162040][ T8823] batman_adv: batadv0: Adding interface: batadv_slave_1
[  489.186323][ T8823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.594375][ T8823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  490.423917][ T4229] Bluetooth: hci5: command 0x0409 tx timeout
[  490.579350][ T8823] device hsr_slave_0 entered promiscuous mode
[  490.586773][ T8861] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1300'.
[  490.601376][ T8823] device hsr_slave_1 entered promiscuous mode
[  490.626039][ T8823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  490.662031][ T8823] Cannot create hsr debugfs directory
[  490.783538][ T5011] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.955857][ T5011] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.110100][ T5011] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.253623][ T5011] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  492.391721][ T8823] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  492.571782][ T8823] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  492.633182][ T4229] Bluetooth: hci5: command 0x041b tx timeout
[  493.044601][ T8823] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  493.382093][ T8823] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  493.602116][ T8823] 8021q: adding VLAN 0 to HW filter on device bond0
[  493.782733][ T8823] 8021q: adding VLAN 0 to HW filter on device team0
[  495.351474][ T4173] Bluetooth: hci5: command 0x040f tx timeout
[  495.494802][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  496.343809][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  496.352550][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  496.364617][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  496.883728][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.890852][ T4295] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.958759][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  496.977227][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  496.992117][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.999313][ T4295] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.081209][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  497.202815][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  497.297006][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  497.393056][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  497.402735][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  497.429098][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  497.439050][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  497.467494][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  497.578346][ T4271] Bluetooth: hci5: command 0x0419 tx timeout
[  498.121479][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  498.149039][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  498.296252][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  498.321950][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  498.441019][ T8823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  498.957683][ T8936] device geneve2 entered promiscuous mode
[  499.064339][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  499.170425][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  499.188659][ T8823] 8021q: adding VLAN 0 to HW filter on device batadv0
[  499.965067][ T4232] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  500.252305][ T4232] usb 5-1: device descriptor read/64, error -71
[  500.658193][ T4232] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  500.784815][ T5011] device hsr_slave_0 left promiscuous mode
[  500.861190][ T4232] usb 5-1: device descriptor read/64, error -71
[  500.892296][ T5011] device hsr_slave_1 left promiscuous mode
[  501.074637][ T4232] usb usb5-port1: attempt power cycle
[  501.779288][ T5011] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  501.822367][ T5011] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.898964][ T5011] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  501.924772][ T5011] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.959968][ T5011] device bridge_slave_1 left promiscuous mode
[  501.974771][ T5011] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.996795][ T5011] device bridge_slave_0 left promiscuous mode
[  502.003562][ T5011] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.064594][ T5011] device veth1_macvtap left promiscuous mode
[  502.080153][ T5011] device veth0_macvtap left promiscuous mode
[  502.094768][ T5011] device veth1_vlan left promiscuous mode
[  502.101434][ T5011] device veth0_vlan left promiscuous mode
[  502.253414][ T5011] bond1 (unregistering): Released all slaves
[  502.293486][ T4232] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  502.369744][ T5011] team0 (unregistering): Port device team_slave_1 removed
[  502.387875][ T5011] team0 (unregistering): Port device team_slave_0 removed
[  502.389486][ T4232] usb 5-1: device descriptor read/8, error -71
[  502.403923][ T5011] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  502.417245][ T5011] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  502.937143][ T5011] bond0 (unregistering): Released all slaves
[  503.730063][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  503.741208][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  503.809752][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  503.824930][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  503.841357][ T8823] device veth0_vlan entered promiscuous mode
[  503.855808][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  503.876311][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  503.895259][ T8823] device veth1_vlan entered promiscuous mode
[  503.990669][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  504.017759][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  504.043057][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  504.063204][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  504.098366][ T8823] device veth0_macvtap entered promiscuous mode
[  504.138506][ T8823] device veth1_macvtap entered promiscuous mode
[  504.216330][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.268707][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.296513][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.320245][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.334316][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.357188][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.385192][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.404548][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.431888][ T8823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  504.462810][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  504.476264][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  504.529984][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  504.554582][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  504.576039][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.611105][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.632513][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.653988][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.666396][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.679576][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.689743][ T8823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.707339][ T8823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.727412][ T8823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  504.759242][ T9031] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  504.782350][ T9031] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  504.828426][ T9031] syz.1.1332 (9031) used greatest stack depth: 20528 bytes left
[  504.836811][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  504.861198][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  505.026097][ T9040] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1340'.
[  506.232356][ T8823] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  506.261520][ T8823] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  506.299362][ T8823] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  506.313817][ T9048] loop2: detected capacity change from 0 to 2048
[  506.316871][ T8823] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  506.477490][ T9048] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,,errors=continue. Quota mode: none.
[  506.526587][ T4977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  506.534428][ T4977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  506.676886][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  506.678455][ T4977] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  506.684826][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  506.796971][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  507.798720][ T9080] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1286'.
[  507.808588][ T9080] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1286'.
[  508.027721][ T9082] loop2: detected capacity change from 0 to 1024
[  508.100571][ T9082] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (23577!=28264)
[  508.145855][ T9082] EXT4-fs (loop2): group descriptors corrupted!
[  508.443485][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1353'.
[  509.779593][ T9093] loop2: detected capacity change from 0 to 1764
[  510.182005][ T9093] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  510.368732][ T9093] ISOFS: unable to read i-node block
[  510.374469][ T9093] isofs_fill_super: get root inode failed
[  510.625781][ T9101] device syzkaller0 entered promiscuous mode
[  511.788342][ T9132] loop6: detected capacity change from 0 to 512
[  511.856506][ T9140] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  511.908682][ T9132] EXT4-fs (loop6): Ignoring removed nobh option
[  511.983334][ T9132] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  512.008040][ T9140] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  512.826927][ T9132] EXT4-fs (loop6): 1 truncate cleaned up
[  512.848624][ T9132] EXT4-fs (loop6): mounted filesystem without journal. Opts: init_itable,nobh,nodiscard,,errors=continue. Quota mode: none.
[  513.167815][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1368'.
[  513.791272][ T4231] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  514.004969][ T4231] usb 5-1: device descriptor read/64, error -71
[  514.259201][ T9176] device syzkaller0 entered promiscuous mode
[  514.304240][ T4231] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  514.518040][ T4231] usb 5-1: device descriptor read/64, error -71
[  514.647139][ T4231] usb usb5-port1: attempt power cycle
[  515.094967][ T4231] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  515.800530][ T4231] usb 5-1: device descriptor read/8, error -71
[  516.128492][ T4231] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  516.259900][ T4231] usb 5-1: device descriptor read/8, error -71
[  516.409535][ T4231] usb usb5-port1: unable to enumerate USB device
[  516.725307][ T9221] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1382'.
[  517.694208][ T9232] device syzkaller0 entered promiscuous mode
[  518.803195][ T7326] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  519.049232][ T7326] usb 7-1: device descriptor read/64, error -71
[  519.359431][ T7326] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  520.484030][ T7326] usb 7-1: device descriptor read/64, error -71
[  521.840416][ T7326] usb usb7-port1: attempt power cycle
[  522.454958][ T9292] device syzkaller0 entered promiscuous mode
[  522.642085][ T9309] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1406'.
[  522.660827][ T9309] device wg1 entered promiscuous mode
[  522.695331][ T9309] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1406'.
[  524.626985][ T4231] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  524.879246][ T4231] usb 3-1: device descriptor read/64, error -71
[  525.172070][ T4231] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  525.620848][ T4231] usb 3-1: device descriptor read/64, error -71
[  525.815473][ T4231] usb usb3-port1: attempt power cycle
[  526.377720][ T4231] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  527.071597][ T9404] loop1: detected capacity change from 0 to 512
[  527.180979][ T4231] usb 3-1: device descriptor read/8, error -71
[  527.808555][ T9404] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1429: inode has both inline data and extents flags
[  527.952112][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  528.372266][ T9404] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1429: couldn't read orphan inode 15 (err -117)
[  528.388908][ T9426] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1434'.
[  528.417519][ T9425] device syzkaller0 entered promiscuous mode
[  528.452111][ T9404] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  529.986550][ T9446] loop2: detected capacity change from 0 to 512
[  530.268845][ T9446] EXT4-fs (loop2): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback.
[  530.416330][ T9446] ext4 filesystem being mounted at /283/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  531.011538][ T9453] loop1: detected capacity change from 0 to 8192
[  532.054172][ T4229] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  532.116827][ T9476] loop2: detected capacity change from 0 to 512
[  532.953048][ T4229] usb 5-1: device descriptor read/64, error -71
[  532.966001][ T9476] EXT4-fs (loop2): inline encryption not supported
[  533.316025][ T9476] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1450: bad orphan inode 15
[  533.396344][ T9476] ext4_test_bit(bit=14, block=5) = 0
[  533.416176][ T9476] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,stripe=0x0000000000000001,inlinecrypt,grpid,journal_ioprio=0x0000000000000002,journal_ioprio=0x0000000000000003,nolazytime,noload,,errors=continue. Quota mode: none.
[  533.529388][ T4229] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  533.661323][ T9476] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 7987 vs 220 free clusters
[  533.735068][ T9476] EXT4-fs error (device loop2): ext4_free_inode:355: comm syz.2.1450: bit already cleared for inode 13
[  533.742284][ T4229] usb 5-1: device descriptor read/64, error -71
[  533.869251][ T9496] EXT4-fs error (device loop2): __ext4_new_inode:1076: comm syz.2.1450: reserved inode found cleared - inode=1
[  533.883350][ T4229] usb usb5-port1: attempt power cycle
[  536.503415][ T9538] loop4: detected capacity change from 0 to 512
[  536.583178][ T9538] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  536.664047][ T9538] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  539.080848][ T9589] loop6: detected capacity change from 0 to 1024
[  539.121586][ T9589] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  539.303036][ T9589] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000004,nodelalloc,errors=remount-ro,noauto_da_alloc,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00. Quota mode: none.
[  540.319374][ T9625] Cannot find add_set index 65532 as target
[  541.098419][ T9635] loop1: detected capacity change from 0 to 1024
[  541.177560][ T9638] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1491'.
[  541.186651][ T9638] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1491'.
[  541.561854][ T9635] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 2: comm syz.1.1463: lblock 2 mapped to illegal pblock 2 (length 1)
[  541.697132][ T9635] __quota_error: 1 callbacks suppressed
[  541.697237][ T9635] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  542.588117][ T9635] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 48: comm syz.1.1463: lblock 0 mapped to illegal pblock 48 (length 1)
[  542.608545][ T9635] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  542.619047][ T9635] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.1463: Failed to acquire dquot type 0
[  542.630760][ T9635] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  542.649348][ T9635] EXT4-fs error (device loop1): ext4_evict_inode:282: inode #11: comm syz.1.1463: mark_inode_dirty error
[  542.750474][ T9635] EXT4-fs warning (device loop1): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  542.792013][ T9635] EXT4-fs (loop1): 1 orphan inode deleted
[  542.827764][ T9635] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x0000000000000007,nodiscard,stripe=0x0000000000000004,noauto_da_alloc,,errors=continue. Quota mode: none.
[  542.832283][ T9652] device syzkaller0 entered promiscuous mode
[  542.877937][ T4305] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  542.966789][ T4305] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  543.125973][ T4305] EXT4-fs error (device loop1): ext4_release_dquot:6270: comm kworker/u4:10: Failed to release dquot type 0
[  544.092942][ T9679] Cannot find add_set index 65532 as target
[  544.647619][ T4185] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1 in block_group 0
[  544.693793][ T4185] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  544.736230][ T4185] EXT4-fs error (device loop1): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error
[  544.857676][ T9689] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1503'.
[  544.866936][ T9689] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1503'.
[  548.437268][ T9728] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1515'.
[  548.446400][ T9728] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1515'.
[  548.722500][ T9722] device syzkaller0 entered promiscuous mode
[  549.174928][ T9752] loop6: detected capacity change from 0 to 512
[  549.313661][ T9752] EXT4-fs (loop6): Ignoring removed bh option
[  549.338234][ T9752] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  549.439146][ T9752] EXT4-fs (loop6): Unrecognized mount option "=" or missing value
[  551.082391][ T9780] autofs4:pid:9780:autofs_fill_super: called with bogus options
[  551.317966][ T9795] loop1: detected capacity change from 0 to 1024
[  551.356225][ T9795] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  551.424011][ T9795] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  551.449622][ T9795] EXT4-fs error (device loop1): ext4_get_journal_inode:5185: inode #5: comm syz.1.1530: unexpected bad inode w/o EXT4_IGET_BAD
[  551.478098][ T9795] EXT4-fs (loop1): no journal found
[  551.487091][ T9795] EXT4-fs (loop1): can't get journal size
[  551.513228][ T9795] EXT4-fs (loop1): failed to initialize system zone (-117)
[  551.531549][ T9795] EXT4-fs (loop1): mount failed
[  552.653777][ T9828] loop6: detected capacity change from 0 to 128
[  552.834427][ T9828] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  552.849864][ T9828] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  555.576510][ T9845] netlink: 'syz.1.1540': attribute type 12 has an invalid length.
[  555.700698][ T9849] device syzkaller0 entered promiscuous mode
[  555.741589][ T9856] autofs4:pid:9856:autofs_fill_super: called with bogus options
[  556.173949][ T9864] loop6: detected capacity change from 0 to 512
[  556.964231][ T9864] FAT-fs (loop6): IO charset utf�Ѿ¹Éh$Û‚‰œ#wî•w9Á‹C=Yæ’³�t¤•áÁEÅ’&y3‹_òÀ©„@¥rRh¢BÀ&5dùˆÓÁxpOêø¤ß�‚upˆ‚êš@HÆäX¡ð[ƒòæ›–[ò²â°î7VGø†¥1‰˜ yª{´îþvŽìX±œõªñ)P1uô&-÷@=õ6 not found
[  558.275420][ T9866] device syzkaller0 entered promiscuous mode
[  560.296608][ T9921] netlink: 'syz.4.1555': attribute type 12 has an invalid length.
[  561.107159][ T9928] Cannot find add_set index 65532 as target
[  562.566365][ T9960] loop2: detected capacity change from 0 to 8192
[  562.666941][ T9960]  loop2: p1 p3 p4
[  562.666941][ T9960]  p1: <minix: p5 >
[  562.692192][ T9960] loop2: p1 size 3942842368 extends beyond EOD, truncated
[  562.725153][ T9960] loop2: p3 start 1073741840 is beyond EOD, truncated
[  562.745066][ T9960] loop2: p5 size 3942842368 extends beyond EOD, truncated
[  563.010448][ T5577] udevd[5577]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  563.016825][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory
[  563.024498][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  563.040868][ T9979] loop4: detected capacity change from 0 to 164
[  563.863439][T10001] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  563.873507][T10001] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  564.675840][ T9981] loop2: detected capacity change from 0 to 128
[  564.877009][T10017] netlink: 'syz.1.1579': attribute type 12 has an invalid length.
[  564.903293][T10017] netlink: 'syz.1.1579': attribute type 29 has an invalid length.
[  564.930470][T10017] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1579'.
[  564.945447][ T6657] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  564.954208][T10017] netlink: 'syz.1.1579': attribute type 2 has an invalid length.
[  564.970888][T10017] netlink: 'syz.1.1579': attribute type 3 has an invalid length.
[  564.987083][T10017] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1579'.
[  565.288809][ T6657] usb 5-1: device descriptor read/64, error -71
[  565.575954][ T6657] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  565.671739][T10035] capability: warning: `syz.6.1586' uses deprecated v2 capabilities in a way that may be insecure
[  565.704091][T10029] loop_set_status: loop7 () has still dirty pages (nrpages=1440)
[  565.789815][ T6657] usb 5-1: device descriptor read/64, error -71
[  565.947531][ T6657] usb usb5-port1: attempt power cycle
[  566.409714][ T6657] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  566.516926][ T6657] usb 5-1: device descriptor read/8, error -71
[  566.819245][T10046] netlink: 'syz.0.1590': attribute type 12 has an invalid length.
[  567.446773][ T6657] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  567.585102][ T6657] usb 5-1: device descriptor read/8, error -71
[  567.725743][ T6657] usb usb5-port1: unable to enumerate USB device
[  567.894285][T10065] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1599'.
[  568.011849][T10069] team0: No ports can be present during mode change
[  568.142652][T10072] netlink: 'syz.1.1602': attribute type 12 has an invalid length.
[  569.733140][T10100] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1612'.
[  570.520525][T10108] netlink: 'syz.1.1603': attribute type 6 has an invalid length.
[  570.571650][T10108] netlink: 14585 bytes leftover after parsing attributes in process `syz.1.1603'.
[  570.738758][T10112] netlink: 'syz.4.1614': attribute type 12 has an invalid length.
[  572.546585][T10135] device syzkaller0 entered promiscuous mode
[  573.580642][T10155] loop1: detected capacity change from 0 to 736
[  573.887303][T10168] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1635'.
[  574.038068][T10170] device syzkaller0 entered promiscuous mode
[  574.398696][T10175] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1638'.
[  574.433569][T10175] unsupported nlmsg_type 40
[  574.474542][T10175] loop2: detected capacity change from 0 to 136
[  574.609608][T10175] Attempt to read inode for relocated directory
[  574.671014][T10175] netlink: 42503 bytes leftover after parsing attributes in process `syz.2.1638'.
[  575.155642][T10193] autofs4:pid:10193:autofs_fill_super: called with bogus options
[  575.178562][T10195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  575.194847][T10195] device batadv_slave_0 entered promiscuous mode
[  575.365454][T10200] device syzkaller0 entered promiscuous mode
[  579.039620][T10235] loop2: detected capacity change from 0 to 512
[  579.477469][T10235] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2807: Unable to expand inode 17. Delete some EAs or run e2fsck.
[  579.502431][T10249] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  579.512325][T10249] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  579.635128][T10235] EXT4-fs (loop2): 1 truncate cleaned up
[  579.697477][T10235] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  580.216806][T10253] loop6: detected capacity change from 0 to 512
[  580.322075][T10259] device syzkaller0 entered promiscuous mode
[  580.882581][T10253] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,journal_ioprio=0x0000000000000000,quota,,errors=continue. Quota mode: writeback.
[  581.111296][T10253] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  581.303343][T10270] autofs4:pid:10270:autofs_fill_super: called with bogus options
[  581.320124][T10271] loop2: detected capacity change from 0 to 256
[  584.564235][T10318] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  584.574704][T10318] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  587.397422][T10331] loop8: detected capacity change from 0 to 7
[  587.450361][ T4174] Dev loop8: unable to read RDB block 7
[  587.456006][ T4174]  loop8: AHDI p1 p2 p3
[  587.460188][ T4174] loop8: partition table partially beyond EOD, truncated
[  587.486750][ T4174] loop8: p1 start 1601398130 is beyond EOD, truncated
[  587.507961][ T4174] loop8: p2 start 1702059890 is beyond EOD, truncated
[  587.549319][T10331] Dev loop8: unable to read RDB block 7
[  587.567825][T10331]  loop8: AHDI p1 p2 p3
[  587.621931][T10331] loop8: partition table partially beyond EOD, truncated
[  587.640032][T10331] loop8: p1 start 1601398130 is beyond EOD, truncated
[  587.647019][T10331] loop8: p2 start 1702059890 is beyond EOD, truncated
[  587.723536][T10336] device syzkaller0 entered promiscuous mode
[  588.567919][T10347] loop4: detected capacity change from 0 to 1024
[  588.602974][T10345] loop6: detected capacity change from 0 to 1024
[  588.704245][T10347] EXT4-fs (loop4): inline encryption not supported
[  588.722468][T10347] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  588.759008][T10345] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  588.810462][T10347] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,user_xattr,noauto_da_alloc,errors=remount-ro,. Quota mode: writeback.
[  588.855167][T10345] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000004,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000346,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none.
[  588.955447][T10355] overlayfs: failed to clone upperpath
[  589.251583][   T26] audit: type=1800 audit(1773187358.744:18): pid=10345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1695" name="file1" dev="loop6" ino=15 res=0 errno=0
[  589.325414][T10347] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  589.427932][T10347] EXT4-fs (loop4): re-mounted. Opts: . Quota mode: writeback.
[  590.198111][T10356] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1698'.
[  590.207563][T10356] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1698'.
[  591.422250][T10385] device syzkaller0 entered promiscuous mode
[  591.449499][T10387] device syzkaller0 entered promiscuous mode
[  591.981041][    T7] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  592.401510][    T7] usb 7-1: config 2 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  592.426799][    T7] usb 7-1: config 2 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  592.458866][    T7] usb 7-1: config 2 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  592.492316][    T7] usb 7-1: config 2 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  592.515411][ T4275] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  592.519287][    T7] usb 7-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  592.583531][    T7] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.633525][T10391] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  592.803967][ T4275] usb 2-1: Using ep0 maxpacket: 8
[  592.873126][T10391] udc-core: couldn't find an available UDC or it's busy
[  592.921624][ T4271] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  592.996878][T10391] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  593.178509][ T4275] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  593.212246][ T4275] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.279865][ T4275] usb 2-1: Product: syz
[  593.347135][ T4275] usb 2-1: Manufacturer: syz
[  593.390792][ T4275] usb 2-1: SerialNumber: syz
[  593.553691][T10403] overlayfs: failed to clone upperpath
[  593.831404][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  593.877219][ T4275] usb 2-1: config 0 descriptor??
[  593.947850][    T7] usbhid 7-1:2.0: can't add hid device: -71
[  593.953865][    T7] usbhid: probe of 7-1:2.0 failed with error -71
[  593.961058][ T4275] gspca_main: se401-2.14.0 probing 047d:5003
[  593.980476][T10407] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1716'.
[  594.007163][    T7] usb 7-1: USB disconnect, device number 5
[  594.211821][T10411] Cannot find add_set index 65532 as target
[  594.816748][T10393] udc-core: couldn't find an available UDC or it's busy
[  594.825687][T10393] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  594.855733][ T4271] usb 5-1: config 0 has an invalid interface number: 68 but max is 0
[  594.863967][ T4271] usb 5-1: config 0 has no interface number 0
[  595.005663][T10414] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  595.016072][T10414] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  595.112410][ T4275] gspca_se401: ExtraFeatures: 4
[  595.117512][ T4275] gspca_se401: Frame size: 64x513 bayer
[  595.133463][    T7] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  595.749938][ T4271] usb 5-1: config 0 interface 68 has no altsetting 0
[  595.771461][ T4275] gspca_se401: Frame size: 259x521 bayer
[  595.808092][ T4275] gspca_se401: Frame size: 96x1537 bayer
[  595.838874][ T4271] usb 5-1: string descriptor 0 read error: -71
[  595.845164][ T4271] usb 5-1: New USB device found, idVendor=2304, idProduct=020f, bcdDevice=68.d3
[  595.860184][ T4271] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.869932][ T4271] usb 5-1: config 0 descriptor??
[  595.881045][ T4275] gspca_se401: Frame size: 1824x1033 bayer
[  595.908449][T10422] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  595.917118][ T4275] gspca_se401: Frame size: 0x256 bayer
[  595.917114][ T4271] usb 5-1: can't set config #0, error -71
[  595.918241][ T4271] usb 5-1: USB disconnect, device number 20
[  596.627970][ T4275] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7
[  596.800513][ T4275] usb 2-1: USB disconnect, device number 10
[  596.869098][T10422] device syzkaller0 entered promiscuous mode
[  597.309956][T10437] ieee802154 phy1 wpan1: encryption failed: -22
[  598.459781][T10450] Cannot find add_set index 65532 as target
[  600.262786][ T4275] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  600.538476][T10454] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  600.593654][T10454] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  600.604849][ T4275] usb 3-1: Using ep0 maxpacket: 32
[  601.374272][ T4275] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  601.385828][ T4275] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  601.399774][ T4275] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  601.408964][ T4275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.424700][ T4275] usb 3-1: config 0 descriptor??
[  601.481937][ T4275] hub 3-1:0.0: bad descriptor, ignoring hub
[  601.487961][ T4275] hub: probe of 3-1:0.0 failed with error -5
[  601.494030][ T9704] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  601.509076][ T4275] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  601.719498][ T4275] usb 3-1: USB disconnect, device number 15
[  601.962075][ T9704] usb 2-1: unable to get BOS descriptor or descriptor too short
[  602.080292][ T9704] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[  602.113356][ T9704] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7
[  602.379511][ T9704] usb 2-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice= 0.40
[  602.403465][ T9704] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.449327][ T9704] usb 2-1: Product: syz
[  602.479328][ T9704] usb 2-1: Manufacturer: syz
[  602.538843][ T9704] usb 2-1: SerialNumber: syz
[  602.540033][    T7] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  602.723243][T10475] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1737'.
[  602.987800][ T4231] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  603.042380][ T9704] usb 2-1: Can't get UAC3 power state for id 10
[  603.149065][ T9704] usb 2-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4
[  603.174231][ T9704] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2)
[  603.265636][ T4231] usb 3-1: Using ep0 maxpacket: 16
[  603.416317][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.485944][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  603.508221][ T4231] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  603.526128][ T4231] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  603.541279][ T4231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.572805][ T9704] usb 2-1: USB disconnect, device number 11
[  603.575819][    T7] usb 7-1: config index 0 descriptor too short (expected 2066, got 18)
[  603.588407][ T4231] usb 3-1: config 0 descriptor??
[  603.658346][T10483] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  603.729803][T10483] device syzkaller0 entered promiscuous mode
[  603.778662][    T7] usb 7-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=f8.53
[  603.787863][    T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.796199][    T7] usb 7-1: Product: syz
[  603.801120][    T7] usb 7-1: Manufacturer: syz
[  603.805740][    T7] usb 7-1: SerialNumber: syz
[  603.821441][    T7] usb 7-1: config 0 descriptor??
[  603.911987][T10473] udc-core: couldn't find an available UDC or it's busy
[  603.929633][T10473] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  604.090936][T10492] Cannot find add_set index 65532 as target
[  604.731414][ T4906] udevd[4906]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  604.778831][ T9704] usb 7-1: USB disconnect, device number 7
[  604.796944][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  604.868679][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  604.893521][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  605.953184][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.082028][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.115386][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.172258][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.186719][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.197058][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.207652][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  606.493126][ T4231] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input8
[  607.055598][ T4231] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  607.146465][ T4231] usb 3-1: USB disconnect, device number 16
[  607.183092][T10505] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  607.222759][T10505] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  607.326278][ T9704] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  607.604156][ T4231] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  608.170481][ T9704] usb 5-1: device descriptor read/all, error -71
[  608.338891][T10523] fido_id[10523]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  608.943466][ T4275] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  609.074458][T10539] Cannot find add_set index 65532 as target
[  609.228484][ T4275] usb 2-1: Using ep0 maxpacket: 8
[  609.367965][ T4275] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  609.506320][ T4275] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  609.520569][ T4275] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  609.533853][ T4275] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  609.548140][ T4275] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  609.661596][ T4275] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  609.706113][ T4275] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.741896][ T4231] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  609.767519][ T4231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.806418][ T4231] usb 3-1: Product: syz
[  609.999218][ T4271] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  610.020216][T10529] udc-core: couldn't find an available UDC or it's busy
[  610.033570][T10529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.033634][ T4275] usb 2-1: usb_control_msg returned -32
[  610.046888][ T4231] usb 3-1: Manufacturer: syz
[  610.051592][ T4275] usbtmc 2-1:16.0: can't read capabilities
[  610.074187][T10529] udc-core: couldn't find an available UDC or it's busy
[  610.081199][T10529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.086951][ T4231] usb 3-1: config 0 descriptor??
[  610.147384][ T4231] usb 3-1: can't set config #0, error -71
[  610.155723][T10529] udc-core: couldn't find an available UDC or it's busy
[  610.180794][ T4231] usb 3-1: USB disconnect, device number 17
[  610.186690][T10529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.188203][T10529] udc-core: couldn't find an available UDC or it's busy
[  610.234531][T10529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.478727][ T4271] usb 7-1: unable to get BOS descriptor or descriptor too short
[  610.515210][T10529] udc-core: couldn't find an available UDC or it's busy
[  610.524556][T10529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.532237][ T4271] usb 7-1: not running at top speed; connect to a high speed hub
[  610.537498][ T6657] usb 2-1: USB disconnect, device number 12
[  610.617571][ T4271] usb 7-1: config 4 has an invalid interface number: 194 but max is 0
[  610.628177][ T4275] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  610.634221][ T4271] usb 7-1: config 4 has no interface number 0
[  610.655687][ T4271] usb 7-1: config 4 interface 194 has no altsetting 0
[  610.670970][ T4231] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  610.831482][ T4271] usb 7-1: New USB device found, idVendor=0f11, idProduct=1032, bcdDevice=89.ba
[  610.863354][ T4271] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.894908][ T4271] usb 7-1: Product: syz
[  610.899563][ T4271] usb 7-1: Manufacturer: syz
[  610.904173][ T4271] usb 7-1: SerialNumber: syz
[  610.959603][ T4231] usb 3-1: Using ep0 maxpacket: 32
[  611.055796][ T4275] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959
[  611.085160][ T4275] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  611.103039][ T4275] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  611.130872][ T4231] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  611.519399][ T4231] usb 3-1: config 0 has no interface number 0
[  611.645844][ T4275] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  611.686991][ T4275] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.732710][ T4275] usb 5-1: Product: syz
[  611.738291][ T4275] usb 5-1: Manufacturer: syz
[  611.744753][ T4275] usb 5-1: SerialNumber: syz
[  611.769952][ T4271] ldusb 7-1:4.194: Interrupt in endpoint not found
[  611.887003][ T4231] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  611.899197][ T4275] usb 5-1: config 0 descriptor??
[  611.904391][ T4231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.928461][ T4231] usb 3-1: Product: syz
[  611.933099][T10551] raw-gadget.7 gadget: fail, usb_ep_enable returned -22
[  611.937325][ T4271] usb 7-1: USB disconnect, device number 8
[  611.942033][ T4231] usb 3-1: Manufacturer: syz
[  612.113338][ T4231] usb 3-1: SerialNumber: syz
[  612.160856][ T4231] usb 3-1: config 0 descriptor??
[  612.811442][ T4231] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  612.818495][    T7] usb 5-1: USB disconnect, device number 23
[  612.990557][ T4231] usb 3-1: qt2_attach - failed to power on unit: -71
[  612.997739][ T4231] quatech2: probe of 3-1:0.51 failed with error -71
[  613.189823][ T4231] usb 3-1: USB disconnect, device number 18
[  613.198588][T10565] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  613.661276][T10565] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  614.031572][T10584] Cannot find add_set index 65532 as target
[  615.298314][   T23] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  615.319537][ T4231] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  615.608034][ T4231] usb 2-1: Using ep0 maxpacket: 8
[  615.811280][   T23] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  615.827749][   T23] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.861496][   T23] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  615.904231][   T23] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  616.004639][ T4231] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  616.035394][   T23] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  616.044545][   T23] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  616.052746][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.060838][ T4231] usb 2-1: Product: syz
[  616.064992][ T4231] usb 2-1: Manufacturer: syz
[  616.088693][   T23] usb 7-1: Manufacturer: syz
[  616.094141][ T4231] usb 2-1: SerialNumber: syz
[  616.256382][ T4231] usb 2-1: config 0 descriptor??
[  616.262341][   T23] usb 7-1: config 0 descriptor??
[  616.634105][ T4231] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  617.067277][T10611] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1776'.
[  617.107914][T10611] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1776'.
[  617.227746][   T23] appleir 0003:05AC:8243.0002: unknown main item tag 0x0
[  617.242120][   T23] appleir 0003:05AC:8243.0002: No inputs registered, leaving
[  617.277660][   T23] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  617.474686][    T7] usb 7-1: USB disconnect, device number 9
[  617.498161][T10619] fido_id[10619]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  618.632292][ T4231] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  618.657090][ T4231] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick)
[  618.670581][ T4231] usb 2-1: media controller created
[  618.695386][ T4231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  618.939646][ T4231] i2c i2c-1: Added multiplexed i2c bus 2
[  618.987148][ T4231] rtl2832 1-0010: Realtek RTL2832 successfully attached
[  619.081142][ T4231] usb 2-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2832 (DVB-T))...
[  619.225614][ T4231] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2832 (DVB-T)' registered.
[  619.605808][ T4231] DVB: Unable to find symbol fc0012_attach()
[  619.903866][ T4229] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  620.288451][ T4229] usb 5-1: Using ep0 maxpacket: 32
[  620.416858][ T4229] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.426033][ T4231] usb 2-1: USB disconnect, device number 13
[  620.464857][ T4229] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.485544][ T4229] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  620.511570][ T4229] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.553705][ T4229] usb 5-1: config 0 descriptor??
[  620.620845][ T4229] hub 5-1:0.0: USB hub found
[  620.639406][T10665] overlayfs: statfs failed on './file0'
[  620.855091][ T4229] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  621.533842][ T4229] hid-generic 0003:046D:C31C.0003: unknown main item tag 0x0
[  621.663510][ T4229] hid-generic 0003:046D:C31C.0003: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0
[  621.859356][ T4231] usb 7-1: new low-speed USB device number 10 using dummy_hcd
[  622.210059][T10681] chnl_net:caif_netlink_parms(): no params data found
[  622.223379][T10639] usb 5-1: reset high-speed USB device number 24 using dummy_hcd
[  622.299221][T10681] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.322493][T10681] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.330024][ T4231] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  622.334498][T10681] device bridge_slave_0 entered promiscuous mode
[  622.338548][ T4231] usb 7-1: config 0 has no interface number 0
[  622.351073][ T4231] usb 7-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  622.358655][T10681] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.362313][ T4231] usb 7-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0
[  622.362343][ T4231] usb 7-1: config 0 interface 1 has no altsetting 0
[  622.362376][ T4231] usb 7-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  622.362399][ T4231] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.392111][ T4231] usb 7-1: config 0 descriptor??
[  622.413149][T10681] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.424805][T10681] device bridge_slave_1 entered promiscuous mode
[  622.456279][T10689] device syzkaller0 entered promiscuous mode
[  622.473881][T10681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  622.509523][T10681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.541414][T10681] team0: Port device team_slave_0 added
[  622.549313][T10681] team0: Port device team_slave_1 added
[  622.591512][T10681] batman_adv: batadv0: Adding interface: batadv_slave_0
[  622.599164][T10681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.625665][T10681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  622.640271][T10681] batman_adv: batadv0: Adding interface: batadv_slave_1
[  622.779516][T10681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.867884][   T23] usb 5-1: USB disconnect, device number 24
[  622.904308][T10639] usbhid 5-1:0.0: reset_resume error -19
[  623.058356][T10681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  623.227303][ T4231] input: HID 2179:0053 Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:2179:0053.0004/input/input9
[  623.275294][ T4229] Bluetooth: hci5: command 0x0406 tx timeout
[  623.345708][T10681] device hsr_slave_0 entered promiscuous mode
[  623.354604][T10681] device hsr_slave_1 entered promiscuous mode
[  623.361759][T10681] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  623.372071][T10681] Cannot create hsr debugfs directory
[  623.380585][ T4231] uclogic 0003:2179:0053.0004: input,hidraw1: USB HID v0.00 Device [HID 2179:0053] on usb-dummy_hcd.6-1/input1
[  623.440301][ T4231] usb 7-1: USB disconnect, device number 10
[  623.591548][T10702] fido_id[10702]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  623.658546][T10681] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  623.667717][T10681] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  623.676707][T10681] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  623.687741][   T23] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  623.688308][T10681] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  623.751168][T10681] 8021q: adding VLAN 0 to HW filter on device bond0
[  623.764662][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  623.773921][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  623.784821][T10681] 8021q: adding VLAN 0 to HW filter on device team0
[  623.795612][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  623.806969][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  623.815784][  T744] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.822889][  T744] bridge0: port 1(bridge_slave_0) entered forwarding state
[  623.832835][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  623.842971][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  623.856408][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  623.874373][    T7] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  623.880902][  T744] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.889105][  T744] bridge0: port 2(bridge_slave_1) entered forwarding state
[  623.907746][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  623.917118][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  623.931403][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  623.941029][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  623.951592][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  623.962186][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  623.964843][   T23] usb 5-1: Using ep0 maxpacket: 32
[  623.977313][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  623.990923][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  624.006265][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  624.019621][T10681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  624.114286][   T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.144651][   T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.198144][   T23] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  624.248236][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.300353][   T23] usb 5-1: config 0 descriptor??
[  624.361011][   T23] hub 5-1:0.0: USB hub found
[  624.368927][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  624.393693][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  624.442116][T10681] 8021q: adding VLAN 0 to HW filter on device batadv0
[  624.488256][   T23] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  624.536801][ T4229] Bluetooth: hci0: command 0x0409 tx timeout
[  624.562854][    T7] usb 2-1: Using ep0 maxpacket: 8
[  624.703815][   T23] usbhid 5-1:0.0: can't add hid device: -71
[  624.709807][   T23] usbhid: probe of 5-1:0.0 failed with error -71
[  624.717268][    T7] usb 2-1: config index 0 descriptor too short (expected 5924, got 36)
[  624.736657][    T7] usb 2-1: config 250 has an invalid interface number: 228 but max is -1
[  624.758530][    T7] usb 2-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  624.787296][    T7] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0
[  624.805997][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  624.807462][    T7] usb 2-1: config 250 has no interface number 0
[  624.827242][    T7] usb 2-1: config 250 interface 228 has no altsetting 0
[  624.827716][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  624.872258][T10681] device veth0_vlan entered promiscuous mode
[  624.899028][T10681] device veth1_vlan entered promiscuous mode
[  624.910195][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  624.923822][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  624.941373][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  624.952751][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  624.961005][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  624.969510][    T7] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  624.988044][    T7] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  624.992393][   T23] usb 5-1: USB disconnect, device number 25
[  624.998055][    T7] usb 2-1: Product: syz
[  625.021007][T10681] device veth0_macvtap entered promiscuous mode
[  625.061515][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  625.074165][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  625.085467][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  625.102278][T10681] device veth1_macvtap entered promiscuous mode
[  625.116762][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  625.141950][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  625.190876][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  625.229470][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.246837][ T4231] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  625.272664][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  625.297689][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.324556][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  625.342171][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.353922][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  625.371775][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.375945][    T7] usb 2-1: SerialNumber: syz
[  625.384903][T10681] batman_adv: batadv0: Interface activated: batadv_slave_0
[  625.400535][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  625.419969][  T744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  625.440078][    T7] hub 2-1:250.228: bad descriptor, ignoring hub
[  625.440269][   T23] usb 5-1: new low-speed USB device number 26 using dummy_hcd
[  625.446361][    T7] hub: probe of 2-1:250.228 failed with error -5
[  625.462471][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.472987][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.485749][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.497939][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.535283][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.546825][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.556776][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.567400][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.577346][T10681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.588013][T10681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.610233][T10681] batman_adv: batadv0: Interface activated: batadv_slave_1
[  625.623198][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  625.647366][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  625.682298][T10681] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  625.691548][T10681] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  625.701939][ T4231] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  625.751744][ T4231] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  625.801110][T10681] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  625.867230][   T23] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  625.897154][T10681] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  625.913724][   T23] usb 5-1: config 0 has no interface number 0
[  625.968692][   T23] usb 5-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  626.028104][ T4231] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  626.073198][ T4231] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  626.143315][   T23] usb 5-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0
[  626.206934][ T4231] usb 7-1: SerialNumber: syz
[  626.250518][   T23] usb 5-1: config 0 interface 1 has no altsetting 0
[  626.293397][   T23] usb 5-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  626.330210][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.340877][   T23] usb 5-1: config 0 descriptor??
[  626.415109][ T4243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.434363][ T4243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.446592][ T8639] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  626.465708][ T8639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.473617][ T8639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.481862][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  626.586886][ T4231] usb 7-1: 0:2 : does not exist
[  626.627609][ T4231] usb 7-1: USB disconnect, device number 11
[  626.765141][ T4173] Bluetooth: hci0: command 0x041b tx timeout
[  626.781195][ T6657] usb 2-1: reset high-speed USB device number 14 using dummy_hcd
[  627.277728][   T23] uclogic 0003:2179:0053.0005: pen parameters not found
[  627.336015][   T23] uclogic 0003:2179:0053.0005: interface is invalid, ignoring
[  627.577432][   T23] usb 5-1: USB disconnect, device number 26
[  627.619071][ T6657] usb 2-1: failed to restore interface 228 altsetting 255 (error=-71)
[  627.700605][ T6657] usb 2-1: USB disconnect, device number 14
[  629.196805][ T4173] Bluetooth: hci0: command 0x040f tx timeout
[  629.566782][T10795] wireguard: wg2: Could not create IPv4 socket
[  630.280485][T10813] overlayfs: failed to clone upperpath
[  630.290937][ T4173] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  630.301316][ T4275] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  630.384879][T10813] fuse: Bad value for 'fd'
[  630.579561][ T4173] usb 7-1: Using ep0 maxpacket: 16
[  630.750549][ T4173] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 11
[  630.778626][ T4173] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  630.852233][ T4173] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  630.920785][ T4173] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  630.972053][ T4173] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  631.027021][ T4173] usb 7-1: config 1 interface 0 has no altsetting 0
[  631.061877][ T4173] usb 7-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  631.109060][ T4173] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.210700][ T4173] ums-sddr09 7-1:1.0: USB Mass Storage device detected
[  631.380653][ T4230] Bluetooth: hci0: command 0x0419 tx timeout
[  631.389619][T10822] overlayfs: missing 'workdir'
[  631.454907][ T4173] scsi host1: usb-storage 7-1:1.0
[  631.520443][T10829] input: syz0 as /devices/virtual/input/input10
[  631.562430][ T4275] usb 8-1: Using ep0 maxpacket: 32
[  631.652948][ T4173] usb 7-1: USB disconnect, device number 12
[  631.711921][ T4275] usb 8-1: config 0 has an invalid interface number: 196 but max is 0
[  631.720300][ T4275] usb 8-1: config 0 has no interface number 0
[  631.735152][ T4275] usb 8-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  631.896364][ T4275] usb 8-1: config 0 interface 196 has no altsetting 0
[  631.965784][T10847] overlayfs: failed to clone upperpath
[  632.105701][ T4275] usb 8-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  632.918432][ T4275] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.927075][ T4275] usb 8-1: Product: syz
[  632.934567][ T4275] usb 8-1: Manufacturer: syz
[  632.939205][ T4275] usb 8-1: SerialNumber: syz
[  632.949060][ T4275] usb 8-1: config 0 descriptor??
[  632.983419][ T4275] usb 8-1: can't set config #0, error -71
[  632.994172][ T4275] usb 8-1: USB disconnect, device number 2
[  633.162449][T10874] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  633.558868][T10889] overlayfs: missing 'lowerdir'
[  634.477513][ T4173] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  634.661365][ T4230] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  634.672428][T10934] device syzkaller0 entered promiscuous mode
[  634.736062][ T4173] usb 2-1: Using ep0 maxpacket: 16
[  634.865564][ T4173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.877053][ T4173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.895792][ T4173] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  634.909271][ T4173] usb 2-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00
[  634.918894][ T4173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.929707][ T4173] usb 2-1: config 0 descriptor??
[  634.939105][ T4230] usb 7-1: Using ep0 maxpacket: 32
[  635.287750][T10946] netlink: 37 bytes leftover after parsing attributes in process `syz.0.1886'.
[  635.473311][ T4230] usb 7-1: config 8 has an invalid interface number: 77 but max is 0
[  635.485977][ T4230] usb 7-1: config 8 has an invalid descriptor of length 1, skipping remainder of the config
[  635.501790][ T4230] usb 7-1: config 8 has no interface number 0
[  635.508071][ T4230] usb 7-1: config 8 interface 77 has no altsetting 0
[  635.677087][ T4230] usb 7-1: New USB device found, idVendor=470c, idProduct=8062, bcdDevice=95.49
[  635.686177][ T4230] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.708288][ T4230] usb 7-1: Product: syz
[  635.712496][ T4230] usb 7-1: Manufacturer: syz
[  635.717094][ T4230] usb 7-1: SerialNumber: syz
[  635.742590][ T4173] usb 2-1: string descriptor 0 read error: -71
[  635.762049][ T4173] uclogic 0003:5543:0045.0006: failed retrieving string descriptor #200: -71
[  635.771002][ T4173] uclogic 0003:5543:0045.0006: failed retrieving pen parameters: -71
[  635.790088][ T4173] uclogic 0003:5543:0045.0006: failed probing pen v2 parameters: -71
[  635.804182][ T4173] uclogic 0003:5543:0045.0006: failed probing parameters: -71
[  635.812324][ T4173] uclogic: probe of 0003:5543:0045.0006 failed with error -71
[  635.823815][ T4173] usb 2-1: USB disconnect, device number 16
[  636.041177][T10954] overlayfs: missing 'lowerdir'
[  636.082130][ T4230] usb 7-1: USB disconnect, device number 13
[  636.413560][T10961] overlayfs: failed to clone upperpath
[  636.892985][T10970] device syzkaller0 entered promiscuous mode
[  636.969484][ T4230] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  637.118989][    T7] Bluetooth: hci3: command 0x1003 tx timeout
[  637.126458][ T4200] Bluetooth: hci3: sending frame failed (-49)
[  637.354089][ T4230] usb 7-1: Using ep0 maxpacket: 16
[  637.728712][ T4230] usb 7-1: config 1 has an invalid interface number: 105 but max is 0
[  637.737027][ T4230] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  637.748065][ T4230] usb 7-1: config 1 has no interface number 0
[  637.754847][ T4230] usb 7-1: config 1 interface 105 altsetting 2 endpoint 0x3 has invalid wMaxPacketSize 0
[  637.765725][ T4230] usb 7-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  637.779494][ T4230] usb 7-1: config 1 interface 105 has no altsetting 0
[  638.112337][ T4230] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  638.136459][ T4230] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  638.175235][ T4230] usb 7-1: Product: syz
[  638.195921][ T4230] usb 7-1: Manufacturer: syz
[  638.218413][ T4230] usb 7-1: SerialNumber: syz
[  638.530318][ T4230] aqc111: probe of 7-1:1.105 failed with error -22
[  638.533259][T10994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1905'.
[  638.888798][   T23] usb 7-1: USB disconnect, device number 14
[  639.331121][ T4267] Bluetooth: hci3: command 0x1001 tx timeout
[  639.337252][ T4200] Bluetooth: hci3: sending frame failed (-49)
[  640.581441][ T4230] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  640.597634][ T6657] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  640.858993][ T6657] usb 2-1: Using ep0 maxpacket: 16
[  640.990997][ T6657] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  641.005373][ T6657] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  641.019641][ T4230] usb 5-1: config 0 has no interfaces?
[  641.025182][ T4230] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  641.034861][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.054021][ T4230] usb 5-1: config 0 descriptor??
[  641.182954][ T6657] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  641.209762][ T6657] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.235097][ T6657] usb 2-1: Product: syz
[  641.681460][ T6657] usb 2-1: Manufacturer: syz
[  641.686354][ T6657] usb 2-1: SerialNumber: syz
[  641.723038][   T23] usb 5-1: USB disconnect, device number 27
[  642.298697][    T7] Bluetooth: hci3: command 0x1009 tx timeout
[  642.309781][   T26] audit: type=1800 audit(1773187408.398:19): pid=11062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1921" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  642.310116][T11062] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  642.340246][T11062] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  642.349840][T11062] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  642.387353][ T6657] usb 2-1: 0:2 : does not exist
[  642.434148][ T6657] usb 2-1: USB disconnect, device number 17
[  642.729241][ T4174] udevd[4174]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  643.794436][ T4230] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  643.802569][    T7] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  644.236431][ T4230] usb 7-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[  644.247088][    T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  644.317514][ T4230] usb 7-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  644.334539][    T7] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  644.489021][ T4230] usb 7-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  644.556689][    T7] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  644.575994][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  644.589064][    T7] usb 2-1: SerialNumber: syz
[  644.626177][ T4230] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  644.668447][ T4230] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  644.687174][ T4230] usb 7-1: SerialNumber: syz
[  645.514490][ T4230] rndis_wlan 7-1:253.0: skipping garbage
[  645.522247][ T4230] usb 7-1: bad CDC descriptors
[  645.533263][ T4230] rndis_host 7-1:253.0: skipping garbage
[  645.538958][ T4230] usb 7-1: bad CDC descriptors
[  645.554728][ T4230] usb 7-1: USB disconnect, device number 15
[  645.589041][    T7] usb 2-1: USB disconnect, device number 18
[  646.236044][T11164] device syzkaller0 entered promiscuous mode
[  647.266474][T11182] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1952'.
[  647.495498][T11192] kvm: emulating exchange as write
[  647.559192][ T4275] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  647.652446][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1958'.
[  647.949276][T11214] device syzkaller0 entered promiscuous mode
[  648.008991][ T4275] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  648.020219][ T4275] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  648.031266][ T4275] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  648.040739][ T4275] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.159271][ T4275] usb 7-1: config 0 descriptor??
[  648.984236][ T4275] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x2
[  649.028329][ T4275] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0
[  649.063215][ T4275] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0
[  649.097154][ T4275] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0
[  649.140172][ T4275] pyra 0003:1E7D:2CF6.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.6-1/input0
[  649.386620][ T4229] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  649.450787][ T4275] pyra 0003:1E7D:2CF6.0007: couldn't init struct pyra_device
[  649.460606][ T4275] pyra 0003:1E7D:2CF6.0007: couldn't install mouse
[  649.478764][ T4275] pyra: probe of 0003:1E7D:2CF6.0007 failed with error -71
[  649.524361][ T4275] usb 7-1: USB disconnect, device number 16
[  649.646703][T11250] fido_id[11250]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  649.771352][ T4229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.782342][ T4229] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  649.791383][ T4229] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.810875][ T4229] usb 2-1: config 0 descriptor??
[  650.190289][T11268] syz.6.1980 (11268) used greatest stack depth: 17168 bytes left
[  650.956579][ T4229] usbhid 2-1:0.0: can't add hid device: -71
[  650.962688][ T4229] usbhid: probe of 2-1:0.0 failed with error -71
[  650.976931][ T4229] usb 2-1: USB disconnect, device number 19
[  651.258797][ T4275] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  651.288715][ T4274] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  651.406083][ T4229] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  651.609277][ T4275] usb 7-1: Using ep0 maxpacket: 32
[  651.609408][ T4274] usb 8-1: Using ep0 maxpacket: 8
[  651.780792][ T4274] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  651.801707][ T4275] usb 7-1: unable to get BOS descriptor or descriptor too short
[  651.930154][ T4274] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  651.947308][ T4274] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  651.956034][ T4275] usb 7-1: config 15 has an invalid interface number: 241 but max is 0
[  652.084343][ T4275] usb 7-1: config 15 has no interface number 0
[  652.100164][ T4274] usb 8-1: SerialNumber: syz
[  652.108979][ T4275] usb 7-1: config 15 interface 241 has no altsetting 0
[  652.172302][ T4274] usb 8-1: bad CDC descriptors
[  652.300577][ T4229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  652.304025][ T4275] usb 7-1: New USB device found, idVendor=0fce, idProduct=d0e1, bcdDevice= 0.00
[  652.367965][ T4275] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.374727][ T4229] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  652.376156][ T4275] usb 7-1: Product: syz
[  652.400651][ T4275] usb 7-1: Manufacturer: syz
[  652.406061][ T4275] usb 7-1: SerialNumber: syz
[  652.474970][ T4229] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  652.484045][ T4229] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.500513][ T4274] usb 8-1: USB disconnect, device number 3
[  652.516313][ T4229] usb 2-1: config 0 descriptor??
[  652.538998][ T4229] usb 2-1: can't set config #0, error -71
[  652.554772][ T4229] usb 2-1: USB disconnect, device number 20
[  652.807024][ T4275] usb-storage 7-1:15.241: USB Mass Storage device detected
[  652.855912][ T4275] usb-storage 7-1:15.241: device ignored
[  652.919060][ T4275] usb 7-1: USB disconnect, device number 17
[  653.095075][ T4274] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  653.131548][T11314] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  653.152518][T11314] tipc: Resetting bearer <eth:syzkaller0>
[  653.161884][T11312] tipc: Disabling bearer <eth:syzkaller0>
[  653.543943][ T4274] usb 8-1: Using ep0 maxpacket: 16
[  654.225230][T11329] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  654.259453][ T4274] usb 8-1: unable to read config index 0 descriptor/all
[  654.275343][T11329] Set syz1 is full, maxelem 6117 reached
[  654.277343][ T4274] usb 8-1: can't read configurations, error -71
[  654.285310][T11329] Set syz1 is full, maxelem 6117 reached
[  654.594869][T11343] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2007'.
[  655.211893][T11349] tipc: Started in network mode
[  655.216804][T11349] tipc: Node identity 56a2c5ec5773, cluster identity 4711
[  655.267885][T11349] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  655.549170][T11349] tipc: Resetting bearer <eth:syzkaller0>
[  655.653277][T11347] tipc: Disabling bearer <eth:syzkaller0>
[  656.740678][T11380] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  656.797168][T11378] device syzkaller0 entered promiscuous mode
[  656.820103][T11373] tipc: Resetting bearer <eth:syzkaller0>
[  656.868741][T11373] tipc: Disabling bearer <eth:syzkaller0>
[  657.344685][T11400] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  657.363629][T11400] tipc: Resetting bearer <eth:syzkaller0>
[  657.403992][T11399] tipc: Disabling bearer <eth:syzkaller0>
[  657.471061][T11405] netlink: 'syz.0.2030': attribute type 8 has an invalid length.
[  657.614970][ T4229] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  657.736355][T11412] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  658.003202][T11418] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  658.399174][ T4229] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  658.410459][ T4229] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.421489][ T4229] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.431281][ T4229] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  658.534113][ T4229] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  658.556050][ T4229] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  658.564167][ T4229] usb 8-1: Manufacturer: syz
[  658.597108][ T4229] usb 8-1: config 0 descriptor??
[  658.799073][T11446] device syzkaller0 entered promiscuous mode
[  659.535406][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  659.586141][ T4229] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  659.613435][ T4229] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  659.647572][ T4229] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0
[  660.007464][ T4229] usb 8-1: USB disconnect, device number 6
[  660.140903][T11473] fido_id[11473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  660.208081][T11457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2046'.
[  660.259848][T11478] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2052'.
[  660.274906][T11478] device syzkaller1 entered promiscuous mode
[  660.683007][ T9704] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  660.797718][T11501] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2057'.
[  660.938670][ T9704] usb 5-1: Using ep0 maxpacket: 32
[  661.010620][T11510] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  661.033107][T11511] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2061'.
[  661.066689][ T9704] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  661.089861][ T9704] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.139398][ T9704] usb 5-1: config 0 has no interface number 0
[  661.164734][ T9704] usb 5-1: config 0 interface 12 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  661.235177][ T9704] usb 5-1: config 0 interface 12 has no altsetting 0
[  661.487426][T11524] netlink: 'syz.7.2067': attribute type 12 has an invalid length.
[  662.477131][ T9704] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  662.503475][ T9704] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.525025][ T9704] usb 5-1: Product: syz
[  662.540690][ T9704] usb 5-1: Manufacturer: syz
[  662.556149][ T9704] usb 5-1: SerialNumber: syz
[  662.581727][ T9704] usb 5-1: config 0 descriptor??
[  662.627774][ T9704] f81534 5-1:0.12: required endpoints missing
[  662.807125][T11533] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  662.861721][ T9704] usb 5-1: USB disconnect, device number 28
[  663.012343][ T4977] wlan1: Trigger new scan to find an IBSS to join
[  663.484851][T11558] netlink: 'syz.0.2079': attribute type 12 has an invalid length.
[  664.303261][T11566] device syzkaller0 entered promiscuous mode
[  664.352628][    T7] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  664.785273][    T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  664.796926][    T7] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  664.806224][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.859990][    T7] usb 5-1: config 0 descriptor??
[  665.255567][    T7] usbhid 5-1:0.0: can't add hid device: -71
[  665.261771][    T7] usbhid: probe of 5-1:0.0 failed with error -71
[  665.316252][    T7] usb 5-1: USB disconnect, device number 29
[  665.414728][T11578] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  665.424635][T11578] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  665.433101][T11578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  665.441305][T11578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  665.853799][    T7] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  666.271122][    T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  666.282358][    T7] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  666.295560][    T7] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  666.304822][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.320205][    T7] usb 5-1: config 0 descriptor??
[  666.476825][T11545] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  667.736622][T11598] netlink: 'syz.1.2090': attribute type 12 has an invalid length.
[  668.217949][ T4289] wlan1: Trigger new scan to find an IBSS to join
[  668.228348][    T7] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  668.239428][    T7] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  668.497334][    T7] usb 5-1: USB disconnect, device number 30
[  668.512784][T11610] 8021q: adding VLAN 0 to HW filter on device bond8
[  668.546513][ T9704] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  668.565907][T11612] bond8: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  668.643718][ T4977] bond8: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  668.656641][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): bond8: link becomes ready
[  668.803073][ T9704] usb 7-1: Using ep0 maxpacket: 32
[  668.835958][ T4246] bond8: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  668.931532][ T9704] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  668.941949][ T9704] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  668.958327][ T9704] usb 7-1: config 0 has no interface number 0
[  668.965822][ T9704] usb 7-1: config 0 interface 12 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  668.982198][ T9704] usb 7-1: config 0 interface 12 has no altsetting 0
[  669.002696][T11624] tipc: Started in network mode
[  669.008059][T11624] tipc: Node identity 2aa619696484, cluster identity 4711
[  669.015437][T11624] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  669.023779][T11624] device syzkaller0 entered promiscuous mode
[  669.053049][T11624] tipc: Resetting bearer <eth:syzkaller0>
[  669.070453][T11623] tipc: Resetting bearer <eth:syzkaller0>
[  669.080439][T11623] tipc: Disabling bearer <eth:syzkaller0>
[  669.161320][ T9704] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  669.173857][ T9704] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.194663][ T9704] usb 7-1: Product: syz
[  669.207370][ T9704] usb 7-1: Manufacturer: syz
[  669.216306][ T9704] usb 7-1: SerialNumber: syz
[  669.372421][ T9704] usb 7-1: config 0 descriptor??
[  669.384540][ T4246] wlan1: Creating new IBSS network, BSSID 62:01:77:e8:5d:e5
[  669.414269][ T9704] f81534 7-1:0.12: required endpoints missing
[  670.161325][ T4267] usb 7-1: USB disconnect, device number 18
[  670.371099][T11657] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2111'.
[  671.054427][T11668] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2113'.
[  671.092440][T11668] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2113'.
[  671.122521][T11668] tipc: Cannot configure node identity twice
[  671.131205][T11668] tipc: Cannot configure node identity twice
[  671.356011][T11677] device bond_slave_0 entered promiscuous mode
[  671.362292][T11677] device bond_slave_1 entered promiscuous mode
[  671.374635][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2117'.
[  671.538848][T11677] device bond_slave_0 left promiscuous mode
[  671.544874][T11677] device bond_slave_1 left promiscuous mode
[  672.116349][T11687] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2120'.
[  672.447115][T11696] overlayfs: failed to clone upperpath
[  672.582223][T11707] device syzkaller0 entered promiscuous mode
[  673.761400][T11710] netlink: 'syz.6.2129': attribute type 12 has an invalid length.
[  675.825965][T11732] device syzkaller0 entered promiscuous mode
[  676.130010][T11749] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2139'.
[  676.518538][T11754] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  676.573590][T11749] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2139'.
[  676.689030][T11775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2144'.
[  677.024804][T11791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2148'.
[  677.825363][T11791] device macvtap1 entered promiscuous mode
[  677.868063][T11791] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  677.952477][T11793] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  677.964679][T11793] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  677.974533][T11793] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  678.247919][T11813] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  678.323643][T11823] xt_hashlimit: size too large, truncated to 1048576
[  678.414038][T11822] device syzkaller0 entered promiscuous mode
[  678.440216][T11820] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  678.539670][T11831] netlink: set zone limit has 8 unknown bytes
[  678.627621][T11808] tipc: Resetting bearer <eth:syzkaller0>
[  678.759229][T11808] tipc: Disabling bearer <eth:syzkaller0>
[  678.921088][T11802] ==================================================================
[  678.929713][T11802] BUG: KASAN: use-after-free in ax25_find_cb+0x175/0x3a0
[  678.936897][T11802] Read of size 8 at addr ffff8881421c0a08 by task syz.7.2151/11802
[  678.944807][T11802] 
[  678.947154][T11802] CPU: 0 PID: 11802 Comm: syz.7.2151 Not tainted syzkaller #0
[  678.954620][T11802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  678.964694][T11802] Call Trace:
[  678.967984][T11802]  <TASK>
[  678.970921][T11802]  dump_stack_lvl+0x188/0x250
[  678.975614][T11802]  ? show_regs_print_info+0x20/0x20
[  678.980832][T11802]  ? _printk+0xda/0x130
[  678.985005][T11802]  ? ax25_find_cb+0x175/0x3a0
[  678.989708][T11802]  ? load_image+0x400/0x400
[  678.994218][T11802]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  678.999699][T11802]  print_address_description+0x60/0x2d0
[  679.005266][T11802]  ? ax25_find_cb+0x175/0x3a0
[  679.009952][T11802]  kasan_report+0xdf/0x130
[  679.014512][T11802]  ? ax25_find_cb+0x175/0x3a0
[  679.019295][T11802]  ax25_find_cb+0x175/0x3a0
[  679.023826][T11802]  rose_transmit_link+0x169/0x730
[  679.028883][T11802]  rose_write_internal+0x680/0x1e90
[  679.034191][T11802]  ? _raw_spin_unlock_irqrestore+0x82/0x120
[  679.040193][T11802]  ? rose_validate_nr+0x120/0x120
[  679.045369][T11802]  ? __timer_delete+0x6c/0x220
[  679.050251][T11802]  ? skb_queue_purge+0x62/0x290
[  679.055140][T11802]  rose_release+0x22a/0x4e0
[  679.059761][T11802]  sock_close+0xd5/0x240
[  679.064096][T11802]  ? sock_mmap+0x90/0x90
[  679.068347][T11802]  __fput+0x234/0x930
[  679.072458][T11802]  task_work_run+0x125/0x1a0
[  679.077135][T11802]  get_signal+0x1222/0x12c0
[  679.081726][T11802]  arch_do_signal_or_restart+0xe7/0x12c0
[  679.087445][T11802]  ? kick_process+0xd4/0x140
[  679.092136][T11802]  ? task_work_add+0x1a7/0x1d0
[  679.096921][T11802]  ? get_sigframe_size+0x10/0x10
[  679.101874][T11802]  ? __sys_connect+0x278/0x450
[  679.106740][T11802]  ? exit_to_user_mode_loop+0x3b/0x130
[  679.112211][T11802]  exit_to_user_mode_loop+0x9e/0x130
[  679.117519][T11802]  exit_to_user_mode_prepare+0xee/0x180
[  679.123178][T11802]  syscall_exit_to_user_mode+0x16/0x40
[  679.128657][T11802]  do_syscall_64+0x58/0xa0
[  679.133084][T11802]  ? clear_bhb_loop+0x30/0x80
[  679.137785][T11802]  ? clear_bhb_loop+0x30/0x80
[  679.142478][T11802]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  679.148512][T11802] RIP: 0033:0x7faf54eef799
[  679.153038][T11802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  679.172856][T11802] RSP: 002b:00007faf53149028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  679.181292][T11802] RAX: fffffffffffffe00 RBX: 00007faf55168fa0 RCX: 00007faf54eef799
[  679.189280][T11802] RDX: 000000000000001c RSI: 0000200000000240 RDI: 000000000000000c
[  679.197262][T11802] RBP: 00007faf54f85c99 R08: 0000000000000000 R09: 0000000000000000
[  679.205254][T11802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  679.213317][T11802] R13: 00007faf55169038 R14: 00007faf55168fa0 R15: 00007fff03fb9068
[  679.221414][T11802]  </TASK>
[  679.224446][T11802] 
[  679.226771][T11802] Allocated by task 11412:
[  679.231195][T11802]  __kasan_kmalloc+0xb5/0xf0
[  679.235891][T11802]  ax25_dev_device_up+0x50/0x580
[  679.240844][T11802]  ax25_device_event+0x483/0x4f0
[  679.245791][T11802]  raw_notifier_call_chain+0xcb/0x160
[  679.251171][T11802]  __dev_notify_flags+0x194/0x300
[  679.256292][T11802]  dev_change_flags+0xe3/0x1a0
[  679.261074][T11802]  dev_ifsioc+0x130/0xd50
[  679.265504][T11802]  dev_ioctl+0x545/0xe30
[  679.269862][T11802]  sock_do_ioctl+0x245/0x320
[  679.274469][T11802]  sock_ioctl+0x4d2/0x710
[  679.278820][T11802]  __se_sys_ioctl+0xfa/0x170
[  679.283505][T11802]  do_syscall_64+0x4c/0xa0
[  679.288048][T11802]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  679.293956][T11802] 
[  679.296284][T11802] Freed by task 11801:
[  679.300349][T11802]  kasan_set_track+0x4b/0x70
[  679.305004][T11802]  kasan_set_free_info+0x1f/0x40
[  679.309955][T11802]  ____kasan_slab_free+0xd5/0x110
[  679.314989][T11802]  slab_free_freelist_hook+0xea/0x170
[  679.320365][T11802]  kfree+0xef/0x2a0
[  679.324175][T11802]  ax25_release+0x661/0x870
[  679.328683][T11802]  sock_close+0xd5/0x240
[  679.332947][T11802]  __fput+0x234/0x930
[  679.336935][T11802]  task_work_run+0x125/0x1a0
[  679.341536][T11802]  exit_to_user_mode_loop+0x10f/0x130
[  679.346970][T11802]  exit_to_user_mode_prepare+0xee/0x180
[  679.352532][T11802]  syscall_exit_to_user_mode+0x16/0x40
[  679.358001][T11802]  do_syscall_64+0x58/0xa0
[  679.362430][T11802]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  679.368338][T11802] 
[  679.370668][T11802] Last potentially related work creation:
[  679.376380][T11802]  kasan_save_stack+0x35/0x60
[  679.381075][T11802]  kasan_record_aux_stack+0xb8/0x100
[  679.386390][T11802]  kvfree_call_rcu+0x105/0x7d0
[  679.391242][T11802]  hash_netportnet6_add+0x2956/0x37b0
[  679.396685][T11802]  hash_netportnet6_uadt+0xb7f/0xf20
[  679.402074][T11802]  call_ad+0x182/0xa00
[  679.406221][T11802]  ip_set_ad+0x816/0x9c0
[  679.410466][T11802]  nfnetlink_rcv_msg+0xbb0/0x11f0
[  679.415589][T11802]  netlink_rcv_skb+0x1f5/0x440
[  679.420405][T11802]  nfnetlink_rcv+0x2b4/0x2460
[  679.425092][T11802]  netlink_unicast+0x774/0x920
[  679.429864][T11802]  netlink_sendmsg+0x8ba/0xbe0
[  679.434638][T11802]  ____sys_sendmsg+0x5b7/0x8f0
[  679.439516][T11802]  ___sys_sendmsg+0x236/0x2e0
[  679.444209][T11802]  __se_sys_sendmsg+0x1af/0x290
[  679.449073][T11802]  do_syscall_64+0x4c/0xa0
[  679.453504][T11802]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  679.459413][T11802] 
[  679.461735][T11802] The buggy address belongs to the object at ffff8881421c0a00
[  679.461735][T11802]  which belongs to the cache kmalloc-192 of size 192
[  679.475792][T11802] The buggy address is located 8 bytes inside of
[  679.475792][T11802]  192-byte region [ffff8881421c0a00, ffff8881421c0ac0)
[  679.488912][T11802] The buggy address belongs to the page:
[  679.494564][T11802] page:ffffea0005087000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1421c0
[  679.504817][T11802] flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff)
[  679.512489][T11802] raw: 057ff00000000200 ffffea0000950800 0000000c0000000a ffff888016c41a00
[  679.521095][T11802] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  679.529698][T11802] page dumped because: kasan: bad access detected
[  679.536214][T11802] page_owner tracks the page as allocated
[  679.541973][T11802] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 3051480258, free_ts 0
[  679.556833][T11802]  get_page_from_freelist+0x1bbd/0x1ca0
[  679.562429][T11802]  __alloc_pages+0x1ee/0x480
[  679.567031][T11802]  alloc_page_interleave+0x24/0x1e0
[  679.572281][T11802]  new_slab+0xc0/0x4b0
[  679.576455][T11802]  ___slab_alloc+0x80a/0xdd0
[  679.581048][T11802]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  679.586427][T11802]  call_usermodehelper_setup+0x8a/0x260
[  679.591983][T11802]  kobject_uevent_env+0x65e/0x890
[  679.597115][T11802]  kset_register+0x188/0x1f0
[  679.601718][T11802]  bus_register+0x21c/0x6c0
[  679.606322][T11802]  mmc_init+0xc/0x70
[  679.610262][T11802]  do_one_initcall+0x272/0x730
[  679.615029][T11802]  do_initcall_level+0x137/0x1f0
[  679.619972][T11802]  do_initcalls+0x4b/0x90
[  679.624298][T11802]  kernel_init_freeable+0x3e9/0x570
[  679.629496][T11802]  kernel_init+0x19/0x1b0
[  679.633818][T11802] page_owner free stack trace missing
[  679.639172][T11802] 
[  679.641480][T11802] Memory state around the buggy address:
[  679.647095][T11802]  ffff8881421c0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  679.655143][T11802]  ffff8881421c0980: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[  679.663289][T11802] >ffff8881421c0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  679.671431][T11802]                       ^
[  679.675787][T11802]  ffff8881421c0a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  679.683933][T11802]  ffff8881421c0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  679.691983][T11802] ==================================================================
[  679.700052][T11802] Disabling lock debugging due to kernel taint
[  679.706351][T11802] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  679.713644][T11802] CPU: 0 PID: 11802 Comm: syz.7.2151 Tainted: G    B             syzkaller #0
[  679.722584][T11802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  679.732647][T11802] Call Trace:
[  679.735927][T11802]  <TASK>
[  679.738866][T11802]  dump_stack_lvl+0x188/0x250
[  679.743819][T11802]  ? show_regs_print_info+0x20/0x20
[  679.749025][T11802]  ? load_image+0x400/0x400
[  679.753543][T11802]  panic+0x2e5/0x810
[  679.757445][T11802]  ? asm_common_interrupt+0x22/0x40
[  679.762651][T11802]  ? bpf_jit_dump+0xd0/0xd0
[  679.767174][T11802]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  679.773070][T11802]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  679.778970][T11802]  ? _raw_spin_unlock+0x40/0x40
[  679.783851][T11802]  ? ax25_find_cb+0x175/0x3a0
[  679.788531][T11802]  check_panic_on_warn+0x80/0xa0
[  679.793668][T11802]  ? ax25_find_cb+0x175/0x3a0
[  679.798353][T11802]  end_report+0x6d/0xf0
[  679.802516][T11802]  kasan_report+0x102/0x130
[  679.807031][T11802]  ? ax25_find_cb+0x175/0x3a0
[  679.811717][T11802]  ax25_find_cb+0x175/0x3a0
[  679.816226][T11802]  rose_transmit_link+0x169/0x730
[  679.821261][T11802]  rose_write_internal+0x680/0x1e90
[  679.826470][T11802]  ? _raw_spin_unlock_irqrestore+0x82/0x120
[  679.832373][T11802]  ? rose_validate_nr+0x120/0x120
[  679.837663][T11802]  ? __timer_delete+0x6c/0x220
[  679.842432][T11802]  ? skb_queue_purge+0x62/0x290
[  679.847295][T11802]  rose_release+0x22a/0x4e0
[  679.851807][T11802]  sock_close+0xd5/0x240
[  679.856054][T11802]  ? sock_mmap+0x90/0x90
[  679.860299][T11802]  __fput+0x234/0x930
[  679.864291][T11802]  task_work_run+0x125/0x1a0
[  679.868892][T11802]  get_signal+0x1222/0x12c0
[  679.873393][T11802]  arch_do_signal_or_restart+0xe7/0x12c0
[  679.879024][T11802]  ? kick_process+0xd4/0x140
[  679.883601][T11802]  ? task_work_add+0x1a7/0x1d0
[  679.888380][T11802]  ? get_sigframe_size+0x10/0x10
[  679.893306][T11802]  ? __sys_connect+0x278/0x450
[  679.898069][T11802]  ? exit_to_user_mode_loop+0x3b/0x130
[  679.903514][T11802]  exit_to_user_mode_loop+0x9e/0x130
[  679.908784][T11802]  exit_to_user_mode_prepare+0xee/0x180
[  679.914316][T11802]  syscall_exit_to_user_mode+0x16/0x40
[  679.919849][T11802]  do_syscall_64+0x58/0xa0
[  679.924251][T11802]  ? clear_bhb_loop+0x30/0x80
[  679.928912][T11802]  ? clear_bhb_loop+0x30/0x80
[  679.933587][T11802]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  679.939466][T11802] RIP: 0033:0x7faf54eef799
[  679.943869][T11802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  679.963461][T11802] RSP: 002b:00007faf53149028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  679.971903][T11802] RAX: fffffffffffffe00 RBX: 00007faf55168fa0 RCX: 00007faf54eef799
[  679.979866][T11802] RDX: 000000000000001c RSI: 0000200000000240 RDI: 000000000000000c
[  679.987835][T11802] RBP: 00007faf54f85c99 R08: 0000000000000000 R09: 0000000000000000
[  679.995799][T11802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  680.003896][T11802] R13: 00007faf55169038 R14: 00007faf55168fa0 R15: 00007fff03fb9068
[  680.011876][T11802]  </TASK>
[  680.015239][T11802] Kernel Offset: disabled
[  680.019645][T11802] Rebooting in 86400 seconds..