last executing test programs:

9m41.234491666s ago: executing program 3 (id=336):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={0x0, r0}, 0x18)

9m40.99416538s ago: executing program 3 (id=341):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x0, 0x96, 0xd1, 0xca}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0xc8080)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x8000)
r1 = socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
setsockopt$sock_int(r1, 0x1, 0x10, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x10000, 0x0)
timer_create(0x3, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x180c081, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp")
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')

9m35.720486055s ago: executing program 3 (id=357):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000080)={0x1, 0x1})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x7, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000100)={0x0, 0x1, 0x36, 0xc1b0})

9m35.482431619s ago: executing program 3 (id=360):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=<r0=>0x0)
ptrace$pokeuser(0x6, r0, 0x401, 0x80000001)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000040)=[@mss, @window={0x3, 0x0, 0x4}, @mss={0x2, 0x1}, @mss={0x2, 0x1}, @window, @timestamp, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
shutdown(r4, 0x1)
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f0000000140)='./file0\x00', 0x810000, &(0x7f0000000280)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c696f636861727365743d69736f383835392d312c646d61736b3d30303030303030303030303033373737373737373737372c696f636861727365743d6b6f69382d72752c696f636861727365743d63703433372c6e616d65636173653d312c6e616d65636173653d312c009a8d4d9016e3d8128333e260a1b926dd0c5f7619710e03ea1ae6521494f87e5737dc0c5bec3f76668140a15258818b6fbc51f9a13940e63c378688559c351287f0e09ef0b7330db20eef797e5004484649e7f5fb64b746683a75b9ed822f5ae34fac"], 0x1, 0x150d, &(0x7f0000000780)="$eJzs3Al0VUXWKOC9q+qEECNeIzIEqmofuGKAIiIiMoiCDCIiIiIiMomIiBEREQERAgIiIiAi8xARGQICIkMMEcM8DzKLGGmkERGRSSaBeiu2/ej+7b/9/9f+j/c6+1urVmrn3F13n+wk99RZ697vuw2v06xuzSZEBP8S/MuXVACIBYBBAHAdAAQAUDGhYkLu8fwSU/+1J2F/rEfSr3YF7Gri/udt3P+8jfuft3H/8zbuf97G/c/buP95G/efsbxs66yi1/PIu4Pv/+dl/Pr/b+RQuYnfrC93Y/f/Rgr3P2/j/udt3P+8jfuft3H/8zbu/7+/Gv/kGPc/b+P+M5aXXe37zzyu7rjav3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4KBQB/nV/tuhhjjDHGGGOMMfbH8fmudgWMMcYYY4wxxhj7n4cgQIKCAGIgH8RCfoiDayAeroUCcB1E4HpIgBugINwIhaAwFIGikAjFoDhoMGCBIIQSUBKicBOUgpshCUpDGSgLDspBMtwC5eFWqAC3QUW4HSrBHVAZqkBVqAZ3QnW4C+6GGlAT7oFaUBvqQF24F+rBfeKvlTWEB6ERPASN4WFoAo9AU3gUmsFj0BwehxbQElpBa2jz23yoD/dDA3jgn+S/Ar3gVegNfSAV+kI/eA36wwAYCK/DIHgDBsObMATegqEwDIbD2zAC3oGR8C6MgtEwBsbCOBgPE2AiTILJkAbvwRR4H6bCBzANpsMMmAnpMAtmw4cwB+bCPPgI5sPHsAAWwiJYDBnwCWTCEsiCT2EpfAbZsAyWwwpYCatgNayBtbAO1sMG2AibYDNsga3wOWyD7bADdsIu2A174AvYC1/CPvgKcuDr/2b+2f+Q3x0BAQUKVKgwBmMwFmMxDuMwHuOxABbACEYwAROwIBbEQlgIi2ARTMRELI7F0aBBQsISWAKjGMVSWAqTMAnLYBl06DAZk7E83ooVsAJWxIpYCSthZayCVbAaVsPqWB3vRqgcQE2shbWwDtbBe/FevA/rY31sgA2wITbERtgIG2NjbIJNsCk2xWbYDJtjc2yBLbAVtsI22AbbYltsh+2wPbbHDtgBO2JHTMEU7ISdsDN2xi7YBbtiV+yG3bA79sAe+Aq+gq/iq9gHa4m+2A/7YX/svy/3j+F1fAMH45v4Jr6FQ3EYDse38W18B0fiGRyFo3EMjsHqYjxOwIlIYjKmYRpOwSk4FafiNJyO03EmpuMsnI2zcQ7Oxbn4Ec7Hj/FjXIgLcTFmYAZm4hLMwixcimcxG5fhclyBK3EVrsQ1uBbX4HrcgOtxE27CLbgFP8fPcTtux524E3fjbvwCv8Av8UscijmYg/txPx7AA3gQD+IhPISH8TAewSN4FI/iMTyGx/EEnsQTeBpP4xk8i+fwHF7AC3gRX0r8tunu0uuGgsilhBIxIkbEilgRJ+JEvIgXBUQBERERkSASREFRUBQShUQRUUQkikRRXBQXRhhBIhQlRAkRFVFRSpQSSSJJlBFlhBNOJItkUV6UFxVEBVFR3C4qiTtEZVFFPOWqiWqiumjv7hY1RE1RU9QStUUdUVfUFfVEPVFf1BcNRAPRUDQUjcRDorHoiwPxEZHbmWZiGDYXw7GFaClaidbiHXxCtBUjsZ14SrQXT4vROAo7irYuRTwnOokJ2Fm8ICbii6KrmIzdxMuiu+gheopXRC/RzvUWfcQ07Cv6iZnYXwwQA8XrYg7WFrkdqyPeEkPFMDFcvC0W4ztipHhXjBKjxRgxVowT48UEMVFMEpNFmnhPTBHvi6niAzFNTBczxEyRLmaJ2eJDMUfMFfPER2K++FgsEAvFIrFYZIhPRKZYIrLEp2Kp+Exki2ViuVghVopVYrVYI9aKdWK92CA2ik1is9gitorPxTaxXewQO8UusVvsEV+IveJLsU98JXLE12K/+JM4IL4RB2MAQHwrDovvxBHxvTgqfhDHxI/iuDghTopT4rT4SZwRZ8U5cV5cED+Li+KSuCy8AIlSSCmVDGSMzCdjZX4ZJ6+R8fJaWUBeJyPyepkgb5AF5Y2ykCwsi8iiMlEWk8WllkZaSTKUJWRJGZU3yVLyZpkkS8sysqx0spxMlrfI8vJWWUHeJivK22UleYesLKvIqrKavFNWl3fJu2UNWVPeI2vJ2rKOrCvvlfXkfbK+vF82kA/IhvJB2Ug+JBvLh2UT+YhsKh+VzeRjsrl8XLaQLWUr2Vq2kU/ItvJJGQsA7eXTsoN8RnaUz8oU+ZzsJJ+XneULsot8UXaVL8lu8mXZXfaQPeUleVl62Vv2kamyr+wnX5P95QA5UL4uB8k35GD5phwi35JD5TA5XL4tR8h35Ej5rhwlR8sxcqwcJ8fLCXKinCQnyzT5npwi35dT5QdympwuZ8iZMl3OkgN/XWnefyH//X+QP+SXZ98it8rP5Ta5Xe6QO+UuuVvukXvkXrlX7pP7ZI7MkfvlfnlAHpAH5UF5SB6Sh+VheUQekUflUXlMHpPH5Ql5Xp6Sp+VP8ow8K8/K8/KCvCAv/vozAIVKKKmUClSMyqdiVX4Vp65R8epaVUBdpyLqepWgblAF1Y2qkCqsiqiiKlEVU8WVVkZZRSpUJVRJFVU3qVLqZpWkSqsyqqxyqpxKVrf8y/m/V18b1Ua1VW1VO9VOtVftVQfVQXVUHVWKSlGdVCfVWXVWXVQX1VV1Vd1UN9VddVc9VU/VS/VSvVVvlapSVT/1muqvBqiB6nU1SL2hBqvBaogaooaqoWq4Gq5GqBFqpBqpRqlRaowao8apcWqCmqAmqUkqTaWpKWqKmqqmqmlqmpqhZqh0la5mq9lqjpqj5ql5ar6arxaoBWqRWqQyVIbKVJkqS2WppWqpylbL1DK1Qq1Qq9QqtUatUevUOrVBbVCb1CaVrbaqrWqb2qZ2qB1ql9ql9qg9aq/aq/apfSpH5aj9ar86oA6og+qgOqQOqcPqsDqijqij6qg6po6p4+q4OqlOqtPqtDqjzqhz6py6oC6oi+qiuqwu5172BSIQgQpUEBPEBLFBbBAXxAXxQXxQICgQRIJIkBAkBAWDG4NCQeGgSFA0SAyKBcUDHZjABhSEQYmgZBANbgpKBTcHSUHpoExQNnBBuSA5uCUoH9waVAhuCyoGtweVgjuCykGVoGpQLbgzqB7cFdwd1AhqBvcEtYLaQZ2gbnBvUC+4L6gf3B80CB4IGgYPBo2Ch4LGwcNBk+CRoGnwaNAseCxoHjwetAhaBq2C1kGbP3R9788UftL11n10qu6r++nXdH89QA/Ur+tB+g09WL+ph+i39FA9TA/Xb+sR+h09Ur+rR+nReoweq8fp8XqCnqgn6ck6Tb+np+j39VT9gZ6mp+sZeqZO17P0bP2hnqPn6nn6Iz1ff6wX6IV6kV6sM/QnOlMv0Vn6U71Uf6az9TK9XK/QK/UqvVqv0Wv1Or1eb9Ab9Sa9WW/RW/XnepvernfonXqX3q336C/0Xv2l3qe/0jn6a71f/0kf0N/og/rP+pD+Vh/W3+kj+nt9VP+gj+kf9XF9Qp/Up/Rp/ZM+o8/qc/q8vqB/1hf1JX1Z+9yL+9yXd6OMMjEmxsSaWBNn4ky8iTcFTAETMRGTYBJMQVPQFDKFTBFTxCSaRFPcFDe5yJApYUqYqImaUqaUSTJJpowpY5xxJtkkm/KmvKlgKpiKpqKpZCqZyqayqWqqmjvNneYuc5epYWqYe8w9prapbeqauqaeqWfqm/qmgWlgGpqGppFpZBqbxqaJaWKamqammWlmmpvmpoVpYVqZVqaNaWPamramnWln2pv2poPpYDqajibFpJhOppPpbDqbLqaL6Wq6mm6mm+luupuepqfpZXqZ3qa3STWppp/pZ/qb/magGWgGmUFmsBlshpghZmz5DTVy9ycjzAgz0ow0o8xoM8aMNePMeDPBTDSTzGSTZtLMFDPFTDVTzTQzzcwwM0y6STezzWwzx8wx88w8M9/MNwvMArPILDIZJsNkmkyTZbLMUrPUZJtss9wsNyvNSrParDZrzVqz3qw3G81Gs9lsNlvNVrPNbDM7zA6zy+wye8wes9fsNfvMPpNjcmJ/3UKZg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWlOmtPmtDljzphz5py5YH42F80lc9l4E2sFxNlrbLy91haw19lYm9/+bVzEFrWJtpgtbrUtZAv/XWystUm2tC1jy1pny9lke8tv4sq2iq1qq9k7bXV7l737N3E9e5+tb++3DewDtq699+/ihvZB28g+Zhvbx20T29I2ta1tM/uYbW4fty1sS9vKtrYd7DO2o33WptjnbCf7/G/iTLvErrXr7Hq7we61X9pz9rw9Yr+3F+zPtrftYwfZN+xg+6YdYt+yQ+2w38Rj7Fg7zo63E+xEO8lO/k08w8606XaWnW0/tHPs3N/EGfYTO99m2QV2oV1kF/8S59aUZT+1S+1nNtsus8vtCrvSrrKr7Zr/XesKu8lutlvsHvuF3Wa32x12p91ld/8S557HPvuVzbFf28P2O3vAfmMP2qP2kP32lzj3/AB+sMfsj/a4PWFP2lP2tP3JnrFnfzn/3HM/ZS/Zy9ZbICRBkhQFFEP5KJbyUxxdQ/F0LRWg6yhC11MC3UAF6UYqRIWpCBWlRCpGxUmTIUtEIZWgkhSlm6gU3UxJVJrKUFlyVI6S6RYqT7dSBbqNKtLtVInuoMpUhapSNbqTqtNddDfVoJp0D9Wi2lSH6tK9VI/uo/p0PzWgB6ghPUiN6CFqTA9TE3qEmtKj1Iweo+b0OLWgltSKWlMbeoLa0pPUjp6i9vQ0daBnqCM9Syn0HHWi56kzvUBd6EXqSi9RN3qZulMP6kmvUC96lXpTH0qlvtSPXqP+NIAG0us0iN6gwfQmDaG3aCgNo+H0No2gd2gkvUujaDSNobE0jsbTBJpIk2gypdF7NIXep6n0AU2j6TSDZlI6zaLZ9CHNobk0jz6i+fQxLaCFtIgWUwZ9Qpm0hLLoU1pKn1E2LaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCt9TttoO+2gnbSLdtMe+oL20pe0j76iHPqa9tOf6AB9Qwfpz3SIvqXD9B0doe/pKP1Ax+hHOk4n6CSdotP0E52hs3SOztMF+pku0iW6TJ4gxFCEMlRhEMaE+cLYMH8YF14TxofXhgXC68JIeH2YEN4QFgxvDAuFhcMiYdEwMSwWFg91aEIbUhiGJcKSYTS8KSwV3hwmhaXDMmHZ0IXlwuTwlrB8eGtYIbwtrBjeHlYK7wgrh1XCxx6oFt4ZVg/vCu8Oa4Q1w3vCWmHtsE5YN7w3rBfeF9YP7w8bhA+EFcIHw0bhQ2Hj8OGwSfhI2DR8NGwWPhY2Dx8PW4Qtw1Zh67BN+ETYNnwybBc+FbYPnw47hM+EHcNnw5TwubBT+PzvHk8N+4b9wtfC10Lv75eLooujGdFPopnRJdGs6KfRpdHPotnRZdHl0RXRldFV0dXRNdG10XXR9dEN0Y3RTdHN0S1R7+vmA4dOOOmUC1yMy+diXX4X565x8e5aV8Bd5yLuepfgbnAF3Y2ukCvsiriiLtEVc8WddsZZRy50JVxJF3U3uVLuZpfkSrsyrqxzrpxLdq1dG9fGtXVPunbuKdfePe2eds+4Z9yz7ln3nOvknned3Quui3vRdXUvuZfcy6676+F6uldcL/eq6+36uFSX6vq5fq6/6+8GuoFukBvkBrvBbogb4oa6oW64G+5GuBFupBvpRrlRbowb48a5cW6Cm+AmuUkuzaW5KW6Km+qmumlumpvhZrh0l+5mu9lujpvj5rl5bn7SfLfALXCL3CKX4TJcpst0WS7LLXVLXbbLdsvdcrfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Da3w+1wu9wut8ftcXvdXrfP7XM5Lsftd/vdAXfAHXR/dofct+6w+84dcd+7o+4Hd8z96I67E+6kO+VOu5/cGXfWnXPn3QX3s7voLrnLzru0yHuRKZH3I1MjH0SmRaZHZkRmRtIjsyKzIx9G5kTmRuZFPorMj3wcWRBZGFkUWRzJiHwSyYwsiWRFPo0sjXwWyY4siyyPrIisjKyKeF9sW+hL+JI+6m/ypfzNPsmX9mV8We98OZ/sb/Hl/a2+gr/NV/S3+0r+Dl/ZV/FV/eO+hW/pW/nWvo1/wrf1T/p2/inf3j/tO/hnfEf/rE/xz/lO/nnf2b/gu/gXfVf/ku/mX/bdfQ/f07/ie/lXfW/fx6f6vr6ff8339wP8QP+6H+Tf8IP9m36If8sP9cP8cP+2H+Hf8SP9u36UH+3H+LF+nB/vJ/iJfpKf7NP8e36Kf99P9R/4aX66n+Fn+nQ/y8/2H/o5fq6f5z/y8/3HfoFf6Bf5xT7Df+Iz/RKf5T/1S/1nPtsv88v9Cr/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vf+63+e1+h9/pd/ndfo//wu/1X/p9/iuf47/2+/2f/AH/jT/o/+wP+W/9Yf+dP+K/90f9D/6Y/9Ef9yf8SX/Kn/Y/+TP+rD/nz/sL/md/0V/yl/+r71mL+R+6jc4YY4wx9v+JtN853vcffE/8OnL1A4Brtxc99LfHJQBsLPSX+QCR2CECAM/16fbIX0etWqmpqb8+NltCUHIhAESu5P9yifZrvAzawzOQAk9B+X9Y3wDR4wL9zvrR2wHi/iYn9i8fc/Af1r/1P1n/iafHZFYKzyX8k/UXAiSVvJKTH67EV9av8J+sX7jt79Sf/5s0gHZ/kxMPV+Ir6yfDk/A8pPzdIxljjDHGGGOMsb8YIKp2odwdMfzz/XmiupKTD67Ev7c/Z4wxxhhjjDHG2NX3Yo+ezz6RkvJUF57whCd/1OSvd8v+X6nn/2Bylf8xMcYYY4wxxv5wVy76r3YljDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZY3vV/4+PErvY5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY1fb/woAAP//xiAyZg==")
chdir(&(0x7f0000000240)='./file0\x00')
syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0)

9m33.781381477s ago: executing program 3 (id=363):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2210886, &(0x7f00000001c0)={[{}, {@dioread_nolock}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/netfilter\x00')
r2 = fanotify_init(0x40, 0x40000)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0xa880, 0x97)
fanotify_mark(r2, 0x1, 0x40001019, r3, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
getdents64(r1, &(0x7f0000000140)=""/48, 0x30)

9m31.370803536s ago: executing program 3 (id=378):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x495, &(0x7f0000000a40)="$eJzs29trHGUYx/HfM8luNttqt22aVil0VVCpWHPo0XjRQwwVekjTRqSoEJtNXJoT2VTaIlq88dYbb0REQUGqaEHEG6+0d/4BCoKgF16I4F54AEGQmX1nZ7LZtkn3kGz7/UC7k3eemXkP+8777s67AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0uGnD/X02mrnAgAANNOJ0yM9fYz/AADcVc7w+R8AAOBuYvL0g0yDI0U7HvxdkjqWn7lwcXRwqPphnRYc2RbE+/9SvX39u/fs3bc/fL358fV2n06ePnMoe2R2em4+VyjkxrOjM/lzs+O5ZZ+h1uMr7QwqIDt9/sL4xEQh27erf9Hui5lfO9Z1Zwb2dR/0wtjRwaGh07GY9sRtX32JG83wk/K0TabfH/7MTkjyVHtd3OK902idQSF2BoUYHRwKCjKVH5tZ8HcOhxXhubI6ybCOmtAWNemS/HxZsj6f2RLydFCm7l+KdlJSW1gPjwVfDN/4wPa6XP62+fl8QdKDaoE2W8M65OknmaY3pDS8+s2KJmuXp4sy/TlQtFPB/cDvT/5t89iz2WdmJmZjscPmelSrjw/NtMbvTSl5OhHc8Ys2stqZQdP5k6W3ZdryySvBvELBvHTDwL4nT/XHZxhbb3EeP3aXmz8uZ0xOuNhhGzbz6l8uAAAAAAAAAFKHefpepuLX2SgxY/Jij4xTKj0Yyq5OFgE0inl6R6ZTI8Xga/j4upS22PqeslZ/9tfY/HemjszOXZrPT768UHV/OnXopcLC/Ni56rvV6d9n2+Ipt1rHUqOEeUrK9PxfH1v5uqX7v1sKEOXmo6eiNTOpyusH75t7S+uZwmdIB85ujW9XzfIKno/61zTztCDT4U3b3FqVtJbUmUpxX8j0x/vbXZyX9DMfnjZTOuNEfirX48d+I9MH/4WxwbIorXOxm6PYXj/WZHrr+OLY9S62K4rt82OHZLr+YvXYLVFsvx/7hkxzv2XD2LQfu8PFdkexu87NTo1Xq0pgpfz+/7NM73VlLewb7aX339L+/2o0FlypPNEN+nyt/T8TS7vi+vVZv///vS3oy0H/96r3/zdl+vTL7S6u1PeSbv/G4P+o/z8n0+R3i2PTLnZTFNu77IptEX77b5fp6JZr5bpx7e9aIGq1ePvfX/nuaFD7b4ylZdx1O+pTdEgqXLp8fmxqKjfPRq0brkavrJX8rJGNHWsjG2yscGOVb0xoCn/8/9yfRX31Y3m+48Z/9zElmln981o0/g9UnqhB4/+mWNqAm40k2qXUwvRcYquUKly6/Hh+emwyN5mb2d2zt2fP7gO9B/YnkuHkLtqqua7uRH77fyvTv+uulj/vLp7/VZ//pytP1KD23xxLSy+ar9RcdLj2vyrTA9evlb+XuNn8P/z+59GHSq/l/tmg9u+KpWXcde+pT9EBAAAAAAAAAAAAAAAAoKUlzNOHMh19ot3C35otZ/3fkh+gNWj9V3csbbxJv1eouVIBoAV48vSuTI+oaK/7Ceul4/FX3NH+DwAA///WsSBT")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0xf0, 0x10, 0x633, 0x0, 0x0, {{@in6=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in6=@private2, {0x327, 0x9, 0x0, 0x4, 0x20000000000000, 0x0, 0x1, 0x7}, {0x0, 0x0, 0x2}, {0x8f, 0x0, 0x8}, 0x70bd29, 0x3502, 0x2, 0x1}}, 0xf0}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\f\x00\x00\x00Q\x00'], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00'}, 0x4e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newtaction={0xfc, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0xe8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x4, 0x8000446, {}, {0x7, 0x0, 0x0, 0x0, 0x3}, 0xfffffffd}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x78, 0x2, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x405}}}], [@TCA_POLICE_RATE64={0xc, 0x8, 0x10000}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x8010}, 0x44830)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

9m31.257416353s ago: executing program 32 (id=378):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x495, &(0x7f0000000a40)="$eJzs29trHGUYx/HfM8luNttqt22aVil0VVCpWHPo0XjRQwwVekjTRqSoEJtNXJoT2VTaIlq88dYbb0REQUGqaEHEG6+0d/4BCoKgF16I4F54AEGQmX1nZ7LZtkn3kGz7/UC7k3eemXkP+8777s67AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0uGnD/X02mrnAgAANNOJ0yM9fYz/AADcVc7w+R8AAOBuYvL0g0yDI0U7HvxdkjqWn7lwcXRwqPphnRYc2RbE+/9SvX39u/fs3bc/fL358fV2n06ePnMoe2R2em4+VyjkxrOjM/lzs+O5ZZ+h1uMr7QwqIDt9/sL4xEQh27erf9Hui5lfO9Z1Zwb2dR/0wtjRwaGh07GY9sRtX32JG83wk/K0TabfH/7MTkjyVHtd3OK902idQSF2BoUYHRwKCjKVH5tZ8HcOhxXhubI6ybCOmtAWNemS/HxZsj6f2RLydFCm7l+KdlJSW1gPjwVfDN/4wPa6XP62+fl8QdKDaoE2W8M65OknmaY3pDS8+s2KJmuXp4sy/TlQtFPB/cDvT/5t89iz2WdmJmZjscPmelSrjw/NtMbvTSl5OhHc8Ys2stqZQdP5k6W3ZdryySvBvELBvHTDwL4nT/XHZxhbb3EeP3aXmz8uZ0xOuNhhGzbz6l8uAAAAAAAAAFKHefpepuLX2SgxY/Jij4xTKj0Yyq5OFgE0inl6R6ZTI8Xga/j4upS22PqeslZ/9tfY/HemjszOXZrPT768UHV/OnXopcLC/Ni56rvV6d9n2+Ipt1rHUqOEeUrK9PxfH1v5uqX7v1sKEOXmo6eiNTOpyusH75t7S+uZwmdIB85ujW9XzfIKno/61zTztCDT4U3b3FqVtJbUmUpxX8j0x/vbXZyX9DMfnjZTOuNEfirX48d+I9MH/4WxwbIorXOxm6PYXj/WZHrr+OLY9S62K4rt82OHZLr+YvXYLVFsvx/7hkxzv2XD2LQfu8PFdkexu87NTo1Xq0pgpfz+/7NM73VlLewb7aX339L+/2o0FlypPNEN+nyt/T8TS7vi+vVZv///vS3oy0H/96r3/zdl+vTL7S6u1PeSbv/G4P+o/z8n0+R3i2PTLnZTFNu77IptEX77b5fp6JZr5bpx7e9aIGq1ePvfX/nuaFD7b4ylZdx1O+pTdEgqXLp8fmxqKjfPRq0brkavrJX8rJGNHWsjG2yscGOVb0xoCn/8/9yfRX31Y3m+48Z/9zElmln981o0/g9UnqhB4/+mWNqAm40k2qXUwvRcYquUKly6/Hh+emwyN5mb2d2zt2fP7gO9B/YnkuHkLtqqua7uRH77fyvTv+uulj/vLp7/VZ//pytP1KD23xxLSy+ar9RcdLj2vyrTA9evlb+XuNn8P/z+59GHSq/l/tmg9u+KpWXcde+pT9EBAAAAAAAAAAAAAAAAoKUlzNOHMh19ot3C35otZ/3fkh+gNWj9V3csbbxJv1eouVIBoAV48vSuTI+oaK/7Ceul4/FX3NH+DwAA///WsSBT")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0xf0, 0x10, 0x633, 0x0, 0x0, {{@in6=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in6=@private2, {0x327, 0x9, 0x0, 0x4, 0x20000000000000, 0x0, 0x1, 0x7}, {0x0, 0x0, 0x2}, {0x8f, 0x0, 0x8}, 0x70bd29, 0x3502, 0x2, 0x1}}, 0xf0}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\f\x00\x00\x00Q\x00'], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00'}, 0x4e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newtaction={0xfc, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0xe8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x4, 0x8000446, {}, {0x7, 0x0, 0x0, 0x0, 0x3}, 0xfffffffd}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x78, 0x2, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x405}}}], [@TCA_POLICE_RATE64={0xc, 0x8, 0x10000}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x8010}, 0x44830)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

1m2.08125427s ago: executing program 4 (id=3459):
syz_usb_connect(0x5, 0x3d, &(0x7f0000000100)=ANY=[@ANYBLOB="120110019c3d9f08fd0b1b01a1330102030109022b00013507a0ce09046500028bc7ec0d0705c2be1b820f0905020220"], 0x0)

1m0.101787964s ago: executing program 4 (id=3470):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$exfat(&(0x7f0000000400), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000540)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX, @ANYBLOB=',dmask=00000000000000000000152,fmask=00000000000000000000006,gid=', @ANYRESHEX, @ANYBLOB=',uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646973636172642c00fb278330ab3b4884d36adf6908d11f57832035e96a1513231140da182ca77aeedc492bbc501d94f854a7e26909bde6e698d72a15ec808a86c25d"], 0x81, 0x14f3, &(0x7f0000001580)="$eJzs3AuYjlW7OPB1r7UexjTpbZLDsO51P7xpaJkkySGnHJIkCUlOCUmTJAmJcZY0JCHHSXIYkuQwjUnjfD7knDT5pEmSkJBk/S/V3r5v9327vf/f9//b1577d13rsm7Pc9/vWnPPNe963uua+bbXmHot69duRkTinwK//ZMihIgRQowQQlwnhAiEEBXjK8Zfvl5AQco/9yLsX6t5+tVeAbuauP95G/c/b+P+523c/7yN+5+3cf/zNu5/3sb9Zywv2zGv2PU88u7gz//zMn7//18kt9zULzeVu7H3fyOF+5+3cf/zNu5/3sb9z9u4/3kb9/9/v1r/yTXuf97G/WcsL7vanz/zuLrjan//McYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLG877K7QQ4t/m/zDh5z+7gTHGGGOMMcYYY//T+PxXewWMMcYYY4wxxhj7fw+EFEpoEYh8Ir+IEQVErLhGxIlrRUFxnYiI60W8uEEUEjeKwqKIKCqKiQRRXJQQRqCwgkQoSopSIipuEqXFzSJRlBFlxS3CiXIiSdwqyovbRAVxu6go7hCVxJ2isqgiqopq4i5RXdQQNUUtUVvcLeqIuqKeqC/uEQ3EvaKhuE80EveLxuIB0UQ8KJqKh0Qz0Vy0EA+LluIR0Uo8KlqLNqKtaCfa/1/lvyj6iZdEfzFApIiBYpAYLIaIoWKYGC5GiJfFSPGKGCVeFalitBgjXhNjxetinHhDjBcTxETxppgkJospYqqYJqaLNPGWmCHeFjPFO2KWmC3miLkiXcwT88W7YoF4TywU74tF4gOxWCwRS8UykSE+FJliucgSH4kV4mORLVaKVWK1WCPWinVivdggNopNYrPYIraKbWK72CE+ETvFLrFb7BF7xT6xX3wqDojPxEHxucgRX/w388/9h/zeIECABAkaNOSDfBADMRALsRAHcVAQCkIEIhAP8VAICkFhKAxFoSgkQAKUgBKAgEBAUBJKQhSiUBpKQyIkQlkoCw4cJEESlIfboAJUgIpQESpBJagMVaAKVINqUB2qQ02oCbWhNtSBOlAP6sE9cA/cCw2hITSCRtAYGkMTaAJNoSk0g2bQAlpAS2gJraAVtIbW0BbaQntoDx2gA3SEjtAZOkMX6AJdoSskQzJ0g27QHbpDD+gBPaEn9IJe0Bv6QB94EV6El+AlGAB15EAYBINgCAyBYTAchsPLMBJegVfgVUiF0TAGXoPX4HUYB2dhPEyAiTARqsvJMAWmAsnpkAZpMANmwEyYCbNgNsyGuZAO82A+zIcF8B68B+/DIvgAPoAlsASWQQZkQCYshyzIghVwDrJhJayC1bAG1sIaWA8bYD1sgs2wCbbCVtgO2+ET+AR2wS7YA3tgH+yDT+FT+Aw+g1TIgRw4BIfgMByGI3AEciEXjsJROAbH4DgchxNwAk7CKTgNp+AMnIGzcA7Ow3m4ABfgIjyf8HWLfWU2pgp5mZZa5pP5ZIyMkbEyVsbJOFlQFpQRGZHxMl4WkoVkYVlYFpVFZYJMkCVkCYkSJclQlpQlZVRGZWlZWibKRFlWlpVOOpkkk2R5WV5WkBVkRXmHrCTvlJVlFdnJVZPVZHXZ2dWUtWRtWVvWkXVlPVlf1pcNZAPZUDaUjWQj2Vg2lk3kg7KpHAjDoLm83JmWcjS0kmOgtWwj28p28nV4THaQ46Cj7CQ7yyfkBBgPXWUHlyyflt3kFOgun5VT4TnZU06HXvIF2Vv2kX3li7Kf7Oj6ywFyFgyUg+RcGCKHymFyuFwAdeXljtWTr8pUOVqOka/JZfC6HCffkOPlBDlRviknyclyipwqp8npMk2+JWfIt+VM+Y6cJWfLOXKuTJfz5Hz5rlwg35ML5ftykfxALpZL5FK5TGbID2WmXC6z5EdyhfxYZsuVcpVcLdfItXKdXC83yI1yk9wst8itcpvcLnfIT+ROuUvulnvkXrlP7pefygPyM3lQfi5z5BfykPyLPCy/lEfkVzJXfi2Pym/kMfmtPC6/kyfk9/KkPCVPyx/kGfmjPCvPyfPyJ3lB/iwvyl/kJemlUKCkUkqrQOVT+VWMKqBi1TUqTl2rCqrrVERdr+LVDaqQulEVVkVUUVVMJajiqoQyCpVVpEJVUpVSUXWTKq1uVomqjCqrblFOlVNJ6lZVXt2mKqjbVUV1h6qk7lSVVRVVVVVTd6nqqoaqqWqp2upuVUfVVfVUfXWPaqDuVQ3VfaqRul81Vg+oJupB1VQ9pJqp5qqFeli1VI+oVupR1Vq1UW1VO9VePaY6qMdVR9VJdVZPqC7qSdVVPaWS1dOqm3pGdVfPqh7qOdVTPa96qRdUb9VH9VW/qEvKq/5qgEpRA9UgNVgNUUPVMDVcjVAvq5HqFTVKvapS1Wg1Rr2mxqrX1Tj1hhqvJqiJ6k01SU1WU9RUNU1NV2nqLTVDva1mqnfULDVbzVFzVbqap4b9XmnhfyH/7b+TP+rXV9+udqhP1E61S+1We9RetU/tV/vVAXVAHVQHVY7KUYfUIXVYHVZH1BGVq3LVUXVUHVPH1HF1XJ1QJ9RJdUr9pH5QZ9SP6qw6p86pn9QFdUFd/P1rIDRoqZXWOtD5dH4dowvoWH2NjtPX6oL6Oh3R1+t4fYMupG/UhXURXVQX0wm6uC6hjUZtNelQl9SldFTfpEvrm3WiLqPL6lu00+V0kr71n87/s/W11+11B91Bd9QddWfdWXfRXXRX3VUn62TdTXfT3XV33UP30D11T91L99K9dW/dV/fV/XQ/3V/31yk6RQ/Sg/UQPVQP08P1CP2yHqlH6lF6lE7VqXqMHqPH6rF6nB6nx+vxeqKeqCfpSXqKnqKn6Wk6TafpGXqGnqln6ll6lp6j5+h0na7n6/l6gV6gF+qFepFepBfrxXqpXqozdIbO1Jk6S2fpFXqFztYr9Uq9Wq/Wa/VavV6v1xv1Rr1Zb9Zb9VadrXfoHXqn3ql36916r96r9+v9+oA+oA/qgzpH5+hD+pA+rA/rI/qIztW5+qg+qo/pY/q4Pq5P6BP6pD6pT+vT+ow+o8/qs/q8Pq8v6Av6or6oL+lLl499gQxkoAMd5AvyBTFBTBAbxAZxQVxQMCgYRIJIEB/EB4WCG4PCQZGgaFAsSAiKByUCE2BgAwrCoGRQKogGNwWlg5uDxKBMUDa4JXBBuSApuDUoH9wWVAhuDyoGdwSVgjuDykGVoGpQLbgrqB7UCGoGtYLawd1BnaBuUC+oH9wTNAjuDRoG9wWNgvuDxsEDQZPgwaBp8FDQLGgetAgeDloGjwStgkeD1kGboG3QLmj/L63v/dkij7v+ZoBJMQPNIDPYDDFDzTAz3IwwL5uR5hUzyrxqUs1oM8a8Zsaa180484YZbyaYieZNM8lMNlPMVDPNTDdp5i0zw7xtZpp3zCwz28wxc026mVfj90O3WWjeN4vMB2axWWKWmmUmw3xoMs1yk2U+MivMxybbrDSrzGqzxqw168x6s8FsNJvMZrPFbDXbzHazw3xidppdZrfZY/aafWa/+dQcMJ+Zg+Zzk2O+MIfMX8xh86U5Yr4yueZrc9R8Y46Zb81x8505Yb43J80pc9r8YM6YH81Zc86cNz+ZC+Znc9H8Yi4Zf/lwf/ntHTVqzIf5MAZjMBZjMQ7jsCAWxAhGMB7jsRAWwsJYGItiUUzABCyBJfAyQsKSWBKjGMXSWBoTMRHLYll06DAJk7A8lscKWAErYkWshJWwMlbGqlgV78K7sAbWwFpYC+/Gu7Eu1sX6WB8bYANsiA2xETbCxtgYm2ATbIpNsRk2wxbYAltiS2yFrbA1tsa22BbbY3vsgB2wI3bEztgZu2AX7IpdMRmTsRt2w+7YHXtgD+yJPbEX9sLe2Bv7Yl/sh/2wP/bHFEzBQTgIh+AQHIbDcASOwJE4EkfhKEzFVByDY3AsjsVxOA7H4wSciG/iJJyMU3AqTsPpmIZpOANn4EycibNwFs7BOZiO6Tgf5+MCXIALcSEuwkW4GBfjUlyKGZiBmZiJWZiFK3AFZmM2rsJVuAbX4DpchxtwA27CTbgFt+A23IY7cAfuxJ24G3fjXtyL+3E/HsADeBAPYg7m4CE8hIfxMB7BI5iLuXgUj+IxPIbH8TiewBN4Ek/iaTyNZ/AMnsWzeB7P4wX8GS/iL3gJPcZYKWLtNTbOXmsL2utsjC1g/zouaovZBFvclrDGFrZF/iZGa22iLWPL2luss+Vskr31D3FlW8VWtdXsXba6rWFr/iFuYO+1De19tpG939a39/xN3Ng+YJvYR2xT+6htZtvYFradbWkfsa3so7a1bWPb2na2i33SdrVP2WT7tO1mn/lDnGmX2w12o91kN9sD9jN73v5kj9lv7QX7s+1vB9gR9mU70r5iR9lXbaod/Yd4on3TTrKT7RQ71U6z0/8Qz7FzbbqdZ+fbd+0C+94f4gz7oV1ks+xiu8Qutct+jS+vKct+ZFfYj222XWlX2dV2jV1r19n1/77W1Xar3Wa32/32U7vT7rK77R671+77Nb68j4P2c5tjv7BH7Tf2sP3SHrHHba79+tf48v6O2+/sCfu9PWlP2dP2B3vG/mjP2nO/7v/y3n+wv9hL1ltBQJIUaQooH+WnGCpAsXQNxdG1VJCuowhdT/F0AxWiG6kwFaGiVIwSqDiVIENIlohCKkmlKEo3UWm6mRKpDJWlW8hROUqiW6k83UYV6HaqSHdQJbqTKlMVqkrV6C6qTjWoJtWi2nQ31aG6VI/q0z3UgO6lhnQfNaL7qTE9QE3oQWpKD1Ezak4t6GFqSY9QK3qUWlMbakvtqD09Rh3ocepInagzPUFd6EnqSk9RMj1N3egZ6k7PUg96jnrS89SLXqDe1If60ovUj16i/jSAUmggDaLBNISG0jAaTiPoZRpJr9AoepVSaTSNoddoLL1O4+gNGk8TaCK9SZNoMk2hqTSNplMavUUz6G2aSe/QLJpNc2gupdM8mk/v0gJ6jxbS+7SIPqDFtISW0jLKoA8pk5ZTFn1EK+hjyqaVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoE9oJ+2i3bSH9tI+2k+f0gH6jA7S55RDX9Ah+gsdpi/pCH1FufQ1HaVv6Bh9S8fpOzpB39NJOkWn6Qc6Qz/SWTpH5+knukA/00X6hS6RJxFCKEMV6jAI84X5w5iwQBgbXhPGhdeGBcPrwkh4fRgf3hAWCm8MC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Ulg5vDhPDMmHZ8JbQheXCpPDWsHx4W1ghvD2sGN4RVgrvDCuHVcJH7q8W3hVWD2uENcNaYe3w7rBOWDesF9YP7wkbhPeGDcP7wkbh/WGF8IGwSfhg2DR8KGwWNg9bhA+HLcNHwlbho2HrsE3YNmwXtg8fCzuEj4cdw05h5/CJsEv4ZNg1fCpMDp8Ou4XP/On1lHBgOCgcHA4Ovb9PLY0ui2ZEP4xmRpdHs6IfRVdEP45mR1dGV0VXR9dE10bXRddHN0Q3RjdFN0e3RLdGt0W3R72vn184cNIpp13g8rn8LsYVcLHuGhfnrnUF3XUu4q538e4GV8jd6Aq7Iq6oK+YSXHFXwhmHzjpyoSvpSrmou8mVdje7RDe4+W8HiHIuybVz7V1718E97jq6Tq6ze8I94Z50T7qn3FPuadfNPeO6u2ddD/ec6+med8+7F1xv18f1dS+6fu4l198NcCkuxQ1yg9wQN8QNc8PcCDfCjXQj3Sg3yqW6VDfGjXFj3Vg3zo1z4914N9FNdJPcJDfFTXHT3DSX5tLcDDfDzXQz3Sw3y81xc1y6S3fz3Xy3wC1wC91CtyhxkVvsFrulbqnLcBku02W6LJflVrgVLttlu1VulVvj1rh1bp3b4Da4TW6T2+K2uG1um9vhdridbqfb7Xa7vW6v2+/2uwPugDvoDrocl+MOuUPusDvsjrivXK772h1137hj7lt33H3nTrjv3Ul3yp12P7gz7kd31p1z591P7oL72V10v7hLzru0yFuRGZG3IzMj70RmRWZH5kTmRtIj8yLzI+9GFkTeiyyMvB9ZFPkgsjiyJLI0siySEfkwkhlZHsmKfBRZEfk4kh1ZGVkVWR1ZE1kb8b74ztCX9KV81N/kS/ubfaIv48v6W7zz5XySv9WX97f5Cv52X9Hf4Sv5O31lX8VX9Y/61r6Nb+vb+fb+Md/BP+47+k6+s3/Cd/FP+q7+KZ/sn/bd/DO+u3/W9/DP+Z7+ed/Lv+B7+z6+r3/R9/Mv+f5+gE/xA/0gP9gP8UP9MD/cj/Av+5H+FT/Kv+pT/Wg/xr/mx/rX/Tj/hh/vJ/iJ/k0/yU/2U/xUP81P92n+LT/Dv+1n+nf8LD/bz/Fzfbqf5+f7d/0C/55f6N/3i/wHfrFf4pf6ZT7Df+gz/XKf5T/yK/zHPtuv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+J3+l1+t9/j9/p9fr//1B/wn/mD/nOf47/wh/xf/GH/pT/iv/K5/mt/1H/jj/lv/XH/nT/hv/cn/Sl/2v/gz/gf/Vl/zp/3P/kL/md/0f/iL/GvpDHGGGOM/ZeoP7k+8O/8n/x9XDZICHHtrmK5/7HmlsK/zYfKhC4RIcTTA3o1/7dRp05KSsrv92YrEZRaIoSIXMnPJ67EK0Vn8aRIFp1E+b+7vqGyzwX6k/rRO4SI/aucGHElvlL/tn9Q/7EnJmZWCs/H/yf1lwiRWOpKTgFxJb5Sv8I/qF+kw5+sv8CXaUJ0/KucOHElvlI/STwunhHJf3MnY4wxxhhjjDH2m6Gyao8/e36+/HyeoK/k5BdX4j97PmeMMcYYY4wxxtjV91yfvk89lpzcqQdPeMITnvz75Gr/ZGKMMcYYY4z9q1059F/tlTDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY3nX/48/J3a198gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdbf8nAAD//yx2QLk=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000004ac0))
fstat(0xffffffffffffffff, &(0x7f0000004b00))
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, 0x0, 0x0, 0x4000010)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

57.852775384s ago: executing program 4 (id=3477):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x2, 0x2, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x22d00, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'syztnl1\x00', 0x0})
socket$l2tp6(0xa, 0x2, 0x73)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

57.650485976s ago: executing program 4 (id=3481):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
socket(0x1, 0x803, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r7=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000003800128009000100766c616e000000002800028006000100040000001c0003800c00010400000000010000000c000100f7ffffff0300000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x68}, 0x1, 0x0, 0x0, 0x600}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

57.602031569s ago: executing program 4 (id=3482):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000300)='.\x00', 0x8000, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

55.635330062s ago: executing program 4 (id=3487):
r0 = fsopen(&(0x7f0000001480)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)

39.433544129s ago: executing program 33 (id=3487):
r0 = fsopen(&(0x7f0000001480)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)

11.642275917s ago: executing program 5 (id=3712):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x5)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r3, &(0x7f00000000c0)=""/154, 0x9a)
close_range(r0, 0xffffffffffffffff, 0x0)

10.821777974s ago: executing program 5 (id=3716):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

10.576769899s ago: executing program 5 (id=3718):
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x495, &(0x7f0000000a40)="$eJzs29trHGUYx/HfM8luNttqt22aVil0VVCpWHPo0XjRQwwVekjTRqSoEJtNXJoT2VTaIlq88dYbb0REQUGqaEHEG6+0d/4BCoKgF16I4F54AEGQmX1nZ7LZtkn3kGz7/UC7k3eemXkP+8777s67AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0uGnD/X02mrnAgAANNOJ0yM9fYz/AADcVc7w+R8AAOBuYvL0g0yDI0U7HvxdkjqWn7lwcXRwqPphnRYc2RbE+/9SvX39u/fs3bc/fL358fV2n06ePnMoe2R2em4+VyjkxrOjM/lzs+O5ZZ+h1uMr7QwqIDt9/sL4xEQh27erf9Hui5lfO9Z1Zwb2dR/0wtjRwaGh07GY9sRtX32JG83wk/K0TabfH/7MTkjyVHtd3OK902idQSF2BoUYHRwKCjKVH5tZ8HcOhxXhubI6ybCOmtAWNemS/HxZsj6f2RLydFCm7l+KdlJSW1gPjwVfDN/4wPa6XP62+fl8QdKDaoE2W8M65OknmaY3pDS8+s2KJmuXp4sy/TlQtFPB/cDvT/5t89iz2WdmJmZjscPmelSrjw/NtMbvTSl5OhHc8Ys2stqZQdP5k6W3ZdryySvBvELBvHTDwL4nT/XHZxhbb3EeP3aXmz8uZ0xOuNhhGzbz6l8uAAAAAAAAAFKHefpepuLX2SgxY/Jij4xTKj0Yyq5OFgE0inl6R6ZTI8Xga/j4upS22PqeslZ/9tfY/HemjszOXZrPT768UHV/OnXopcLC/Ni56rvV6d9n2+Ipt1rHUqOEeUrK9PxfH1v5uqX7v1sKEOXmo6eiNTOpyusH75t7S+uZwmdIB85ujW9XzfIKno/61zTztCDT4U3b3FqVtJbUmUpxX8j0x/vbXZyX9DMfnjZTOuNEfirX48d+I9MH/4WxwbIorXOxm6PYXj/WZHrr+OLY9S62K4rt82OHZLr+YvXYLVFsvx/7hkxzv2XD2LQfu8PFdkexu87NTo1Xq0pgpfz+/7NM73VlLewb7aX339L+/2o0FlypPNEN+nyt/T8TS7vi+vVZv///vS3oy0H/96r3/zdl+vTL7S6u1PeSbv/G4P+o/z8n0+R3i2PTLnZTFNu77IptEX77b5fp6JZr5bpx7e9aIGq1ePvfX/nuaFD7b4ylZdx1O+pTdEgqXLp8fmxqKjfPRq0brkavrJX8rJGNHWsjG2yscGOVb0xoCn/8/9yfRX31Y3m+48Z/9zElmln981o0/g9UnqhB4/+mWNqAm40k2qXUwvRcYquUKly6/Hh+emwyN5mb2d2zt2fP7gO9B/YnkuHkLtqqua7uRH77fyvTv+uulj/vLp7/VZ//pytP1KD23xxLSy+ar9RcdLj2vyrTA9evlb+XuNn8P/z+59GHSq/l/tmg9u+KpWXcde+pT9EBAAAAAAAAAAAAAAAAoKUlzNOHMh19ot3C35otZ/3fkh+gNWj9V3csbbxJv1eouVIBoAV48vSuTI+oaK/7Ceul4/FX3NH+DwAA///WsSBT")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0xf0, 0x10, 0x633, 0x0, 0x0, {{@in6=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in6=@private2, {0x327, 0x9, 0x0, 0x4, 0x20000000000000, 0x0, 0x1, 0x7}, {0x0, 0x0, 0x2}, {0x8f, 0x0, 0x8}, 0x70bd29, 0x3502, 0x2, 0x1}}, 0xf0}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\f\x00\x00\x00Q\x00'], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x1, 0x9f8, 0x1, 0x6, 0x1}})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$nvram(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
pwritev(r6, &(0x7f0000000100)=[{&(0x7f0000000300)}], 0x1, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
mmap(&(0x7f0000887000/0x3000)=nil, 0x3000, 0x0, 0x11, r7, 0x3000)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x44830)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x2000, &(0x7f00000041c0)={&(0x7f0000000140)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x40, 0x0, 0x1, 0x57, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

10.369921631s ago: executing program 1 (id=3719):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x200}]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000280)})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000500)={0x20080522}, 0x0)
r1 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r1, 0x1})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x70, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x62}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xe2}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4b12d8c0}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x81}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x68a289cc}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x15}, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x25dfdbfc, {0x2}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x1}]}, 0x20}}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

9.044883557s ago: executing program 5 (id=3721):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace(0x10, r2)
ptrace$peeksig(0x4212, r2, &(0x7f0000000140), 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x9, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
r4 = socket$alg(0x26, 0x5, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000000))
bind$alg(r4, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmsg$TIPC_CMD_SET_LINK_TOL(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)=0x6)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000100)=r0, 0x4)
read$dsp(r3, &(0x7f00000011c0)=""/4117, 0x200021d5)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)

8.878811447s ago: executing program 1 (id=3722):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$usbmon(&(0x7f0000001b80), 0x4, 0x400)
poll(0x0, 0x0, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
mount$cgroup(0x0, 0x0, 0x0, 0x2010042, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xcd)
r4 = syz_io_uring_setup(0x88e, &(0x7f0000000140)={0x0, 0xf18d, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x40012020, 0x1, {0x4}})
io_uring_enter(r4, 0x47f6, 0x20, 0x4, 0x0, 0x0)

8.778203443s ago: executing program 2 (id=3723):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, r1, 0x5}, 0x10)
fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f00000000c0))
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0x401)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000/0x3000)=nil})
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x48, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r8, 0x1}}, 0x18)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x20000)
ioctl$FS_IOC_GETVERSION(r2, 0x4008af25, &(0x7f0000000600))

7.998818278s ago: executing program 1 (id=3724):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="5400000016e6a2110d1d3a00503b98c86dab6f0eb291d6745ca54e0b89ef53cd13c722e501f7ca868aa9735828c37b2220937ddbb4e8f8b46ec1aa517a6d19df2f1e0a8615d0a1c0dff8749ef34a47576e185545d29540f30d4b1b5fee97e0662a288b5224084a46ec7825440269a95ab15309b51876867cb7cc8d6ffb1c84b8445e1d8aec06853b2ea231b45c29b60e1a5df6aeb1396419b33b878837bfcbbb3bcd1314783e649f4b3720bbcee863b4c7fc5554ed58a65fdb69308634a54afbcf38675155b482f902fd169a1f1bf2b9910e53eea385a8367ddfee48aa33dd441a61133ebffdf0dba6e09a32a5d9ceb80860206d5ddad0a3d11ba38ebaaa00"/265, @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000002800038024000380200001801100020073636865645f737769746368000000000800010006000000"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x40090)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r4)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r6 = socket$kcm(0xa, 0x2, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x0, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000001340)={{0x84, @broadcast, 0x4e24, 0x3, 'lc\x00', 0xc, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0xffffffff, 0x12d5c, 0x1294b}}, 0x44)
sendmsg$sock(r6, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000140)="05000000010000", 0x7)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
r9 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r9, 0x5421, &(0x7f0000000440)=0x6)
connect$bt_rfcomm(r9, &(0x7f00000001c0)={0x1f, @any, 0xb}, 0xa)
close(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.656038417s ago: executing program 2 (id=3727):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus/file0\x00', 0x0, 0x6)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="02000000040000000600000005000000"], 0x48)
syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x4, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x457, &(0x7f0000000840)="$eJzs28tvG8UfAPDvrpP019cvoZRHH0CgICIeSZMW6IELCKRekJDgUI4hTavStEFNkGhV0YBQOaL+BcARib+AE1wQcAJxhTtCqlAvFA5o0dq7rZPYwXacOMWfj7TJjHfsme/ujj07YwfQt0bzP0nEroj4OSKGa9nlBUZr/27euDzz543LM0lk2Wu/J9Vyf9y4PFMWLZ+3s8iMpRHph0kcaFDvwsVLZ6fn5mYvFPmJxXNvTyxcvPT0mXPTp2dPz56fOnbs6JHJ556deqYrce7O27r/vfmD+46/ce2VmRPX3vzui7y9u4r99XFExFA36hyN0eXHss5j3ahgC9ldl04GetgQ2lKJiPx0DVb7/3BU4vbJG46XP+hp44ANlWVZtm3Vo5UysZQB/2FJ9LoFQG+UH/T5/W+5beLwo+euv1C7AcrjvllstT0DkRZlBlfc33bTaEScWPrrk3yL1fMQAABd91U+/nmq0fgvjXvryv2/WBsaiYi7ImJPRNwdEXsj4p6Iatn7IuL+NusfXZFfPf75cXtHgbUoH/89X6xtLR//laO/GKkUud3V+AeTU2fmZg8Xx2QsBrfl+ck16vj6pZ8+bravfvyXb3n95ViwaMdvAysm6E5OL06vJ+Z619+P2D/QKP7k1tpV/n9fROzv4PXzY3bmic8PNtv/7/GvoQvrTNlnEY/Xzv9SrIi/lKy9Pjnxv5ibPTxRXhWrff/D1Veb1b+u+LsgP/87Gl7/t+IfSerXaxfar+PqLx81vafp9PofSl6vpsuF2nenFxcvTEYMJUurH5+6/dwyX5bP4x871Lj/74n4+9PieQciIr+IH4iIByPioaLtD0fEIxFxaI34v33x0bc6j39j5fGfbOv8t5+onP3my2b1t3b+j1ZTY8Ujrbz/tdrA9Rw7AAAAuFOk1e/AJ+n4rXSajo/XvsO/N3akc/MLi0+emn/n/Mnad+VHYjAtZ7qG6+ZDJ4u54TI/tSJ/pDpvnGVZtr2aH5+Zn9uoNXWgNTub9P/cr5Vetw7YcG2tozX7RRtwR/J7Tehf+j/0L/0f+pf+D/2rUf+/EnGzB00BNpnPf+hf+j/0L/0f+pf+D31pPb/rj2heZs/x9bzy1kgMxWbUVdkCkXaSiHRLNKOzRLo1mlFLbIuIVgtfic1qWK/fmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrjnwAAAP//poLnLg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')
write$P9_RLERRORu(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009de8"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="9b713a637a8cf3ae24cf91ceca0a7d1df5"])
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000040)={r0}, &(0x7f00000003c0)=ANY=[@ANYBLOB="656e633d706b63733120686131683d706f6c7931333035000000000000000000000000000000000000000000000000000000002f000000ff00"/80], 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002bc0)=ANY=[], 0x184}}, 0x844)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)

7.279613259s ago: executing program 1 (id=3729):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1d, 0x7, 0x8, 0x80000001, 0x22020, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x1000}, 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2cee, &(0x7f0000000200)={0x0, 0x93b0, 0x3, 0x0, 0x315})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, &(0x7f00000000c0)={0x3, 0x102, 0x2, {0xdf, 0x81, 0x3, 0xc4ea}})
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000500000085000000d000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000140)=@get={0x1, 0x0, 0x8000000000000001})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x40000000, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x80}}, 0x20000000)
sendmsg$key(r6, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', 0x0, 0x0, 0x0)

4.942091844s ago: executing program 0 (id=3731):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x90}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000001c0)={<r3=>r1, 0x60, 0x6, 0x1})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000840)={{{@in=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@multicast2}}}, &(0x7f0000000300)=0xe8)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={&(0x7f0000000200), 0xc, &(0x7f00000003c0)={&(0x7f0000000940)=@expire={0x2e0, 0x18, 0x1, 0x70bd2c, 0x25dfdbfd, {{{@in6=@private1, @in6=@empty, 0x4e21, 0x1, 0x4e23, 0x2, 0x2, 0x80, 0x20, 0xff, 0x0, r4}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d5, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x11}, {0xdc, 0xa00000, 0x400, 0x9, 0xfff, 0x3dd, 0x5c7, 0xe}, {0x8, 0xe7, 0x100000000}, {0x8, 0x5, 0xc}, 0x70bd2d, 0x34ff, 0xa, 0x4, 0xf6, 0x2}, 0x40}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x4d2}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x6, 0x3ff, 0x4, 0x400}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d3, 0x33}, 0x0, @in=@multicast1, 0x3506, 0x4, 0x0, 0x9, 0x2, 0x4, 0x8e2}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d6, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x0, 0x0, 0x0, 0xb, 0x6, 0x4, 0xd851}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x2b}, 0xa, @in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x3501, 0x2, 0x1, 0x2, 0xbf64b2e, 0x3, 0xafc}, {{@in=@multicast2, 0x4d2, 0x3c}, 0x2, @in=@empty, 0x3504, 0x0, 0x0, 0x0, 0x7, 0x80000001, 0x8000}]}, @coaddr={0x14, 0xe, @in6=@private2}, @lifetime_val={0x24, 0x9, {0x3ff, 0x3d3, 0x5, 0xffffffffffffff81}}, @user_kmaddress={0x2c, 0x13, {@in6=@dev={0xfe, 0x80, '\x00', 0x38}, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x14}}, @sec_ctx={0x3e, 0x8, {0x3a, 0x8, 0x1, 0x7f, 0x32, "8636b60ddcf20f5db2e8c66bfdbe24eba0a6527a9b718066d95e83cfa674cacfb11d7a79799d481dabab2ae1976e9d392ab6"}}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000)

4.875167958s ago: executing program 0 (id=3732):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x200}]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000280)})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000500)={0x20080522}, 0x0)
r1 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r1, 0x1})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x70, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x62}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xe2}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4b12d8c0}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x81}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x68a289cc}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x15}, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x25dfdbfc, {0x2}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x1}]}, 0x20}}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

4.793108643s ago: executing program 1 (id=3733):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x2b, 0xa, 0x1)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x380})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x3, 0x2})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r5 = memfd_secret(0x80000)
r6 = userfaultfd(0x801)
getdents64(r5, &(0x7f0000000480)=""/231, 0xe7)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f000070d000/0x1000)=nil, 0x1000, 0x15)
pipe2$9p(&(0x7f0000000140), 0x80000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc01c64b9, 0x0)
syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00')

4.003457299s ago: executing program 2 (id=3734):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x24, 0x2, @thr={0x0, &(0x7f0000000280)="416e208f75deac45ba67cc39994a306d0ee9cbad8dd9a144b8c09282e12f48bc266b0bcffe7d04873effaf4244b16e003a58da85ef4c3d02fdc02537cdf3bbdec18721b17990ce43b26a1cfd6993d694da39b40c9ec4fcb8653c5ca06a5993186b008386163d48afed1596e9b862d27eb9c75fc605ef135ed63c3b3a066dd659c6f83d103c749a095cb1d1e5a51ad6fb593bef7edfbbf36e3dd134e233dd59729e72d10134a7d399ec1fe32308f1c8fdac6d8701a2b8220ad72be8f3be7ccc78190deb99feb09eb632072844e9ccf6a9412b253cf85514d214d07bacbf226009004fd3cde79d15fd92d4605672a07c78a1ddb189a11a7340fdbbc6df22534c332ea1d6d24a995a0fd39fadb16bb51e52bab9c657c3bf9f35785293dd5102fd0c72a124a9c416f7a15ff5ce4a4519c59050cd1a61ecdf4f36ee0903fc3767adc7edda15bb89e8708e9a7d9537be83b06398e8da655c7f19232d2a43543a1ba400e746c55c83aca42c4db41d66cb1bdec38e96d8cf576cc896bfa055b251181ff767c90bbd26f2305345c14b337d463f9946afdb805e86b7fdf1f97142946800eee259c8b456b95071509dc71e4bd852b11552561563564bf9718286ea8932a3f333983d93b825d428dbb599fab15ac2b3913785a0d8a410ae7bb60091958a147ac72b9a13621b18018d34a6a197a180212e8b5c618d88d202b9bd75da631bb9174147863259e519219a493bfdbfd01e94335c2f93ae5cc8d6fe38de3cc513da29c817858e66da086a16dc57053db7b7dca5a4ef983dbc7bfb99d4f87a044634c7196bc984061c69b5504fa849c0d0c04cad588133605f1e2e95c9b17fe0a6b1f1d1b9774f4409c5d38af963dd9f6a88b3eab2f4533624f15decdf36ff9513d7042e9a66d64c5cf307956fe29a63c0185a4f414ffa0963f42d146af9182739240020686154102dc969670ef7dad56bfdda27966666785371b5adac3e3178dff1beb199d86d52ac05380f076c3e4c5cb15cbb935f4283cc83ab6416ef9f6888b388acce48c11573ae6c604c9ba5ab6c866db6b7a97acf568a55d2c216d97ff1141e94ff8c91086021bf219ce07dcb2c186684c84929ea7beff14d823cf9798c4838a11ff62d434d13fbde267cc709bcbd1c54ed537de37bac1c3a928817279ec1b82c7871d63652b90ed0f92a6b1a80bed6a5caf46a9e7a5d6671172fcb9c0c04efed842bcccdba6ff1cd427b1d34fef96bab98113a0ee33e3d261ed6b5df9c77fa540f5bb9692ec65053bb2a7c185ba327d149fb53b69b92e211996b1a021187063464fdd8e27af28faba9a2b89cd79cbde9facdbed42950f694aa6232f67a6be421ecf3e9131d7fbe6acb13094c57a27f5489682fd91b42c5d965babd576c531826c7508534b420c96caf4a6de6a721fa38874ea747cc70a066d18e300eac5a68c77e6bff331fc7daf399e162b2d2a22971eb15f0e7545a9242a88769b06e1f4bfec25c024ebea3cba7e67dee543b40d96f27bfced254fc8fb1deb712511d368547ef00b698fb7c3951e03420b8a8c0ef4388d9ff5e085572cb45d38e86d498ff1d2cfc4e4fb89bf7afac14ee9bbba1374b1c17da2896916d2aab7f40310f27c18231267714174d55197e24146c97791c9f44a79976e52a5f254b352ec24d23bc939bcd026f1f51e331b9e22cebc25d345fb6985e3701a887585d28835e4dc96e76604a11c799fddbeff787029d7f2e5597163f2a0e047b6c9ea0caa91d245bd11abb60b58bcd22d834bcff1d7e6fc6a25975c15ae929e2343465c871a60ba8416299dc5fd41036d7ae5eac649b0b8782ff2ee5e352a5d4748732cb5941a39054c34958679cec8c6a9aaee6d4c561cbdbdf5e05dfced26907e29786e67708c4eca7b8e9d44280c15cdc4c83627ed78bec3cf06acf0c23514ffb68bab311ccc654efd019e26080c8770fabc39fba9e3a1dc86655e7c93fa9e97aeca68e7be3f34356424a5b283c916f93a77388fdee2c7cafd6ae09f3c13388e7a2954bb22d50a595111bddec2ff3fa5950b750af8123c88788056b7dcd86c2fb60857f39efb24bb98b826519a6f375cad47a5d8158b87406879b59f506d623f9c5ad679f147a8265f3cfa958d455ce27c81de204c14b2d1b160e16511eaf3471a0d6022e0576fb07574ea4d5dbb88dded61e654942c8913c3057b0892407cb821190a3df06efa86ef318f801d1643e3f9a3c18b0e422e5de2b793183dfb266cf546c3d40197af1a330e33a93ef9bd6b72d046c8d9802fc74f65f30a1b321272e6a7c910fd940536ba7f09defd3fd45e9dcca6c85b4f6383f04c10036ba120b1f9715730edaea39df2468a3a66c0b51cff8dbfbcabbbd636b16111cb024cb434e4ab9c4a53374736cb08c470570fa85691bc24ef3721c932d6e1079e641a2bf402cde3d25478040f484d6552419c5366f0f4f203adb27fd68d166abfcab131d214914ab6da9193ba52cffb070435bf0a11dd919ff183019c70d8c458e82347a1a5df7e02f287edfc8e8197e36a202e1ee54cdc2c48c3ad6b29fb585a57d6311ea065a7cb212b13ff287421f498600f6c30a132e220d5c87beae1d26fd7c3d02df0943593c0cb63da03ee105fea5b7e622cf72eaad06bbd466648bcc647523d03c809eaa7836da659550553341d88bd086dbcf189d965c3f81508a4343c3488477b5360c0f1608b981976c5eedc324adba066bdbd5d9b6c997e50437761074ede856de52038ea7651b54eb539d7181a78fd1ad389c3120b064d680996a56bff6ed23cfd41bbac60c64475170f9afb8b26b03cc98dc606448a7496c9f95ce023f23169eca042d1e7d40b22c8fe88d1ba7c494d1119a9926c9115436f371a4cb439237698c464fbdc62be2ea7875827d8dcad1ada66153f00567ce54964bbc65fd4273d406b176d7f3623405cf2c98f32de56464dbd56b87b7c78ee0372520aaf9bc7072b2429d90c27a8e5775fa524a64cbfdec481b8839d153ae553224aeda2987f9d1a0f02401c32bb40960a81c0302a75ae5e8ed40c81795ed01df5848a30de1177eaf1e8d3fca329a498b14a702871fb3cde6f132fbe7e5fbc9ef3d9f29f3012643abf44fca59fa7b1f982711e72c1aecc36ceb058a1c5b7a858c06be99af120c63bd12dc858b5754746f6d689ca9d3b78f558811f206102548872b0cbbd8498077da72c799446d10ed120ca01fd238fe116885c1908a9451cedcb3b4d069f2"}}, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

3.414692203s ago: executing program 0 (id=3736):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005200010025bd7000050000001c00"], 0x1c}}, 0x800)

3.175095147s ago: executing program 0 (id=3737):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cifs\x00', 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0)
ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

3.134276939s ago: executing program 6 (id=3738):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2, 0x0, 0xb}, 0x20)

2.972842758s ago: executing program 6 (id=3739):
r0 = syz_open_dev$admmidi(&(0x7f0000000300), 0x20, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000100)=@e={0xff, 0xa, 0x2, 0x4, @SEQ_CONTROLLER=0xfe, 0x2c, 0xb9, 0x2})

2.802989878s ago: executing program 1 (id=3740):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x0)
write$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

2.802576018s ago: executing program 6 (id=3741):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, '\x00', "35e23ca3a988def7dfbd438c536346cd", "11398f4a", "50cc97386065eda9"}, 0x28)
recvmmsg(r1, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2004}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)=""/98, 0x62}], 0x1}, 0x4}], 0x2, 0x40000042, 0x0)

2.219357112s ago: executing program 2 (id=3742):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x90}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000001c0)={<r3=>r1, 0x60, 0x6, 0x1})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000840)={{{@in=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@multicast2}}}, &(0x7f0000000300)=0xe8)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={&(0x7f0000000200), 0xc, &(0x7f00000003c0)={&(0x7f0000000940)=@expire={0x2e0, 0x18, 0x1, 0x70bd2c, 0x25dfdbfd, {{{@in6=@private1, @in6=@empty, 0x4e21, 0x1, 0x4e23, 0x2, 0x2, 0x80, 0x20, 0xff, 0x0, r4}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d5, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x11}, {0xdc, 0xa00000, 0x400, 0x9, 0xfff, 0x3dd, 0x5c7, 0xe}, {0x8, 0xe7, 0x100000000}, {0x8, 0x5, 0xc}, 0x70bd2d, 0x34ff, 0xa, 0x4, 0xf6, 0x2}, 0x40}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x4d2}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x6, 0x3ff, 0x4, 0x400}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d3, 0x33}, 0x0, @in=@multicast1, 0x3506, 0x4, 0x0, 0x9, 0x2, 0x4, 0x8e2}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d6, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x0, 0x0, 0x0, 0xb, 0x6, 0x4, 0xd851}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x2b}, 0xa, @in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x3501, 0x2, 0x1, 0x2, 0xbf64b2e, 0x3, 0xafc}, {{@in=@multicast2, 0x4d2, 0x3c}, 0x2, @in=@empty, 0x3504, 0x0, 0x0, 0x0, 0x7, 0x80000001, 0x8000}]}, @coaddr={0x14, 0xe, @in6=@private2}, @lifetime_val={0x24, 0x9, {0x3ff, 0x3d3, 0x5, 0xffffffffffffff81}}, @user_kmaddress={0x2c, 0x13, {@in6=@dev={0xfe, 0x80, '\x00', 0x38}, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x14}}, @sec_ctx={0x3e, 0x8, {0x3a, 0x8, 0x1, 0x7f, 0x32, "8636b60ddcf20f5db2e8c66bfdbe24eba0a6527a9b718066d95e83cfa674cacfb11d7a79799d481dabab2ae1976e9d392ab6"}}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000)

2.208813142s ago: executing program 5 (id=3743):
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = syz_io_uring_setup(0x53e2, &(0x7f0000000380)={0x0, 0x1a1d, 0x8000, 0x2, 0x1d7}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xe01, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000080), &(0x7f0000000140)=0x30)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x3, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0xc, 0xe7, 0x7f}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000001480)=@getsa={0x7ec, 0x12, 0x800, 0x70bd26, 0x25dfdbfd, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d5, 0x2, 0x33}, [@sec_ctx={0x7c4, 0x8, {0x7c0, 0x8, 0x0, 0x6, 0x7b8, "32da9d2f2ab179f4be9a9c294a9c6b68bb418637762d0cca85ebb1f93fe509a172aadf775e1bc84e870a01299c481f7e25ce8881919902f56b83cfba304c8f86a899561e1d71781112585dba177786791210169e97b7aaabbd4580e3a7544308cf299651736483912399e9ce32ef62af2f7237b205eb79a23b62a84d37cff82545d5938082b1a21a2338bbc783804c9dfdaa6deee8d62bb195fc62dec4b8d2fb7953e326bb371fecd5b98040bfa67841ab9f52e0eb72843fa3da3708aa226d7a123093f2898862c258c42924c309e1e7f326c1111c450af189a9cb30ee3d943ec0481faec11b26d6ac69b770dbda746d2f0d18eb2a8d4709d256cd5d8d422f55d710f7f57450c750a5ce021c085475a23e6423f5e8e89434f234e378f0360cf75e8f9d6d505677e6c74788246c28339f85bfb142dd821342b89afae8aa141201fcebe4f431ff2b7aff8dd584fefcff3377e2cd33b3743e9c77c04ee5d4bf8231aeb58e15696d154604dc00a783891cb1ffe58599690e48d6e8ec7f9596e42427f5516d3bc0f2e21318f36cb02be516f1c13144c92183eb1df4e6d4f10d45983788c611d5bd5c0f345456cdd963cf2460872329d20ba4c88865f53a2f0277c1d66c262d3662ac5fb7ad1a64680b2be07a91839ed108b13dfe88d6ca7699c440702ec0703a40fe8361c0984e9364fdcaa71e21371589358f0cc0762002348bd1c49960e05674af75381e3e6f52324ee2c503e2219ddb533ad9e5a0cfb305351cbd621a52e18edd8fb23e7074fef7d8b47dad2abec5920afa2b547c6d862806ef55425983f5633a58ede984feb9ed0e105023962fbf23b008b3f266f189fba1bb320d1511f8e52d68fc3714e998823f273e7335ed054375389b31b6d63f8c8d2a8f5bde5ce4b4325dd0e1e9161cddb5624af57ed3fed5c3e84e97e8ad9cfcbb6bbe8b174f623a9a95fd7652a1ec6994beaa479e65a88c6807cd7ad53a742ea6d7f38a1d749c378e35ec214ec46d1e6527f049a4d83221dc4f9b1956679b380350254f24032082abcc6036449e4ef7e5623e1a9bae58116bb0195d2376124b36f944fb0147f24ca92165c540b7dfa8accc7c63ec40cbc8f9ef181256461975a0c9f5f696d5aa263e15939e0fc592bce71d10e4232b6f2799ce195c0aa0623c8c1675c5cdd880e1b8e1a6940ced49609c741f635a44ae83aa442b43b7e18cfc1d64e8601b8ba410eb01ae81f483fadd7043f997310bf9e179625b301b8cdace8e3786ce10a33d5bba5b00e2bada4268bf2caf4e0d213a66c875156adcd2c130f0b75f36da7205fe003de7dc6d6cab98fceee3a1584b03d678370cbec43875abebc66d60d6b3cf15a1ae0ba97b7cbdfe4b57d7d810b7deab80651ed9a1e35a52428d1d42b6e0982504ef678e850693814ef4125794ee24a46dc8c0470a35ab938f1cea042b706cb520a0046f2afdd9e27097816724d452961532865a006fba576a8238a29022a37828b09c3277bf5244551a5b789467de5b633c9d6a68865f57fd574bd0545e6c6eaafa8fb1aa9e046007333596fce262b671c5a11db40e21d431610d7f44b1b95ef8e36369b20914dbdee267cb81b967f74ac5e74f50a7882ffa2ea513e91299d7712ca0cca41984b2820ce4b08dd6364756e5b07d5040034858156e08d2028575beb55e9a6895c0cf4140dbf6659a96b506b4304ecdf6674d532efcf9b35131303f746e20a75cbab5d32a39a34ddbf6444e3cdfc27fbb094a28dab3b635f46b1009504607efbec10fb48d839b16b4b55c0d52864f3b21034fed0d8029a6f628bf396b3e12e9f79e40523964886ad4fdd4bdee1adaa99f2c7fba63219edcc10ce1cc0153d51f6e8e1f7f5bcbdd7ac34380c7c4caf29a13f755957b69807cb5ea8a28c472e108b67d44b93b71e77fad6fd71ec357b228bdea3b5a4c2e36ddef2f0cd7d68ae1d494b7cda0adc5fac01079b34e10f5b9b0cc7fb4a4d3d8fea12cdfa60cde63f614e364704c0b12c93f593932a58a88ab6d075610c9f7d2b1890db7ee29fc7abc6a99a19fbc7778c94d818630b9e9f8167cf591dd342aa1f6820aaa81b7b53624d1c7d4d8914dc52d04ad33aa929ba589ad812a49ec59f849468b37b1a04e1f999cc223c977d829c1d86f5a34851eba23d9b1efb1c614c35d0e1bb2b699f52ef3bce7baff3ed0aed975aacda0f64629034a5ea28a06bf9a3a3c39ea9f83c8979556679d77d7923c3255ba6d8c47eadaf5b879c0d1ad9d9d81bd13e9486f2e524ff92d94454aa7d2fe6ea1595853e80c7d17b34a0c61a4409d58eb639078233282b002a05ad3dbb4530b3086443e5e318b518eec2150d950551c6488a263ea436c790211d4ce004c6d66808743e2aa48cb7d733b61c798db6728abc7e32d343c334972675d44fe8dcf94ecc428b3ca192fca8b6dd300caf6bc7a07e07e131d53ab2090d06fbf9bf623afe901f4469e0486cc5af7cf063761af409d84a4d733674aa33134ad55d10a851f7cd38d9751cb70da9f0a7bdfe6e1fbc45de419eae4b923b8998131f1a10a29f8a4d1b96ac943fcea24350e2e3ac9612aa6db0d156466d05f051376b53f63e816327d38dc628a175060b1c6518b487226c1cb76dc8ef2cab37989755e3038b436726ff79af67e8e71fc7c8152cad178f4966092c391fbf574b6f39c46c62caa7155c0207e92fddc21dc825abef579901517125345913350fadfae6c7c1bb6ca1960e44f662ddddd7f7058a64f3880c822500ab007558c5082fab8f59d397f5a159883e5a785e7"}}]}, 0x7ec}}, 0x0)
syz_io_uring_submit(r2, r3, 0x0)
io_uring_enter(r1, 0x3516, 0xa5b8, 0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f00000001c0)=""/47, 0x2f)
r9 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r9, 0x40045532, &(0x7f0000000040)=0x3)
r10 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r10)

2.157867755s ago: executing program 6 (id=3744):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus/file0\x00', 0x0, 0x6)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="02000000040000000600000005000000"], 0x48)
syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x4, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x457, &(0x7f0000000840)="$eJzs28tvG8UfAPDvrpP019cvoZRHH0CgICIeSZMW6IELCKRekJDgUI4hTavStEFNkGhV0YBQOaL+BcARib+AE1wQcAJxhTtCqlAvFA5o0dq7rZPYwXacOMWfj7TJjHfsme/ujj07YwfQt0bzP0nEroj4OSKGa9nlBUZr/27euDzz543LM0lk2Wu/J9Vyf9y4PFMWLZ+3s8iMpRHph0kcaFDvwsVLZ6fn5mYvFPmJxXNvTyxcvPT0mXPTp2dPz56fOnbs6JHJ556deqYrce7O27r/vfmD+46/ce2VmRPX3vzui7y9u4r99XFExFA36hyN0eXHss5j3ahgC9ldl04GetgQ2lKJiPx0DVb7/3BU4vbJG46XP+hp44ANlWVZtm3Vo5UysZQB/2FJ9LoFQG+UH/T5/W+5beLwo+euv1C7AcrjvllstT0DkRZlBlfc33bTaEScWPrrk3yL1fMQAABd91U+/nmq0fgvjXvryv2/WBsaiYi7ImJPRNwdEXsj4p6Iatn7IuL+NusfXZFfPf75cXtHgbUoH/89X6xtLR//laO/GKkUud3V+AeTU2fmZg8Xx2QsBrfl+ck16vj6pZ8+bravfvyXb3n95ViwaMdvAysm6E5OL06vJ+Z619+P2D/QKP7k1tpV/n9fROzv4PXzY3bmic8PNtv/7/GvoQvrTNlnEY/Xzv9SrIi/lKy9Pjnxv5ibPTxRXhWrff/D1Veb1b+u+LsgP/87Gl7/t+IfSerXaxfar+PqLx81vafp9PofSl6vpsuF2nenFxcvTEYMJUurH5+6/dwyX5bP4x871Lj/74n4+9PieQciIr+IH4iIByPioaLtD0fEIxFxaI34v33x0bc6j39j5fGfbOv8t5+onP3my2b1t3b+j1ZTY8Ujrbz/tdrA9Rw7AAAAuFOk1e/AJ+n4rXSajo/XvsO/N3akc/MLi0+emn/n/Mnad+VHYjAtZ7qG6+ZDJ4u54TI/tSJ/pDpvnGVZtr2aH5+Zn9uoNXWgNTub9P/cr5Vetw7YcG2tozX7RRtwR/J7Tehf+j/0L/0f+pf+D/2rUf+/EnGzB00BNpnPf+hf+j/0L/0f+pf+D31pPb/rj2heZs/x9bzy1kgMxWbUVdkCkXaSiHRLNKOzRLo1mlFLbIuIVgtfic1qWK/fmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrjnwAAAP//poLnLg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')
write$P9_RLERRORu(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009de8"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="9b713a637a8cf3ae24cf91ceca0a7d1df5"])
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000040)={r0}, &(0x7f00000003c0)=ANY=[@ANYBLOB="656e633d706b63733120686131683d706f6c7931333035000000000000000000000000000000000000000000000000000000002f000000ff00"/80], 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002bc0)=ANY=[], 0x184}}, 0x844)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)

2.095261779s ago: executing program 2 (id=3745):
r0 = fsmount(0xffffffffffffffff, 0x0, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
r1 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x87}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r1, 0x3518, 0xaddf, 0x2, 0x0, 0x1517f)

2.038316012s ago: executing program 2 (id=3746):
r0 = epoll_create1(0x80000)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001})

1.751926819s ago: executing program 5 (id=3747):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$TIOCL_PASTESEL(r0, 0x560e, &(0x7f0000000040))

748.185647ms ago: executing program 6 (id=3748):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x80000, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x400, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8ec5, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

623.115484ms ago: executing program 0 (id=3749):
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e23, @multicast2}}, 0x0, 0x0, 0x3e, 0x0, "bb02a3c364ca4508474004000b42a20000000000000010208a0e2ff19b2df3eea18afaa4ff1f56c54dc46d8b6d2ccd00a0cf0a007bbe00"}, 0xd8)
r0 = socket$kcm(0x23, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x6, 0x4)
listen(r0, 0x800)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78)

265.521535ms ago: executing program 0 (id=3750):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000))
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000200)={0x46, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000040)=@ethtool_regs={0x4, 0x0, 0x2, "f42a"}})
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000280)={0x3, <r2=>r1, 0x1})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x8, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x6)
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000300)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4800)
splice(r6, 0x0, r5, 0x0, 0x4, 0x5)
ioctl$int_in(r4, 0x5452, &(0x7f0000000080)=0x6305)
write$FUSE_INIT(r7, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x3, 0xc002e38, 0x7ff, 0x7d, 0x10000, 0xa79, 0x0, 0x0, 0x100}}, 0x50)
r8 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000400)={0xfffffffd, 0x5, 0x0, 'queue0\x00', 0x8})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r8, 0x404c534a, &(0x7f0000000380))
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000004c0)={0x2020}, 0x2020)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=r2, 0x1e, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0xa, 0x7)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi2\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r9, 0x40946400, &(0x7f00000000c0)={'pcl730\x00', [0x1610, 0x3, 0x1, 0x0, 0x3, 0xcc7, 0x9, 0x1, 0xa, 0x100, 0x2, 0x1, 0x8, 0x1100004, 0x6, 0x9, 0x1, 0x1a449, 0x80000000, 0x40002003, 0x89, 0x2, 0xf27, 0x6, 0x800b, 0xca8, 0x5, 0x4, 0x400, 0x10000, 0xfffffff7]})

0s ago: executing program 6 (id=3751):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x6, @mcast2={0xff, 0x3}}, 0x1c)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0xa00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xe42, 0x9, 0xfffffffffffffffb, 0x5, 0x10000, 0x3, 0x4002004c2, 0x100000007ff, 0x1, 0x0, 0x10000000000400, 0x80, 0x8b, 0x0, 0x8, 0x8b], 0x58000, 0x240046})
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

ddresses unique to avoid problems!
[  553.591743][T13294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  553.603012][ T1324] usb 2-1: Using ep0 maxpacket: 16
[  553.612793][T13294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.627157][T13294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  553.645769][T13294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.662900][T13294] batman_adv: batadv0: Interface activated: batadv_slave_1
[  553.674939][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  553.690271][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  553.759655][ T1324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  553.774176][T13294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  553.805460][T13294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  553.814607][ T1324] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  553.834222][T13294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  553.843125][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.870487][T13294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  553.886464][ T1324] usb 2-1: config 0 descriptor??
[  554.080167][ T4261] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  554.090359][ T4261] usb 5-1: USB disconnect, device number 5
[  554.100231][ T4580] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.109889][ T4580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.433098][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  554.540778][ T4580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.550965][ T4580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.596102][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  554.829911][ T1324] usbhid 2-1:0.0: can't add hid device: -71
[  554.846803][ T1324] usbhid: probe of 2-1:0.0 failed with error -71
[  554.879661][ T1324] usb 2-1: USB disconnect, device number 5
[  555.095948][ T4307] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  555.748237][ T4307] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  555.872532][ T4307] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  555.929192][ T4307] usb 5-1: Product: syz
[  555.951164][ T4307] usb 5-1: Manufacturer: syz
[  555.980394][ T4307] usb 5-1: SerialNumber: syz
[  556.061314][ T4307] usb 5-1: config 0 descriptor??
[  556.091377][T13467] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  556.103969][T13467] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  556.134075][ T4307] ch341 5-1:0.0: ch341-uart converter detected
[  556.421772][ T4261] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  557.854198][ T4261] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  557.868298][ T4261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.898474][ T4261] usb 2-1: Product: syz
[  557.907750][ T4261] usb 2-1: Manufacturer: syz
[  557.918227][ T4261] usb 2-1: SerialNumber: syz
[  558.112657][ T4261] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  558.142726][ T4307] usb 5-1: failed to send control message: -71
[  558.149202][ T4307] ch341-uart: probe of ttyUSB0 failed with error -71
[  558.213247][ T4307] usb 5-1: USB disconnect, device number 6
[  558.214108][ T4307] ch341 5-1:0.0: device disconnected
[  559.009158][ T4307] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  559.318786][ T4307] usb 5-1: Using ep0 maxpacket: 32
[  559.520727][ T4261] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  559.698536][ T4307] usb 5-1: config 0 has an invalid interface number: 135 but max is 0
[  559.708507][ T4307] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  559.719493][ T4307] usb 5-1: config 0 has no interface number 0
[  559.726020][ T4307] usb 5-1: config 0 interface 135 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  559.736170][ T4307] usb 5-1: config 0 interface 135 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 0
[  559.746508][ T4307] usb 5-1: config 0 interface 135 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  559.763240][ T4307] usb 5-1: config 0 interface 135 has no altsetting 0
[  559.820473][T13509] ubi31: attaching mtd0
[  559.827880][T13509] ubi31: scanning is finished
[  559.842341][T13509] ubi31: empty MTD device detected
[  559.993316][ T4307] usb 5-1: New USB device found, idVendor=0f11, idProduct=1011, bcdDevice=49.1a
[  560.009845][T13509] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  560.017986][ T4307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.036100][T13509] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  560.047453][ T4307] usb 5-1: Product: syz
[  560.050715][T13509] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  560.063685][ T4307] usb 5-1: Manufacturer: syz
[  560.078778][ T4307] usb 5-1: SerialNumber: syz
[  560.081626][T13509] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  560.103658][ T4307] usb 5-1: config 0 descriptor??
[  560.121905][T13509] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  560.127918][   T13] usb 2-1: USB disconnect, device number 6
[  560.146466][T13509] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  560.165231][ T4307] ldusb 5-1:0.135: Interrupt in endpoint not found
[  560.173728][T13509] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 36330212
[  560.205421][T13509] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  560.229056][T13513] ubi31: background thread "ubi_bgt31d" started, PID 13513
[  560.391451][ T4307] usb 5-1: USB disconnect, device number 7
[  561.669816][ T4261] usb 2-1: Service connection timeout for: 258
[  561.682548][ T4261] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  561.708063][ T4261] ath9k_htc: Failed to initialize the device
[  561.741222][   T13] usb 2-1: ath9k_htc: USB layer deinitialized
[  562.322524][ T4261] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  562.554204][T13535] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  562.566691][T13535] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  562.785884][ T4261] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  562.836443][ T4261] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  562.845731][ T4261] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.856296][ T4261] usb 1-1: config 0 descriptor??
[  562.918331][ T4261] pwc: Askey VC010 type 2 USB webcam detected.
[  563.370722][ T4261] pwc: recv_control_msg error -32 req 02 val 2b00
[  563.701883][ T4261] pwc: recv_control_msg error -71 req 02 val 2c00
[  563.723170][ T4261] pwc: recv_control_msg error -71 req 04 val 1000
[  563.767338][ T4261] pwc: recv_control_msg error -71 req 04 val 1300
[  563.799462][ T4261] pwc: recv_control_msg error -71 req 04 val 1400
[  563.819358][ T4261] pwc: recv_control_msg error -71 req 02 val 2000
[  563.840619][   T13] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  563.851514][ T4261] pwc: recv_control_msg error -71 req 02 val 2100
[  563.883502][ T4261] pwc: recv_control_msg error -71 req 04 val 1500
[  563.904827][ T4261] pwc: recv_control_msg error -71 req 02 val 2500
[  563.936880][ T4261] pwc: recv_control_msg error -71 req 02 val 2400
[  563.958276][ T4261] pwc: recv_control_msg error -71 req 02 val 2600
[  563.983419][ T4261] pwc: recv_control_msg error -71 req 02 val 2900
[  564.018017][ T4261] pwc: recv_control_msg error -71 req 02 val 2800
[  564.047041][ T4261] pwc: recv_control_msg error -71 req 04 val 1100
[  564.076994][ T4261] pwc: recv_control_msg error -71 req 04 val 1200
[  564.105251][ T4261] pwc: Registered as video103.
[  564.113427][ T4261] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input17
[  564.193597][ T4261] usb 1-1: USB disconnect, device number 3
[  564.319988][T13560] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3155'.
[  565.184324][T13567] loop0: detected capacity change from 0 to 512
[  565.208830][T13567] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  565.277079][   T13] usb 3-1: config 6 has an invalid interface number: 194 but max is 0
[  565.295091][T13567] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  565.301540][   T13] usb 3-1: config 6 has no interface number 0
[  565.351337][T13567] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.3157: attempt to clear invalid blocks 2 len 1
[  565.358663][   T13] usb 3-1: config 6 interface 194 has no altsetting 0
[  565.381107][T13567] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  565.387328][T13580] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  565.416984][T13567] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3157: invalid indirect mapped block 1819239214 (level 0)
[  565.490723][T13580] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  565.551712][T13567] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3157: invalid indirect mapped block 1819239214 (level 1)
[  565.599525][T13567] EXT4-fs (loop0): 1 truncate cleaned up
[  565.606256][T13567] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  566.160611][T13588] 9pnet: Insufficient options for proto=fd
[  567.518227][   T13] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=ac.84
[  567.527543][   T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.716516][   T13] usb 3-1: Product: syz
[  567.796265][   T13] r8152-cfgselector 3-1: can't set config #6, error -71
[  567.817704][   T13] r8152-cfgselector 3-1: Unknown version 0x0000
[  567.869402][   T13] r8152-cfgselector 3-1: USB disconnect, device number 10
[  567.891128][T13608] input: syz1 as /devices/virtual/input/input18
[  568.083372][    T9] Bluetooth: (null): Invalid header checksum
[  568.107203][    T9] Bluetooth: (null): Invalid header checksum
[  568.193408][    T9] Bluetooth: (null): Invalid header checksum
[  568.445120][T12709] Bluetooth: (null): Invalid header checksum
[  568.461273][T12709] Bluetooth: (null): Invalid header checksum
[  569.313096][   T13] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  569.318673][    T9] Bluetooth: (null): Invalid header checksum
[  569.362110][    T9] Bluetooth: (null): Invalid header checksum
[  569.397018][    T9] Bluetooth: (null): Invalid header checksum
[  569.410684][    T9] Bluetooth: (null): Invalid header checksum
[  569.427350][    T9] Bluetooth: (null): Invalid header checksum
[  569.445612][    T9] Bluetooth: (null): Invalid header checksum
[  569.458518][    T9] Bluetooth: (null): Invalid header checksum
[  569.471947][    T9] Bluetooth: (null): Invalid header checksum
[  569.551955][    T9] Bluetooth: (null): Invalid header checksum
[  569.724127][  T144] Bluetooth: (null): Invalid header checksum
[  570.587378][T13633] loop4: detected capacity change from 0 to 512
[  570.605071][ T4394] Bluetooth: (null): Invalid header checksum
[  570.634765][ T4394] Bluetooth: (null): Invalid header checksum
[  570.650649][   T13] usb 3-1: config 0 has no interfaces?
[  570.681622][ T4394] Bluetooth: (null): Invalid header checksum
[  570.689185][ T4394] Bluetooth: (null): Invalid header checksum
[  570.719552][T13633] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  570.768792][ T4394] Bluetooth: (null): Invalid header checksum
[  570.792631][ T4394] Bluetooth: (null): Invalid header checksum
[  570.792758][T13633] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  570.799531][ T4394] Bluetooth: (null): Invalid header checksum
[  570.815473][T13633] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3175: attempt to clear invalid blocks 2 len 1
[  570.828964][   T13] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  570.838674][   T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.847233][   T13] usb 3-1: Product: syz
[  570.851520][   T13] usb 3-1: Manufacturer: syz
[  570.853755][ T4394] Bluetooth: (null): Invalid header checksum
[  570.856522][   T13] usb 3-1: SerialNumber: syz
[  570.869421][   T13] usb 3-1: config 0 descriptor??
[  570.886305][ T4394] Bluetooth: (null): Invalid header checksum
[  570.892507][T13633] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  570.910609][ T4394] Bluetooth: (null): Invalid header checksum
[  570.916839][T13633] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3175: invalid indirect mapped block 1819239214 (level 0)
[  570.934188][T13633] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3175: invalid indirect mapped block 1819239214 (level 1)
[  570.959684][T13633] EXT4-fs (loop4): 1 truncate cleaned up
[  570.967433][T13633] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  570.996600][  T144] Bluetooth: (null): Invalid header checksum
[  571.871197][T13647] 9pnet: Insufficient options for proto=fd
[  572.735804][ T4307] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  572.745838][  T154] Bluetooth: (null): Invalid header checksum
[  572.752024][  T154] Bluetooth: (null): Invalid header checksum
[  572.767975][   T13] usb 3-1: USB disconnect, device number 11
[  574.008277][T13664] input: syz1 as /devices/virtual/input/input19
[  574.545365][ T4307] usb 2-1: unable to read config index 0 descriptor/start: -71
[  574.559248][ T4307] usb 2-1: can't read configurations, error -71
[  574.695770][ T8632] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  575.344339][ T8632] usb 1-1: unable to get BOS descriptor or descriptor too short
[  575.436912][ T8632] usb 1-1: not running at top speed; connect to a high speed hub
[  576.131232][T13692] loop1: detected capacity change from 0 to 512
[  576.145700][ T8632] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  576.177594][ T8632] usb 1-1: config 0 has no interfaces?
[  576.196827][T13692] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  576.242896][T13692] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  576.304256][T13692] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.3191: attempt to clear invalid blocks 2 len 1
[  576.348789][ T8632] usb 1-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=af.16
[  576.364850][ T8632] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.364916][T13701] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3194'.
[  576.374639][ T8632] usb 1-1: Product: syz
[  576.387103][ T8632] usb 1-1: Manufacturer: syz
[  576.392101][ T8632] usb 1-1: SerialNumber: syz
[  576.395177][T13692] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  576.419332][ T8632] usb 1-1: config 0 descriptor??
[  576.427452][T13692] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3191: invalid indirect mapped block 1819239214 (level 0)
[  576.444232][T13692] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3191: invalid indirect mapped block 1819239214 (level 1)
[  576.485686][T13692] EXT4-fs (loop1): 1 truncate cleaned up
[  576.492530][T13692] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  576.789773][ T8632] usb 1-1: USB disconnect, device number 4
[  576.862175][T13711] 9pnet: Insufficient options for proto=fd
[  577.416675][T13712] input: syz1 as /devices/virtual/input/input20
[  578.123329][ T1324] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  578.262597][   T13] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  578.310925][T13736] netlink: 348 bytes leftover after parsing attributes in process `syz.0.3206'.
[  578.396959][T13739] binder: 13738:13739 unknown command 0
[  578.402742][T13739] binder: 13738:13739 ioctl c0306201 200000000080 returned -22
[  578.441371][T13739] binder: BINDER_SET_CONTEXT_MGR already set
[  578.448650][T13739] binder: 13738:13739 ioctl 4018620d 200000000040 returned -16
[  578.643637][T13739] binder: 13738:13739 ioctl c0306201 2000000003c0 returned -14
[  579.359390][ T1324] usb 3-1: Using ep0 maxpacket: 16
[  579.449993][T13744] loop0: detected capacity change from 0 to 512
[  579.502498][   T13] usb 5-1: Using ep0 maxpacket: 32
[  579.508526][ T1324] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  579.530638][ T1324] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  579.552262][ T1324] usb 3-1: config 0 interface 0 has no altsetting 0
[  579.585828][T13744] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  579.609752][ T1324] usb 3-1: New USB device found, idVendor=1e86, idProduct=2009, bcdDevice= 0.00
[  579.629945][ T1324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.648897][ T1324] usb 3-1: config 0 descriptor??
[  579.653428][T13744] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  579.654460][   T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  579.669661][T13744] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.3208: attempt to clear invalid blocks 2 len 1
[  579.673799][   T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  579.696932][   T13] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  579.706369][   T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.725313][   T13] usb 5-1: config 0 descriptor??
[  579.749357][T13744] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  579.856062][T13744] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3208: invalid indirect mapped block 1819239214 (level 0)
[  579.923969][T13744] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3208: invalid indirect mapped block 1819239214 (level 1)
[  579.939431][ T1324] usbhid 3-1:0.0: can't add hid device: -71
[  580.122906][ T1324] usbhid: probe of 3-1:0.0 failed with error -71
[  580.142320][ T1324] usb 3-1: USB disconnect, device number 12
[  580.221174][T13744] EXT4-fs (loop0): 1 truncate cleaned up
[  580.226932][T13744] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  580.281837][T13759] input: syz1 as /devices/virtual/input/input21
[  580.766846][   T13] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  580.782901][   T13] usb 5-1: USB disconnect, device number 8
[  580.873707][T13764] 9pnet: Insufficient options for proto=fd
[  581.004095][ T4261] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  581.032514][T13767] fido_id[13767]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  581.210202][ T4241] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  581.281861][ T4261] usb 2-1: Using ep0 maxpacket: 32
[  581.576573][ T4261] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  581.599209][ T4261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.607391][ T4261] usb 2-1: Product: syz
[  581.616357][ T4261] usb 2-1: Manufacturer: syz
[  581.617333][T13773] netlink: 280 bytes leftover after parsing attributes in process `syz.5.3217'.
[  581.621147][ T4261] usb 2-1: SerialNumber: syz
[  581.623672][ T4261] usb 2-1: config 0 descriptor??
[  581.783426][T13777] device macvlan2 entered promiscuous mode
[  581.799969][T13777] device bond9 entered promiscuous mode
[  581.806335][T13777] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  581.817561][T13777] device bond9 left promiscuous mode
[  581.873543][ T4241] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  581.883492][ T4241] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.891547][ T4241] usb 3-1: Product: syz
[  581.895865][ T4241] usb 3-1: Manufacturer: syz
[  581.901237][ T4241] usb 3-1: SerialNumber: syz
[  582.261770][ T8632] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  582.368338][ T4261] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  582.559993][ T8632] usb 1-1: Using ep0 maxpacket: 8
[  582.593034][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  582.999501][ T4261] peak_usb: probe of 2-1:0.0 failed with error -71
[  583.034754][ T4261] usb 2-1: USB disconnect, device number 9
[  583.131610][ T8632] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  583.152523][ T8632] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.164811][ T8632] usb 1-1: Product: syz
[  583.169039][ T8632] usb 1-1: Manufacturer: syz
[  583.179400][ T8632] usb 1-1: SerialNumber: syz
[  583.188804][ T8632] usb 1-1: config 0 descriptor??
[  583.210758][T13802] loop4: detected capacity change from 0 to 512
[  583.282610][T13802] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  583.305168][T13802] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  583.315012][T13802] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3228: attempt to clear invalid blocks 2 len 1
[  583.331289][T13802] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  583.346867][T13802] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3228: invalid indirect mapped block 1819239214 (level 0)
[  583.362329][T13802] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3228: invalid indirect mapped block 1819239214 (level 1)
[  583.378435][T13802] EXT4-fs (loop4): 1 truncate cleaned up
[  583.384449][T13802] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  583.517229][ T8632] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  583.645922][T13807] 9pnet: Insufficient options for proto=fd
[  583.721374][T13766] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  583.728606][T13766] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  583.736103][ T4261] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  583.751061][T13766] vhci_hcd vhci_hcd.0: Device attached
[  583.812543][T13766] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(7)
[  583.819246][T13766] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  583.865475][T13766] vhci_hcd vhci_hcd.0: Device attached
[  583.976778][   T13] vhci_hcd: vhci_device speed not set
[  584.003336][ T4261] usb 2-1: Using ep0 maxpacket: 8
[  584.074439][   T13] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  584.220490][ T8632] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32
[  584.231202][ T8632] usb 1-1: USB disconnect, device number 5
[  584.313220][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32
[  584.452186][ T4261] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  584.461448][ T4261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.484556][ T4261] usb 2-1: Product: syz
[  584.488943][ T4261] usb 2-1: Manufacturer: syz
[  584.493547][ T4261] usb 2-1: SerialNumber: syz
[  584.504933][ T4261] usb 2-1: config 0 descriptor??
[  584.523921][T13823] netlink: 'syz.4.3234': attribute type 1 has an invalid length.
[  584.542221][T13823] 8021q: adding VLAN 0 to HW filter on device bond1
[  584.563409][T13823] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  584.572830][T12709] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  584.783637][ T4261] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  584.827899][T13810] vhci_hcd: connection closed
[  584.828468][T13808] vhci_hcd: connection reset by peer
[  584.839546][  T154] vhci_hcd: stop threads
[  584.845889][  T154] vhci_hcd: release socket
[  584.847756][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71
[  584.859926][  T154] vhci_hcd: disconnect device
[  584.877022][  T154] vhci_hcd: stop threads
[  584.886086][  T154] vhci_hcd: release socket
[  584.890726][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71
[  584.896225][  T154] vhci_hcd: disconnect device
[  584.933324][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71
[  585.051032][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71
[  585.093906][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71
[  585.125706][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71
[  585.146256][T13836] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3239'.
[  585.157863][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71
[  585.211329][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71
[  585.253994][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  585.273395][ T4241] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  585.306554][ T4241] lan78xx: probe of 3-1:1.0 failed with error -71
[  585.368498][ T4241] usb 3-1: USB disconnect, device number 13
[  585.843786][ T2356] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  586.312404][ T4261] usb write operation failed. (-71)
[  586.323019][ T2356] usb 5-1: Using ep0 maxpacket: 32
[  586.342343][ T4261] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  586.353671][ T4261] dvbdev: DVB: registering new adapter (Terratec H7)
[  586.360875][ T4261] usb 2-1: media controller created
[  586.391237][T13874] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  586.393373][ T4261] usb read operation failed. (-71)
[  586.440750][ T4261] usb write operation failed. (-71)
[  586.451710][ T2356] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  586.464454][ T4261] dvb_usb_az6007: probe of 2-1:0.0 failed with error -5
[  586.471922][ T2356] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.507895][T13875] netlink: 6 bytes leftover after parsing attributes in process `syz.2.3257'.
[  586.513424][ T4261] usb 2-1: USB disconnect, device number 10
[  586.526160][T13818] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  586.538469][ T2356] usb 5-1: config 0 descriptor??
[  586.543600][T13875] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  586.581842][ T2356] gspca_main: sunplus-2.14.0 probing 041e:400b
[  586.664495][T13881] »»»»»»: renamed from lo
[  586.782766][T13818] usb 1-1: Using ep0 maxpacket: 8
[  586.866974][T13891] netlink: 248 bytes leftover after parsing attributes in process `syz.5.3262'.
[  586.911204][T13818] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  586.921664][T13818] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  586.931622][T13818] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  586.964478][T13818] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  586.979379][T13818] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  586.988917][T13818] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.274601][T13818] usb 1-1: GET_CAPABILITIES returned 0
[  587.280602][T13818] usbtmc 1-1:16.0: can't read capabilities
[  587.520348][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  587.538616][ T4261] usb 1-1: USB disconnect, device number 6
[  587.762189][T13904] binder: 13903:13904 unknown command 0
[  587.768133][T13904] binder: 13903:13904 ioctl c0306201 200000000080 returned -22
[  588.014649][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  588.021215][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  588.144300][ T2356] gspca_sunplus: reg_w_riv err -71
[  588.150101][ T2356] sunplus: probe of 5-1:0.0 failed with error -71
[  588.159395][ T2356] usb 5-1: USB disconnect, device number 9
[  588.643026][ T4307] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  588.785345][T13918] overlayfs: failed to resolve './file0': -2
[  589.006360][ T4307] usb 2-1: Using ep0 maxpacket: 16
[  589.305912][ T4307] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.328268][T13932] input: syz1 as /devices/virtual/input/input22
[  589.497353][ T4307] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  589.549026][ T4307] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  589.559060][   T13] vhci_hcd: vhci_device speed not set
[  589.586407][ T4307] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  589.616221][ T4307] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  589.754920][ T4307] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  589.771898][T13935] loop0: detected capacity change from 0 to 128
[  589.789437][ T4307] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  589.789918][ T4241] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  589.840825][T13935] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  589.852706][ T4307] usb 2-1: Manufacturer: syz
[  589.889290][ T4307] usb 2-1: config 0 descriptor??
[  589.906942][T13935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  589.926742][T13937] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3279'.
[  590.075410][ T4241] usb 3-1: Using ep0 maxpacket: 8
[  590.205338][ T4241] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  590.278079][T13954] fuse: Bad value for 'fd'
[  590.288345][ T4241] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  590.587390][ T4241] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  590.719019][ T4241] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  590.756342][ T4241] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  590.790596][ T4241] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  590.832544][ T4241] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.930670][ T4307] rc_core: IR keymap rc-hauppauge not found
[  590.936787][ T4307] Registered IR keymap rc-empty
[  590.942711][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  591.089405][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  591.134738][ T4307] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  591.144502][ T2356] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  591.150529][ T4307] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input23
[  591.165992][ T4241] usb 3-1: GET_CAPABILITIES returned 0
[  591.179137][ T4241] usbtmc 3-1:16.0: can't read capabilities
[  591.422435][ T2356] usb 5-1: Using ep0 maxpacket: 8
[  591.633541][ T4261] usb 3-1: USB disconnect, device number 14
[  591.722422][ T2356] usb 5-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  591.818656][ T2356] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.943536][ T2356] usb 5-1: Product: syz
[  591.968670][ T2356] usb 5-1: Manufacturer: syz
[  591.979945][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.008376][ T2356] usb 5-1: SerialNumber: syz
[  592.030618][ T2356] usb 5-1: config 0 descriptor??
[  592.045455][T13974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3291'.
[  592.087425][ T2356] gspca_main: vc032x-2.14.0 probing 046d:0896
[  592.153637][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.203006][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.246161][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.283837][T13981] input: syz1 as /devices/virtual/input/input24
[  592.294404][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.443838][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.743793][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.823255][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.865764][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.908435][ T4307] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  592.941801][ T4307] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  592.972578][ T4307] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  593.011479][ T4307] usb 2-1: USB disconnect, device number 11
[  593.096723][T14001] loop7: detected capacity change from 0 to 7
[  593.109656][T14001] Dev loop7: unable to read RDB block 7
[  593.121953][T14001]  loop7: unable to read partition table
[  593.130739][T14001] loop7: partition table beyond EOD, truncated
[  593.152697][T14001] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  593.209736][ T2356] gspca_vc032x: reg_w err -71
[  593.214698][ T2356] vc032x: probe of 5-1:0.0 failed with error -71
[  593.231865][ T2356] usb 5-1: USB disconnect, device number 10
[  593.346776][ T1324] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  593.475155][ T4307] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  593.763618][ T4307] usb 2-1: Using ep0 maxpacket: 8
[  593.807920][ T1324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.867183][ T1324] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  593.914325][ T4307] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  593.995310][ T4307] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  594.017649][ T1324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.140492][ T4307] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  594.216259][ T1324] usb 1-1: config 0 descriptor??
[  594.319917][ T4307] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  594.379448][ T4307] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  594.389072][ T4307] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.027645][T14022] input: syz1 as /devices/virtual/input/input25
[  595.086841][ T1324] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor
[  595.482492][ T4307] usb 2-1: GET_CAPABILITIES returned 0
[  595.488201][ T4307] usbtmc 2-1:16.0: can't read capabilities
[  595.499423][ T1324] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0007/input/input26
[  596.160102][ T1324] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  596.465439][T13187] usb 1-1: USB disconnect, device number 7
[  596.501680][T14039] JFS: discard option not supported on device
[  596.572673][T14039] Mount JFS Failure: -22
[  596.600853][T14034] fido_id[14034]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  596.616167][T14039] jfs_mount failed w/return code = -22
[  596.655453][    T7] usb 2-1: USB disconnect, device number 12
[  596.822448][T14053] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3319'.
[  596.913383][T14057] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3321'.
[  597.349032][T14064] overlayfs: failed to clone upperpath
[  597.751054][T14068] input: syz1 as /devices/virtual/input/input27
[  597.901788][    T7] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  598.179032][    T7] usb 2-1: Using ep0 maxpacket: 32
[  598.318074][    T7] usb 2-1: config 0 has an invalid interface number: 157 but max is 0
[  598.338720][    T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  598.391215][    T7] usb 2-1: config 0 has no interface number 0
[  598.570521][    T7] usb 2-1: New USB device found, idVendor=0711, idProduct=0200, bcdDevice=1b.b7
[  598.592691][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.639549][    T7] usb 2-1: Product: syz
[  598.643869][    T7] usb 2-1: Manufacturer: syz
[  598.653136][    T7] usb 2-1: SerialNumber: syz
[  598.701889][    T7] usb 2-1: config 0 descriptor??
[  598.779665][    T7] mct_u232 2-1:0.157: MCT U232 converter detected
[  598.795293][T14094] netlink: 'syz.4.3334': attribute type 1 has an invalid length.
[  598.817180][    T7] mct_u232 ttyUSB0: expected endpoint missing
[  599.205511][T14098] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  599.289574][ T4261] usb 2-1: USB disconnect, device number 13
[  599.298689][ T4261] mct_u232 2-1:0.157: device disconnected
[  599.628508][   T25] audit: type=1326 audit(1769447792.917:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14106 comm="syz.2.3336" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce54ed4eb9 code=0x0
[  600.149999][T14128] loop1: detected capacity change from 0 to 512
[  600.185853][ T4307] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  600.245539][T14128] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  600.286056][T14128] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  600.302942][ T4261] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  600.309459][T14128] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.3344: attempt to clear invalid blocks 2 len 1
[  600.336375][T14136] netlink: 'syz.2.3347': attribute type 1 has an invalid length.
[  600.348736][T14128] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  600.369099][T14128] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3344: invalid indirect mapped block 1819239214 (level 0)
[  600.385532][T14128] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3344: invalid indirect mapped block 1819239214 (level 1)
[  600.391574][T14136] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  600.404360][T14128] EXT4-fs (loop1): 1 truncate cleaned up
[  600.415090][T14128] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  600.452722][T14136] device macvlan2 entered promiscuous mode
[  600.467509][T14136] device bond1 entered promiscuous mode
[  600.473323][T14136] device gretap1 entered promiscuous mode
[  600.509237][T14136] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  600.518290][T14136] device bond1 left promiscuous mode
[  600.534750][T14136] device gretap1 left promiscuous mode
[  600.573589][ T4261] usb 5-1: Using ep0 maxpacket: 8
[  600.617056][ T4307] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  600.635186][ T4307] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  600.771161][T14143] 9pnet: Insufficient options for proto=fd
[  600.793872][ T4261] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  600.804962][ T4261] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  600.814957][ T4261] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  600.825024][ T4261] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  600.838518][ T4261] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  600.847968][ T4261] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.855675][ T4307] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  601.183037][ T8632] Bluetooth: hci5: command 0x0406 tx timeout
[  601.471733][ T4261] usb 5-1: GET_CAPABILITIES returned 0
[  601.476009][ T4307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.485735][ T4307] usb 1-1: Product: syz
[  601.490172][ T4307] usb 1-1: Manufacturer: syz
[  601.494904][ T4307] usb 1-1: SerialNumber: syz
[  601.500900][ T4261] usbtmc 5-1:16.0: can't read capabilities
[  601.540396][ T4307] cdc_mbim 1-1:1.0: skipping garbage
[  601.690613][ T4261] usb 5-1: USB disconnect, device number 11
[  601.756318][T14119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  602.308009][T14170] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3358'.
[  602.309077][T14171] netlink: 'syz.5.3359': attribute type 1 has an invalid length.
[  602.356730][T14173] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  602.393184][T14171] device macvlan2 entered promiscuous mode
[  602.401747][ T1324] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  602.403301][T14171] device bond10 entered promiscuous mode
[  602.420404][T14171] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  602.493410][T14119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  602.504155][T14171] device bond10 left promiscuous mode
[  602.519367][ T4307] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  602.530015][ T4307] cdc_mbim 1-1:1.0: setting rx_max = 2048
[  602.545995][T14176] net_ratelimit: 2 callbacks suppressed
[  602.546011][T14176] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  602.571554][T14176] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  602.595841][T14173] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  602.663341][T14173] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  602.690570][ T1324] usb 2-1: Using ep0 maxpacket: 32
[  602.771510][ T4307] cdc_mbim 1-1:1.0: setting tx_max = 184
[  602.796083][ T4307] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device
[  602.827333][T14173] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.377820][ T4307] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 7e:85:a1:1f:fb:7f
[  603.393434][ T4307] usb 1-1: USB disconnect, device number 8
[  603.400211][ T4307] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  603.438816][ T1324] usb 2-1: unable to get BOS descriptor or descriptor too short
[  603.476595][T14173] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  603.494199][T14173] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  603.509835][T14173] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  603.542898][T14173] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  603.551585][ T1324] usb 2-1: config 128 has an invalid interface number: 127 but max is 3
[  603.578514][ T1324] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  603.635090][ T1324] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4
[  603.677806][ T1324] usb 2-1: config 128 has no interface number 0
[  603.684277][ T1324] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 87, changing to 10
[  603.718560][ T1324] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 32864, setting to 1024
[  603.740232][ T1324] usb 2-1: config 128 interface 127 has no altsetting 0
[  603.874792][T14199] loop2: detected capacity change from 0 to 512
[  603.901051][T14191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  603.987784][T14199] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  604.013570][T14191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.015666][T14199] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  604.063337][T14199] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.3366: attempt to clear invalid blocks 2 len 1
[  604.091718][T14204] input: syz1 as /devices/virtual/input/input28
[  604.146177][ T1324] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  604.301809][T14191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.338451][ T1324] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.394763][ T1324] usb 2-1: Product: syz
[  604.399078][ T1324] usb 2-1: Manufacturer: syz
[  604.412369][T14199] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  604.456885][ T1324] usb 2-1: SerialNumber: syz
[  604.461841][T14199] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3366: invalid indirect mapped block 1819239214 (level 0)
[  604.518955][T14199] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3366: invalid indirect mapped block 1819239214 (level 1)
[  604.543287][T14199] EXT4-fs (loop2): 1 truncate cleaned up
[  604.549312][T14199] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  605.823073][ T1324] usb 2-1: USB disconnect, device number 14
[  605.863695][T14220] loop4: detected capacity change from 0 to 128
[  605.980094][T14225] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.999199][T14220] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  606.019406][T14229] 9pnet: Insufficient options for proto=fd
[  606.048414][T13007] udevd[13007]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  606.071659][T14220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  606.367394][T14225] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.594521][T14225] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.786882][T14225] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.996677][T14225] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  607.171669][T14225] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  607.664981][T14225] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  607.731479][T14225] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  609.243712][ T4307] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  609.380479][T14281] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.182861][T14288] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  610.195071][T14288] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  610.276993][T14281] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.334229][ T4307] usb 1-1: Using ep0 maxpacket: 16
[  610.366953][T14281] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.460225][T14281] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.474172][ T4307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  610.484575][ T4307] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  610.500825][ T4307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.519339][ T4307] usb 1-1: config 0 descriptor??
[  610.544526][    T7] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  610.560689][T14281] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  610.579980][T14281] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  610.607571][T14281] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  610.623402][T14281] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  610.815446][    T7] usb 5-1: Using ep0 maxpacket: 8
[  610.822456][T14298] loop1: detected capacity change from 0 to 512
[  610.833089][T14298] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  610.852028][T14298] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  610.868000][T14298] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.3400: attempt to clear invalid blocks 2 len 1
[  610.882530][T14298] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  610.897293][T14298] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3400: invalid indirect mapped block 1819239214 (level 0)
[  610.912766][ T4307] usbhid 1-1:0.0: can't add hid device: -71
[  610.918395][T14298] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3400: invalid indirect mapped block 1819239214 (level 1)
[  610.918751][ T4307] usbhid: probe of 1-1:0.0 failed with error -71
[  610.942997][T14298] EXT4-fs (loop1): 1 truncate cleaned up
[  610.949209][T14298] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  610.951513][ T4307] usb 1-1: USB disconnect, device number 9
[  611.012622][ T4261] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  611.189414][    T7] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  611.198727][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.214947][    T7] usb 5-1: Product: syz
[  611.219263][    T7] usb 5-1: Manufacturer: syz
[  611.227660][    T7] usb 5-1: SerialNumber: syz
[  611.238437][T14302] 9pnet: Insufficient options for proto=fd
[  611.268951][    T7] usb 5-1: config 0 descriptor??
[  611.427053][ T4307] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  611.563607][ T4261] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  611.569775][    T7] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  611.572341][ T4261] usb 3-1: config 0 has no interface number 0
[  611.588159][ T4261] usb 3-1: New USB device found, idVendor=0733, idProduct=0401, bcdDevice=ad.7d
[  611.597881][ T4261] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.611814][ T4261] usb 3-1: config 0 descriptor??
[  611.662284][ T4261] gspca_main: spca501-2.14.0 probing 0733:0401
[  611.830878][ T4307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  611.840845][ T4307] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  611.870092][ T4307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.881782][ T4307] usb 1-1: config 0 descriptor??
[  612.098170][    T7] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  612.119223][    T7] usb 5-1: USB disconnect, device number 12
[  612.134740][ T4261] gspca_spca501: reg write: error -71
[  612.140263][ T4261] spca501 3-1:0.255: Reg write failed for 0x00,0x02,0x01
[  612.162529][ T4261] spca501: probe of 3-1:0.255 failed with error -22
[  612.188597][ T4261] usb 3-1: USB disconnect, device number 15
[  612.209782][ T4307] usbhid 1-1:0.0: can't add hid device: -71
[  612.230784][ T4307] usbhid: probe of 1-1:0.0 failed with error -71
[  612.279256][ T4307] usb 1-1: USB disconnect, device number 10
[  612.547150][T13818] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  612.727058][T14327] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  612.739518][T14327] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  612.835854][T13818] usb 2-1: Using ep0 maxpacket: 16
[  612.851353][T14330] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3421'.
[  613.124627][T13818] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  614.397620][T13818] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  614.406732][T13818] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.429035][T13818] usb 2-1: Product: syz
[  614.433932][T13818] usb 2-1: Manufacturer: syz
[  614.438556][T13818] usb 2-1: SerialNumber: syz
[  614.480992][T13818] usb 2-1: config 0 descriptor??
[  614.610756][ T4200] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  614.743177][T14350] device syzkaller1 entered promiscuous mode
[  614.838623][T14344] chnl_net:caif_netlink_parms(): no params data found
[  614.882811][ T4200] usb 5-1: Using ep0 maxpacket: 16
[  614.953609][T14344] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.960939][T14344] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.975934][T14344] device bridge_slave_0 entered promiscuous mode
[  614.986838][T14344] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.994445][T14344] bridge0: port 2(bridge_slave_1) entered disabled state
[  615.006874][T14344] device bridge_slave_1 entered promiscuous mode
[  615.020331][ T4200] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  615.034633][T14344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.046805][T14344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  615.097477][T14344] team0: Port device team_slave_0 added
[  615.105568][T14344] team0: Port device team_slave_1 added
[  615.127367][T14344] batman_adv: batadv0: Adding interface: batadv_slave_0
[  615.135007][T14344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.161643][T14344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  615.174924][T14344] batman_adv: batadv0: Adding interface: batadv_slave_1
[  615.182169][T14344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.209861][T14344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  615.230750][ T4200] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  615.239992][ T4200] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.261636][ T4200] usb 5-1: Product: syz
[  615.262197][T14344] device hsr_slave_0 entered promiscuous mode
[  615.266014][ T4200] usb 5-1: Manufacturer: syz
[  615.277092][ T4200] usb 5-1: SerialNumber: syz
[  615.277277][T14344] device hsr_slave_1 entered promiscuous mode
[  615.291071][ T4200] usb 5-1: config 0 descriptor??
[  615.300331][T14344] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  615.326395][T14344] Cannot create hsr debugfs directory
[  615.766807][T14344] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  615.775885][T14344] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  615.785038][T14344] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  615.795468][T14344] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  615.844959][T14344] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.860229][T12709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  615.876286][ T4200] usb 2-1: USB disconnect, device number 15
[  615.885728][T12709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  615.909161][T14344] 8021q: adding VLAN 0 to HW filter on device team0
[  615.925638][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  615.934418][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  615.963519][ T4394] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.970821][ T4394] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.980025][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  615.991924][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  616.004005][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  616.032920][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  616.040031][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  616.051376][T12709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  616.077340][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  616.091469][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  616.102215][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  616.114690][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  616.126671][T14372] device syzkaller1 entered promiscuous mode
[  616.140633][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  616.150506][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  616.158906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  616.171941][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  616.212485][T12650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  616.221586][T12650] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  616.232269][T14344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  616.359192][T12650] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  616.367046][T12650] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  616.382696][T14344] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.586766][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  616.596525][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  616.620258][ T4307] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  616.628701][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  616.645450][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  616.665338][ T8632] Bluetooth: hci3: command 0x0409 tx timeout
[  616.665878][T12709] bond3: (slave gretap1): Releasing backup interface
[  616.691527][T14344] device veth0_vlan entered promiscuous mode
[  616.701957][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  616.715439][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  616.733814][T14344] device veth1_vlan entered promiscuous mode
[  616.787723][T14344] device veth0_macvtap entered promiscuous mode
[  616.799117][T14344] device veth1_macvtap entered promiscuous mode
[  616.808241][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  616.818394][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  616.830135][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  616.854316][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  616.864645][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.884674][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.895737][ T4307] usb 2-1: Using ep0 maxpacket: 32
[  616.911061][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.932224][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.943430][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.954524][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.964869][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.975549][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.081234][T14344] batman_adv: batadv0: Interface activated: batadv_slave_0
[  617.773794][ T4248] usb 5-1: USB disconnect, device number 13
[  617.868647][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  617.892430][ T4307] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  617.900639][ T4307] usb 2-1: config 0 has no interface number 0
[  617.921989][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  617.944769][T14398] binder_alloc: 14396: binder_alloc_buf, no vma
[  617.973788][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.990571][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  618.006588][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  618.020167][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  618.030430][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  618.041195][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  618.051613][T14344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  618.063203][T14344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  618.074839][T14344] batman_adv: batadv0: Interface activated: batadv_slave_1
[  618.092570][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  618.102386][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  618.114549][T14344] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  618.124713][ T4307] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  618.138369][ T4307] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.146490][ T4307] usb 2-1: Product: syz
[  618.153018][T14344] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  618.162770][T14344] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  618.170377][ T4307] usb 2-1: Manufacturer: syz
[  618.176320][ T4307] usb 2-1: SerialNumber: syz
[  618.181413][T14344] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  618.193186][ T4307] usb 2-1: config 0 descriptor??
[  618.200956][T14403] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3439'.
[  618.213301][ T4261] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  618.235772][ T4307] smsc95xx v2.0.0
[  618.378098][ T4394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.387068][ T4394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  618.402955][T12709] device hsr_slave_0 left promiscuous mode
[  618.413256][T12709] device hsr_slave_1 left promiscuous mode
[  618.421422][T12709] batman_adv: batadv0: Removing interface: batadv_slave_0
[  618.430077][T12709] batman_adv: batadv0: Removing interface: batadv_slave_1
[  618.439595][T12709] device bridge_slave_1 left promiscuous mode
[  618.445892][T12709] bridge0: port 2(bridge_slave_1) entered disabled state
[  618.454775][T12709] device bridge_slave_0 left promiscuous mode
[  618.461627][T12709] bridge0: port 1(bridge_slave_0) entered disabled state
[  618.476985][T12709] bond10 (unregistering): Released all slaves
[  618.487425][T12709] bond9 (unregistering): Released all slaves
[  618.500847][T12709] bond8 (unregistering): Released all slaves
[  618.510420][T12709] bond7 (unregistering): Released all slaves
[  618.521602][T12709] bond6 (unregistering): Released all slaves
[  618.532695][T12709] bond5 (unregistering): Released all slaves
[  618.550869][T12709] bond4 (unregistering): Released all slaves
[  618.563193][T12709] bond3 (unregistering): Released all slaves
[  618.582724][T12709] bond2 (unregistering): Released all slaves
[  618.593688][T12709] bond1 (unregistering): (slave vlan2): Releasing active interface
[  618.605352][T12709] bond1 (unregistering): Released all slaves
[  618.651579][T13187] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  618.652161][ T4261] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  618.676028][ T4261] usb 3-1: config 0 has no interface number 0
[  618.682694][ T4261] usb 3-1: config 0 interface 41 has no altsetting 0
[  618.683796][ T1324] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  618.705329][ T4307] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  618.717061][ T4307] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  618.731230][T12709] team0 (unregistering): Port device team_slave_1 removed
[  618.745588][T12709] team0 (unregistering): Port device team_slave_0 removed
[  618.758654][T12709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  618.771948][T12709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  618.821584][T12709] team0 (unregistering): Port device bond0 removed
[  618.841551][T12709] bond0 (unregistering): Released all slaves
[  618.876191][ T4261] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  618.885391][ T4261] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.893826][ T4261] usb 3-1: Product: syz
[  618.898270][ T4261] usb 3-1: Manufacturer: syz
[  618.903006][ T4261] usb 3-1: SerialNumber: syz
[  618.908858][ T2356] Bluetooth: hci3: command 0x041b tx timeout
[  618.910099][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  618.919948][ T4261] usb 3-1: config 0 descriptor??
[  619.017249][ T4394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.035275][ T4394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.051290][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  619.111310][ T1324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  619.142869][ T1324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  619.165726][ T1324] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  619.174534][T14416] loop5: detected capacity change from 0 to 128
[  619.179384][ T1324] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  619.194649][ T1324] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.205606][ T1324] usb 5-1: config 0 descriptor??
[  619.241249][T13187] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  619.262088][T14416] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  619.271554][T13187] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.279975][T13187] usb 1-1: Product: syz
[  619.285177][T13187] usb 1-1: Manufacturer: syz
[  619.289845][T13187] usb 1-1: SerialNumber: syz
[  619.309200][T14416] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  619.468346][ T4307] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71
[  619.479862][ T4307] smsc95xx: probe of 2-1:0.67 failed with error -71
[  619.490499][ T4307] usb 2-1: USB disconnect, device number 16
[  619.598593][T14418] fuse: Bad value for 'fd'
[  619.913065][ T4261] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  620.265834][ T1324] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  620.297779][T13187] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  620.310259][ T1324] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  620.340698][ T1324] usb 5-1: USB disconnect, device number 14
[  620.493684][T14422] fido_id[14422]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  620.866510][T14431] input: syz1 as /devices/virtual/input/input29
[  622.396968][ T2356] Bluetooth: hci3: command 0x040f tx timeout
[  622.433599][ T4261] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  622.809072][ T4261] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71
[  622.992305][T13187] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -71
[  622.993547][ T4261] CoreChips: probe of 3-1:0.41 failed with error -71
[  623.019392][T13187] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  623.062394][T13187] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  623.077666][ T4261] usb 3-1: USB disconnect, device number 16
[  623.108783][T13187] lan78xx: probe of 1-1:1.0 failed with error -71
[  623.152145][T13187] usb 1-1: USB disconnect, device number 11
[  623.451423][T13818] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  623.632988][T14456] loop2: detected capacity change from 0 to 128
[  623.747803][T14456] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  623.750752][T13818] usb 5-1: Using ep0 maxpacket: 32
[  623.768881][T14456] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  623.943479][T13818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.018792][T13818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.098411][T14468] fuse: Bad value for 'fd'
[  624.115619][T13818] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  624.296585][T13818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.557690][T13818] usb 5-1: config 0 descriptor??
[  624.608244][T13818] hub 5-1:0.0: USB hub found
[  624.838510][T13818] hub 5-1:0.0: 1 port detected
[  624.912969][ T4241] Bluetooth: hci3: command 0x0419 tx timeout
[  624.936471][T14482] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  624.947144][T14483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3451'.
[  625.005424][T14482] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  625.055161][T14483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3451'.
[  625.108533][ T4241] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  625.311725][ T8632] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  625.622846][T13818] hub 5-1:0.0: activate --> -90
[  625.719127][ T4241] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  625.782701][ T8632] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  625.792988][ T4241] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.844571][ T8632] usb 1-1: config 1 has no interface number 0
[  625.953563][ T4241] usb 2-1: Product: syz
[  625.960401][ T8632] usb 1-1: config 1 interface 7 altsetting 0 has an invalid endpoint with address 0xDB, skipping
[  626.044271][ T4241] usb 2-1: Manufacturer: syz
[  626.185094][ T4241] usb 2-1: SerialNumber: syz
[  626.206462][ T8632] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.309898][ T2356] usb 5-1: USB disconnect, device number 15
[  626.477211][ T8632] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  626.504521][ T8632] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.396259][ T8632] usb 1-1: Product: syz
[  627.400487][ T8632] usb 1-1: Manufacturer: syz
[  627.405107][ T8632] usb 1-1: SerialNumber: syz
[  627.449933][T14487] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  627.472307][ T8632] usb 1-1: Expected 3 endpoints, found: 2
[  627.505869][T14516] loop4: detected capacity change from 0 to 256
[  627.552194][T14516] exfat: Bad value for 'uid'
[  627.769530][ T4241] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  627.791838][ T4241] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  627.801421][ T4241] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  627.802556][    T7] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  627.844974][ T4241] lan78xx: probe of 2-1:1.0 failed with error -71
[  628.131440][ T4241] usb 2-1: USB disconnect, device number 17
[  628.882295][    T7] usb 3-1: Using ep0 maxpacket: 16
[  628.967859][ T1324] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  629.010707][    T7] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  629.022856][    T7] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  629.050128][T14540] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  629.063431][    T7] usb 3-1: config 1 has no interface number 0
[  629.070139][T14540] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  629.082825][    T7] usb 3-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  629.128215][T14414] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  629.146956][    T7] usb 3-1: config 1 interface 105 has no altsetting 0
[  629.167388][T13187] usb 1-1: USB disconnect, device number 12
[  629.193359][T14541] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  629.229477][ T1324] usb 5-1: Using ep0 maxpacket: 8
[  629.296385][T14545] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3463'.
[  629.342306][    T7] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  629.362345][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.371441][ T1324] usb 5-1: config 53 has an invalid interface number: 101 but max is 0
[  629.391092][ T1324] usb 5-1: config 53 has an invalid descriptor of length 0, skipping remainder of the config
[  629.406503][T14414] usb 6-1: Using ep0 maxpacket: 16
[  629.416995][    T7] usb 3-1: Product: syz
[  629.421277][    T7] usb 3-1: Manufacturer: syz
[  629.431974][    T7] usb 3-1: SerialNumber: syz
[  629.436935][ T1324] usb 5-1: config 53 has no interface number 0
[  629.447702][   T25] audit: type=1326 audit(1769447820.810:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14548 comm="syz.0.3465" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x0
[  629.471656][ T1324] usb 5-1: config 53 interface 101 altsetting 0 has an invalid endpoint with address 0xC2, skipping
[  629.483017][ T1324] usb 5-1: config 53 interface 101 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 32
[  629.556227][T14414] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  629.596595][T14414] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  629.613309][T14414] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.624457][T14414] usb 6-1: config 0 descriptor??
[  629.662894][ T1324] usb 5-1: New USB device found, idVendor=0bfd, idProduct=011b, bcdDevice=33.a1
[  629.675765][ T1324] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.683911][ T1324] usb 5-1: Product: syz
[  629.688824][ T1324] usb 5-1: Manufacturer: syz
[  629.694640][ T1324] usb 5-1: SerialNumber: syz
[  629.732910][T14530] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  629.767907][T14530] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  629.791192][    T7] aqc111: probe of 3-1:1.105 failed with error -22
[  629.807915][    T7] usb 3-1: USB disconnect, device number 17
[  630.092891][ T1324] usb 5-1: USB disconnect, device number 16
[  630.207962][T14414] usbhid 6-1:0.0: can't add hid device: -71
[  630.214212][T14414] usbhid: probe of 6-1:0.0 failed with error -71
[  630.231008][T14414] usb 6-1: USB disconnect, device number 4
[  630.626615][T14565] loop4: detected capacity change from 0 to 256
[  630.634076][T14565] exfat: Bad value for 'uid'
[  632.714858][T14578] loop5: detected capacity change from 0 to 512
[  632.880950][ T8632] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  632.926220][T14578] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  632.969610][T14578] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  632.999399][T14578] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.3474: attempt to clear invalid blocks 2 len 1
[  633.022034][T14578] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  633.066921][T14578] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3474: invalid indirect mapped block 1819239214 (level 0)
[  633.089563][T14600] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3481'.
[  633.155498][T14578] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3474: invalid indirect mapped block 1819239214 (level 1)
[  633.286346][T14578] EXT4-fs (loop5): 1 truncate cleaned up
[  633.318960][T14578] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  634.133174][T14610] 9pnet: Insufficient options for proto=fd
[  635.131167][ T1324] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  635.144875][    T7] Bluetooth: hci1: command 0x0406 tx timeout
[  635.211151][ T8632] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  635.228059][T14618] loop2: detected capacity change from 0 to 256
[  635.250259][ T8632] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.260685][ T8632] usb 3-1: Product: syz
[  635.286620][T14618] exfat: Bad value for 'uid'
[  635.307621][ T8632] usb 3-1: can't set config #1, error -71
[  635.315560][ T8632] usb 3-1: USB disconnect, device number 18
[  635.326411][T14622] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3491'.
[  635.392956][ T1324] usb 2-1: Using ep0 maxpacket: 32
[  635.532052][ T1324] usb 2-1: config 0 interface 0 has no altsetting 0
[  636.507243][ T1324] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  636.561219][ T1324] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.585313][ T1324] usb 2-1: config 0 descriptor??
[  636.993427][ T1324] usb 2-1: can't set config #0, error -71
[  637.000719][ T1324] usb 2-1: USB disconnect, device number 18
[  637.010813][T14647] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  637.022884][T14647] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  637.156852][T14413] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  637.499749][    T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  637.544560][T14413] usb 3-1: config 1 has an invalid interface number: 7 but max is 0
[  637.568166][T14413] usb 3-1: config 1 has no interface number 0
[  637.589737][T14413] usb 3-1: config 1 interface 7 altsetting 0 has an invalid endpoint with address 0xDB, skipping
[  637.624540][T14413] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.821147][T14413] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  637.840347][T14413] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.850040][T14413] usb 3-1: Product: syz
[  637.862198][T14413] usb 3-1: Manufacturer: syz
[  637.868558][T14413] usb 3-1: SerialNumber: syz
[  637.894777][    T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  637.905516][T14643] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  637.921292][    T7] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  637.935985][T14413] usb 3-1: Expected 3 endpoints, found: 2
[  638.152026][    T7] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  638.177297][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.199948][    T7] usb 1-1: Product: syz
[  638.204221][    T7] usb 1-1: Manufacturer: syz
[  638.213080][    T7] usb 1-1: SerialNumber: syz
[  638.328387][T14668] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.377229][T14668] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.442764][T14668] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.475004][T14652] udc-core: couldn't find an available UDC or it's busy
[  638.484504][T14652] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  638.526260][T14668] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.538026][    T7] cdc_ether: probe of 1-1:1.0 failed with error -22
[  638.558493][    T7] usb 1-1: USB disconnect, device number 13
[  638.614020][T14668] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.629799][T14668] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.674003][T14668] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.675384][T14675] loop5: detected capacity change from 0 to 256
[  638.693919][T14668] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.708621][T14675] exfat: Bad value for 'uid'
[  639.242029][    T7] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  639.480042][T14684] block device autoloading is deprecated and will be removed.
[  639.508879][    T7] usb 1-1: Using ep0 maxpacket: 8
[  639.690848][    T7] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[  639.710125][    T7] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  639.753041][    T7] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  639.826618][    T7] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  639.837119][    T7] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  639.849375][    T7] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  639.860453][    T7] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  639.869721][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.883630][ T1324] usb 3-1: USB disconnect, device number 19
[  639.926695][T14693] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3510'.
[  640.150313][    T7] usb 1-1: usb_control_msg returned -71
[  640.159948][    T7] usbtmc 1-1:16.0: can't read capabilities
[  640.222230][    T7] usb 1-1: USB disconnect, device number 14
[  640.258042][ T8632] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  640.556420][ T8632] usb 6-1: Using ep0 maxpacket: 32
[  640.718354][ T8632] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.739913][ T8632] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.750668][ T8632] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  640.761056][ T8632] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.775230][ T8632] usb 6-1: config 0 descriptor??
[  640.860938][ T8632] hub 6-1:0.0: USB hub found
[  641.069771][ T8632] hub 6-1:0.0: 1 port detected
[  641.133025][T14711] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  641.191914][T14711] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  641.204441][T14714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3520'.
[  641.236514][T14711] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  641.272860][    T7] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  641.296712][T14711] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  641.372658][T14711] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  641.383788][T14711] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  641.397845][T14711] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  641.410151][T14711] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  641.485104][T14718] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  641.525288][T14414] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  641.533059][    T7] usb 1-1: Using ep0 maxpacket: 8
[  641.541970][T14721] loop2: detected capacity change from 0 to 256
[  641.573333][T14721] exfat: Bad value for 'uid'
[  641.657987][    T7] usb 1-1: config 0 has no interfaces?
[  641.786135][ T4248] hub 6-1:0.0: activate --> -90
[  642.229827][ T8632] usb 6-1: USB disconnect, device number 5
[  642.620976][T14414] usb 2-1: Using ep0 maxpacket: 32
[  642.621889][T14726] netlink: 'syz.2.3524': attribute type 1 has an invalid length.
[  642.631571][    T7] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  642.644003][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.652168][    T7] usb 1-1: Product: syz
[  642.653395][T14726] 8021q: adding VLAN 0 to HW filter on device bond2
[  642.656539][    T7] usb 1-1: Manufacturer: syz
[  642.668200][    T7] usb 1-1: SerialNumber: syz
[  642.684076][    T7] usb 1-1: config 0 descriptor??
[  642.748814][T14414] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  642.772390][T14414] usb 2-1: config 0 has no interface number 0
[  642.805938][T14732] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3526'.
[  642.931272][T14739] "syz.2.3529" (14739) uses obsolete ecb(arc4) skcipher
[  642.940750][T14414] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  642.961128][T14414] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.976254][T14414] usb 2-1: Product: syz
[  642.980460][T14414] usb 2-1: Manufacturer: syz
[  643.029295][T14414] usb 2-1: SerialNumber: syz
[  643.055557][T14414] usb 2-1: config 0 descriptor??
[  643.062996][T14413] usb 1-1: USB disconnect, device number 15
[  643.101858][T14414] smsc95xx v2.0.0
[  643.409844][T14743] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  643.422093][T14743] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  644.171813][T14414] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  644.182992][T14414] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  645.242724][T14414] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -32
[  645.257788][T14414] smsc95xx: probe of 2-1:0.67 failed with error -32
[  645.299064][T14756] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.432712][T14756] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.533593][T14756] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.707247][T14756] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.810717][T14756] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  645.876325][T14756] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  645.899526][T14756] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  645.938084][T14756] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  646.057953][T14783] input: syz1 as /devices/virtual/input/input30
[  646.278420][T14786] netlink: 'syz.5.3545': attribute type 1 has an invalid length.
[  646.328239][T14786] 8021q: adding VLAN 0 to HW filter on device bond1
[  646.598187][ T4248] usb 2-1: USB disconnect, device number 19
[  646.865275][T13187] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  647.249032][T13187] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.266207][T13187] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.287488][T13187] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  647.315058][T13187] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.336193][T13187] usb 6-1: config 0 descriptor??
[  647.848653][T14824] input: syz1 as /devices/virtual/input/input31
[  648.565214][T13006] udevd[13006]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[  648.612468][T13006] udevd[13006]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  648.690798][T13187] cp2112 0003:10C4:EA90.0009: unknown main item tag 0x0
[  648.719755][T13187] cp2112 0003:10C4:EA90.0009: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  648.852463][T13187] cp2112 0003:10C4:EA90.0009: Part Number: 0x1A Device Version: 0xC4
[  649.044870][ T1324] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  649.237314][T13187] cp2112 0003:10C4:EA90.0009: error reading lock byte: -71
[  649.247688][T13187] usb 6-1: USB disconnect, device number 6
[  649.301555][ T1324] usb 3-1: Using ep0 maxpacket: 32
[  649.312655][T14855] fido_id[14855]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  649.429788][ T1324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.441089][ T1324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  649.450851][ T1324] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  649.460022][ T1324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.469650][ T1324] usb 3-1: config 0 descriptor??
[  649.983163][ T1324] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  650.092278][T14864] input: syz1 as /devices/virtual/input/input32
[  650.396547][ T1324] usb 3-1: USB disconnect, device number 20
[  650.570659][T14866] fido_id[14866]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  650.921447][T14894] binder: 14893:14894 ioctl c0306201 0 returned -14
[  650.938452][T14894] binder: 14893:14894 unknown command 1074553619
[  650.945148][T14894] binder: 14893:14894 ioctl c0306201 200000000040 returned -22
[  650.954478][T14894] binder: 14893:14894 unknown command 1074553620
[  650.962217][T14894] binder: 14893:14894 ioctl c0306201 200000000640 returned -22
[  651.392736][T14914] input: syz1 as /devices/virtual/input/input33
[  651.871035][T14920] loop2: detected capacity change from 0 to 128
[  651.964849][T14920] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  652.025712][T14920] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  652.072522][T14926] netlink: 'syz.0.3602': attribute type 1 has an invalid length.
[  652.161109][T14926] 8021q: adding VLAN 0 to HW filter on device bond1
[  652.468479][T12709] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  652.904371][T14935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3604'.
[  652.971844][T12709] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.024432][T14921] chnl_net:caif_netlink_parms(): no params data found
[  653.080806][T14921] bridge0: port 1(bridge_slave_0) entered blocking state
[  653.088191][T14921] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.108138][T14921] device bridge_slave_0 entered promiscuous mode
[  653.116756][T14921] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.124520][T14921] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.133465][T14921] device bridge_slave_1 entered promiscuous mode
[  653.143683][T12709] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.227059][T14921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  653.254981][T12709] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.292978][T14921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  653.356984][T14921] team0: Port device team_slave_0 added
[  653.365840][T14921] team0: Port device team_slave_1 added
[  653.414256][T14921] batman_adv: batadv0: Adding interface: batadv_slave_0
[  653.424334][T14921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  653.451220][T14921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  653.508125][T14921] batman_adv: batadv0: Adding interface: batadv_slave_1
[  653.526001][T14921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  653.561537][T14921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  653.629669][T14957] binder: 14955:14957 unknown command 0
[  653.636642][T14957] binder: 14955:14957 ioctl c0306201 200000000080 returned -22
[  653.701633][T14921] device hsr_slave_0 entered promiscuous mode
[  653.711412][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  653.718127][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  653.765647][T14921] device hsr_slave_1 entered promiscuous mode
[  653.783563][T14921] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  653.802351][T14921] Cannot create hsr debugfs directory
[  653.817689][T14960] netlink: 'syz.0.3612': attribute type 1 has an invalid length.
[  653.858129][T14960] 8021q: adding VLAN 0 to HW filter on device bond2
[  654.541169][ T1324] Bluetooth: hci1: command 0x0409 tx timeout
[  655.634612][T12709] bond2: (slave gretap1): Releasing backup interface
[  655.829585][T14921] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  655.869357][T14921] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  655.890084][T14921] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  655.907091][T14921] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  655.919051][ T1324] Bluetooth: hci2: command 0x0406 tx timeout
[  656.233312][T14921] 8021q: adding VLAN 0 to HW filter on device bond0
[  656.268190][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  656.281437][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  656.301695][T14921] 8021q: adding VLAN 0 to HW filter on device team0
[  656.351320][T15027] syz.5.3628 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  656.421096][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  656.454912][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  656.477223][T15033] loop5: detected capacity change from 0 to 512
[  656.484864][  T509] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.492124][  T509] bridge0: port 1(bridge_slave_0) entered forwarding state
[  656.522265][T15033] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  656.549900][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  656.569695][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  656.591053][  T509] bridge0: port 2(bridge_slave_1) entered blocking state
[  656.593262][T15033] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  656.598438][  T509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  656.648906][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  656.659720][T15033] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.3629: attempt to clear invalid blocks 2 len 1
[  656.665079][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  656.689518][ T1324] Bluetooth: hci1: command 0x041b tx timeout
[  656.706403][T15033] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  656.729711][T15033] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3629: invalid indirect mapped block 1819239214 (level 0)
[  656.750057][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  656.768734][T15033] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3629: invalid indirect mapped block 1819239214 (level 1)
[  656.788832][T12709] device hsr_slave_0 left promiscuous mode
[  656.809110][T15033] EXT4-fs (loop5): 1 truncate cleaned up
[  656.815029][T12709] device hsr_slave_1 left promiscuous mode
[  656.816468][T15033] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  656.866361][T12709] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.912100][T12709] batman_adv: batadv0: Removing interface: batadv_slave_0
[  657.013062][T12709] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  657.030295][T12709] batman_adv: batadv0: Removing interface: batadv_slave_1
[  657.060562][T12709] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.082319][T12709] device bridge_slave_0 left promiscuous mode
[  657.094872][T12709] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.177272][T15057] 9pnet: Insufficient options for proto=fd
[  657.469384][T12709] device veth1_macvtap left promiscuous mode
[  657.518797][T12709] device veth0_macvtap left promiscuous mode
[  657.559729][T12709] device veth1_vlan left promiscuous mode
[  657.594193][T12709] device veth0_vlan left promiscuous mode
[  658.157224][T15084] input: syz1 as /devices/virtual/input/input34
[  658.509897][T12709] bond2 (unregistering): Released all slaves
[  658.534346][T12709] bond1 (unregistering): (slave vlan2): Releasing backup interface
[  658.564888][T12709] bond1 (unregistering): Released all slaves
[  658.789120][T15092] loop0: detected capacity change from 0 to 512
[  658.806270][T12709] team0 (unregistering): Port device team_slave_1 removed
[  658.822108][T15092] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  658.833495][T12709] team0 (unregistering): Port device team_slave_0 removed
[  658.841999][T15092] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  658.852764][T15092] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.3647: attempt to clear invalid blocks 2 len 1
[  658.866361][T12709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  658.874402][T15092] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  658.899620][T15092] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3647: invalid indirect mapped block 1819239214 (level 0)
[  658.912357][    T7] Bluetooth: hci1: command 0x040f tx timeout
[  658.920762][T12709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  658.923363][T15092] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3647: invalid indirect mapped block 1819239214 (level 1)
[  658.952016][T15092] EXT4-fs (loop0): 1 truncate cleaned up
[  658.958224][T15092] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  659.157584][T12709] bond0 (unregistering): Released all slaves
[  659.205464][T15096] loop1: detected capacity change from 0 to 256
[  659.295097][T15102] 9pnet: Insufficient options for proto=fd
[  659.789757][   T25] audit: type=1326 audit(1769447849.200:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15103 comm="syz.5.3651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff595ecfeb9 code=0x0
[  659.939309][T15096] exfat: Bad value for 'uid'
[  660.013591][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  660.022807][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  660.168329][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  660.197632][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  660.230525][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  660.294895][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  660.321244][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  660.434707][T14921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  660.496591][T14921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  660.534809][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  660.551890][T11684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  661.403248][T14413] Bluetooth: hci1: command 0x0419 tx timeout
[  661.582493][T14921] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.615134][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  661.638039][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  661.926063][T15146] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.067949][T15146] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.233280][T15146] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.291804][T15155] IPv6: NLM_F_CREATE should be specified when creating new route
[  662.317114][T15155] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  662.324432][T15155] IPv6: NLM_F_CREATE should be set when creating new route
[  662.331670][T15155] IPv6: NLM_F_CREATE should be set when creating new route
[  662.411461][T15146] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.509241][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  662.552850][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  662.756722][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  662.800326][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  662.865461][T14921] device veth0_vlan entered promiscuous mode
[  662.879074][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  662.892442][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  662.924907][T15146] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  662.971434][T14921] device veth1_vlan entered promiscuous mode
[  663.013773][T15146] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  663.074781][T15146] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  663.244557][T15179] team0 (unregistering): Port device team_slave_0 removed
[  663.304307][T15179] team0 (unregistering): Port device team_slave_1 removed
[  663.395306][T15146] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  663.424131][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  663.435487][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  663.473834][T14921] device veth0_macvtap entered promiscuous mode
[  663.500587][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  663.550445][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  663.599132][T14921] device veth1_macvtap entered promiscuous mode
[  663.650479][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  663.720099][T15188] loop1: detected capacity change from 0 to 256
[  663.758226][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  663.831027][T15188] exfat: Bad value for 'uid'
[  663.836555][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.900303][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.933536][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.970942][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.000885][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.032969][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.042839][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.107816][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.142066][T14921] batman_adv: batadv0: Interface activated: batadv_slave_0
[  664.901271][T12773] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  664.915933][T12773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  664.925759][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.946117][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.956427][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.967296][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.977374][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.988082][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.995051][T15205] input: syz1 as /devices/virtual/input/input35
[  664.998353][T14921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.017632][T14921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.047539][T14921] batman_adv: batadv0: Interface activated: batadv_slave_1
[  665.135755][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  665.144521][  T509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  665.227728][T14921] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  665.269083][T14921] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  665.293310][T14921] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  665.321334][T14921] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  665.540805][  T509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.558804][  T509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.600906][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  665.636129][ T4580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.701013][ T4580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.711748][T12650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  666.621053][ T1324] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  666.915287][T15243] netlink: 'syz.1.3677': attribute type 1 has an invalid length.
[  666.930295][ T1324] usb 6-1: Using ep0 maxpacket: 32
[  667.058622][ T1324] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  667.149081][T15249] loop0: detected capacity change from 0 to 256
[  667.165920][ T1324] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.206980][ T1324] usb 6-1: config 0 descriptor??
[  667.220095][T15249] exfat: Bad value for 'uid'
[  667.265167][ T1324] gspca_main: sunplus-2.14.0 probing 041e:400b
[  668.482131][ T1324] gspca_sunplus: reg_w_riv err -110
[  668.487433][ T1324] sunplus: probe of 6-1:0.0 failed with error -110
[  669.573132][T13187] usb 6-1: USB disconnect, device number 7
[  670.747933][T15290] netlink: 'syz.5.3686': attribute type 10 has an invalid length.
[  670.905717][T15290] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  671.522436][T14413] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  671.698318][T14414] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  671.794485][T14413] usb 6-1: Using ep0 maxpacket: 8
[  671.922897][T14413] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  671.933452][T14413] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  671.954485][T14413] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  671.965439][T14414] usb 1-1: Using ep0 maxpacket: 8
[  671.981607][T14413] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  672.002872][T14413] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  672.028743][T14413] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  672.047365][T14413] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.094171][T14414] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  672.166654][T14414] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  672.278064][T14414] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  672.393472][T14413] usb 6-1: GET_CAPABILITIES returned 0
[  672.399497][T14413] usbtmc 6-1:16.0: can't read capabilities
[  672.420776][T14414] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  672.579544][T14414] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  672.684982][T14413] usb 6-1: USB disconnect, device number 8
[  672.834038][T14414] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  673.023955][T14414] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.426373][T15333] loop1: detected capacity change from 0 to 512
[  673.749477][T15333] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  673.902044][T15333] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  673.951324][T15333] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.3693: attempt to clear invalid blocks 2 len 1
[  673.974562][T15333] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  673.988060][T15333] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3693: invalid indirect mapped block 1819239214 (level 0)
[  674.010704][T15333] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3693: invalid indirect mapped block 1819239214 (level 1)
[  674.138072][T15333] EXT4-fs (loop1): 1 truncate cleaned up
[  674.138761][T15333] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  674.381140][T15342] 9pnet: Insufficient options for proto=fd
[  674.773626][T15340] usbtmc 1-1:16.0: simple usb_control_msg failed -32
[  674.776109][T14414] usb 1-1: USB disconnect, device number 16
[  676.432629][   T25] audit: type=1326 audit(1769447864.755:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15375 comm="syz.1.3704" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f879181eeb9 code=0x0
[  676.805969][T15393] loop0: detected capacity change from 0 to 512
[  676.868391][T15393] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  677.813186][ T4241] Bluetooth: hci0: command 0x0406 tx timeout
[  677.822745][T15393] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  677.833569][T15401] loop5: detected capacity change from 0 to 256
[  678.067884][T15393] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.3707: attempt to clear invalid blocks 2 len 1
[  678.081675][T15401] exfat: Bad value for 'uid'
[  678.106949][T15393] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  678.132013][T15393] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3707: invalid indirect mapped block 1819239214 (level 0)
[  678.202642][T15393] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3707: invalid indirect mapped block 1819239214 (level 1)
[  678.449887][T15413] netlink: 'syz.2.3711': attribute type 1 has an invalid length.
[  678.567197][T15393] EXT4-fs (loop0): 1 truncate cleaned up
[  678.807618][T15393] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  678.923530][T15420] device macvlan2 entered promiscuous mode
[  678.969763][T15420] device bond3 entered promiscuous mode
[  679.082651][T15420] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  679.111085][T15420] device bond3 left promiscuous mode
[  679.292802][T15428] 9pnet: Insufficient options for proto=fd
[  680.204247][T15443] loop5: detected capacity change from 0 to 128
[  680.326711][T15443] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  680.510853][T15443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  680.539422][   T25] audit: type=1326 audit(1769447868.544:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15447 comm="syz.1.3719" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f879181eeb9 code=0x0
[  681.807333][T15452] bridge0: port 2(bridge_slave_1) entered disabled state
[  681.814911][T15452] bridge0: port 1(bridge_slave_0) entered disabled state
[  682.774465][T15483] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  682.855610][T15488] IPVS: rr: FWM 3 0x00000003 - no destination available
[  682.871004][T15483] IPVS: ip_vs_add_dest(): server weight less than zero
[  683.078024][   T25] audit: type=1326 audit(1769447870.976:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  683.100623][    C1] vkms_vblank_simulate: vblank timer overrun
[  683.186837][T15504] loop2: detected capacity change from 0 to 512
[  683.273102][   T25] audit: type=1326 audit(1769447870.976:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  683.305624][T15504] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  683.376558][T15504] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  683.466819][T15504] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.3727: attempt to clear invalid blocks 2 len 1
[  683.517689][   T25] audit: type=1326 audit(1769447870.976:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  683.580234][T15504] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  683.606779][T15504] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3727: invalid indirect mapped block 1819239214 (level 0)
[  683.630969][   T25] audit: type=1326 audit(1769447870.976:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  683.663515][T15504] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3727: invalid indirect mapped block 1819239214 (level 1)
[  684.478133][T15516] batman_adv: batadv0: Adding interface: gretap1
[  684.485390][T15516] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  684.511352][    C1] vkms_vblank_simulate: vblank timer overrun
[  684.526195][T15516] batman_adv: batadv0: Interface activated: gretap1
[  685.633401][ T4248] Bluetooth: hci0: command 0x0c1a tx timeout
[  685.727436][   T25] audit: type=1326 audit(1769447870.976:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  685.782921][T15504] EXT4-fs (loop2): 1 truncate cleaned up
[  685.818724][T15504] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  686.270160][T15536] 9pnet: Insufficient options for proto=fd
[  686.691124][   T25] audit: type=1326 audit(1769447871.013:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  687.260741][   T25] audit: type=1326 audit(1769447871.023:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  687.369190][T15543] netlink: 156 bytes leftover after parsing attributes in process `syz.6.3735'.
[  687.404201][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3736'.
[  687.449133][   T25] audit: type=1326 audit(1769447871.023:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  687.649067][   T25] audit: type=1326 audit(1769447871.023:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  687.766864][   T25] audit: type=1326 audit(1769447871.023:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15491 comm="syz.0.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f1f726eb9 code=0x7ffc0000
[  687.830500][ T8632] Bluetooth: hci0: command 0x0406 tx timeout
[  687.894564][    T7] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  688.236626][T14414] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  688.290416][    T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.322198][    T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  688.402453][    T7] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  688.518378][    T7] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  688.561598][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.605743][    T7] usb 1-1: config 0 descriptor??
[  688.654083][T14414] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  688.693807][T14414] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  688.703249][T15572] loop6: detected capacity change from 0 to 512
[  688.711409][T14414] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  688.730889][T14414] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  688.765018][T14414] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  688.768555][T15572] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  688.838164][T15572] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13
[  688.922314][T14414] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  688.943094][T15572] EXT4-fs error (device loop6): ext4_clear_blocks:883: inode #13: comm syz.6.3744: attempt to clear invalid blocks 2 len 1
[  688.998765][T14414] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  689.029272][T14414] usb 2-1: Product: syz
[  689.033487][T14414] usb 2-1: Manufacturer: syz
[  689.076211][T15572] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  689.076363][T15572] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.3744: invalid indirect mapped block 1819239214 (level 0)
[  689.076883][T15572] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.3744: invalid indirect mapped block 1819239214 (level 1)
[  689.077955][T15572] EXT4-fs (loop6): 1 truncate cleaned up
[  689.077978][T15572] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  689.154980][    T7] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  689.158074][T14414] cdc_wdm 2-1:1.0: skipping garbage
[  689.158095][T14414] cdc_wdm 2-1:1.0: skipping garbage
[  689.160394][    T7] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  689.163229][T14414] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  689.163251][T14414] cdc_wdm 2-1:1.0: Unknown control protocol
[  689.284387][T13187] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  689.423779][T15597] 9pnet: Insufficient options for proto=fd
[  689.816986][ T4261] usb 1-1: USB disconnect, device number 17
[  689.992034][ T4248] usb 2-1: USB disconnect, device number 20
[  690.201400][T15600] fido_id[15600]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  690.295686][T15607] input: syz0 as /devices/virtual/input/input36
[  690.353639][T13187] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  690.432460][T13187] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  690.478452][T13187] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  690.546537][T13187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.625079][T15580] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  690.774481][ T4248] 
[  690.776861][ T4248] ======================================================
[  690.783889][ T4248] WARNING: possible circular locking dependency detected
[  690.790919][ T4248] syzkaller #0 Not tainted
[  690.795589][ T4248] ------------------------------------------------------
[  690.802628][ T4248] kworker/1:7/4248 is trying to acquire lock:
[  690.808793][ T4248] ffff88807e0f4c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210
[  690.820053][ T4248] 
[  690.820053][ T4248] but task is already holding lock:
[  690.827522][ T4248] ffffffff8d6c47c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170
[  690.836689][ T4248] 
[  690.836689][ T4248] which lock already depends on the new lock.
[  690.836689][ T4248] 
[  690.847386][ T4248] 
[  690.847386][ T4248] the existing dependency chain (in reverse order) is:
[  690.856492][ T4248] 
[  690.856492][ T4248] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[  690.864737][ T4248]        __mutex_lock_common+0x1e3/0x2400
[  690.870589][ T4248]        mutex_lock_nested+0x17/0x20
[  690.875981][ T4248]        rfkill_register+0x33/0x8a0
[  690.881291][ T4248]        hci_register_dev+0x452/0x970
[  690.886687][ T4248]        vhci_create_device+0x32c/0x5c0
[  690.892256][ T4248]        vhci_write+0x391/0x450
[  690.897131][ T4248]        vfs_write+0x745/0xd60
[  690.902012][ T4248]        ksys_write+0x152/0x260
[  690.906877][ T4248]        do_syscall_64+0x4c/0xa0
[  690.911823][ T4248]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  690.918422][ T4248] 
[  690.918422][ T4248] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[  690.926258][ T4248]        __mutex_lock_common+0x1e3/0x2400
[  690.931994][ T4248]        mutex_lock_nested+0x17/0x20
[  690.937562][ T4248]        vhci_send_frame+0x88/0x100
[  690.942779][ T4248]        hci_send_frame+0x1a9/0x2e0
[  690.948087][ T4248]        hci_tx_work+0x9f9/0x1710
[  690.953219][ T4248]        process_one_work+0x85f/0x1010
[  690.958698][ T4248]        worker_thread+0xaa6/0x1290
[  690.964020][ T4248]        kthread+0x436/0x520
[  690.968630][ T4248]        ret_from_fork+0x1f/0x30
[  690.973306][T13187] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  690.973664][ T4248] 
[  690.973664][ T4248] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[  690.990950][ T4248]        __flush_work+0x116/0x210
[  690.996172][ T4248]        hci_dev_do_close+0x1e7/0x1030
[  691.001737][ T4248]        hci_unregister_dev+0x2d7/0x580
[  691.007409][ T4248]        vhci_release+0x73/0xc0
[  691.012273][ T4248]        __fput+0x234/0x930
[  691.016782][ T4248]        task_work_run+0x125/0x1a0
[  691.022000][ T4248]        do_exit+0x626/0x20c0
[  691.026700][ T4248]        do_group_exit+0x12e/0x300
[  691.031945][ T4248]        __x64_sys_exit_group+0x3b/0x40
[  691.037516][ T4248]        do_syscall_64+0x4c/0xa0
[  691.042471][ T4248]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  691.048905][ T4248] 
[  691.048905][ T4248] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[  691.056750][ T4248]        __mutex_lock_common+0x1e3/0x2400
[  691.062587][ T4248]        mutex_lock_nested+0x17/0x20
[  691.067986][ T4248]        bg_scan_update+0x44/0x3b0
[  691.073106][ T4248]        process_one_work+0x85f/0x1010
[  691.078584][ T4248]        worker_thread+0xaa6/0x1290
[  691.081277][T14414] usb 3-1: USB disconnect, device number 21
[  691.083785][ T4248]        kthread+0x436/0x520
[  691.094263][ T4248]        ret_from_fork+0x1f/0x30
[  691.099262][ T4248] 
[  691.099262][ T4248] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[  691.109198][ T4248]        __lock_acquire+0x2c42/0x7d10
[  691.114600][ T4248]        lock_acquire+0x19e/0x400
[  691.119644][ T4248]        __flush_work+0x116/0x210
[  691.124682][ T4248]        __cancel_work_timer+0x3f4/0x560
[  691.130429][ T4248]        hci_request_cancel_all+0xcc/0x300
[  691.136255][ T4248]        hci_dev_do_close+0x4e/0x1030
[  691.141746][ T4248]        hci_rfkill_set_block+0x10a/0x190
[  691.147648][ T4248]        rfkill_set_block+0x1c6/0x420
[  691.153125][ T4248]        rfkill_epo+0x75/0x170
[  691.157992][ T4248]        rfkill_op_handler+0x76/0x220
[  691.163478][ T4248]        process_one_work+0x85f/0x1010
[  691.168962][ T4248]        worker_thread+0xaa6/0x1290
[  691.174195][ T4248]        kthread+0x436/0x520
[  691.178898][ T4248]        ret_from_fork+0x1f/0x30
[  691.183849][ T4248] 
[  691.183849][ T4248] other info that might help us debug this:
[  691.183849][ T4248] 
[  691.194434][ T4248] Chain exists of:
[  691.194434][ T4248]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[  691.194434][ T4248] 
[  691.210325][ T4248]  Possible unsafe locking scenario:
[  691.210325][ T4248] 
[  691.217794][ T4248]        CPU0                    CPU1
[  691.223384][ T4248]        ----                    ----
[  691.228748][ T4248]   lock(rfkill_global_mutex);
[  691.229876][T13187] usb 1-1: Using ep0 maxpacket: 8
[  691.233543][ T4248]                                lock(&data->open_mutex);
[  691.245767][ T4248]                                lock(rfkill_global_mutex);
[  691.253071][ T4248]   lock((work_completion)(&hdev->bg_scan_update));
[  691.259677][ T4248] 
[  691.259677][ T4248]  *** DEADLOCK ***
[  691.259677][ T4248] 
[  691.267834][ T4248] 3 locks held by kworker/1:7/4248:
[  691.273041][ T4248]  #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010
[  691.283422][ T4248]  #1: ffffc9000421fd00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010
[  691.293890][ T4248]  #2: ffffffff8d6c47c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170
[  691.303386][ T4248] 
[  691.303386][ T4248] stack backtrace:
[  691.309282][ T4248] CPU: 1 PID: 4248 Comm: kworker/1:7 Not tainted syzkaller #0
[  691.316750][ T4248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  691.326912][ T4248] Workqueue: events rfkill_op_handler
[  691.332313][ T4248] Call Trace:
[  691.335603][ T4248]  <TASK>
[  691.338629][ T4248]  dump_stack_lvl+0x188/0x250
[  691.343328][ T4248]  ? load_image+0x400/0x400
[  691.347975][ T4248]  ? show_regs_print_info+0x20/0x20
[  691.353196][ T4248]  ? print_circular_bug+0x12b/0x1a0
[  691.358431][T13187] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  691.358506][ T4248]  check_noncircular+0x296/0x330
[  691.373145][ T4248]  ? look_up_lock_class+0x71/0x110
[  691.378365][ T4248]  ? add_chain_block+0x940/0x940
[  691.383380][ T4248]  ? lockdep_lock+0xf1/0x1f0
[  691.388082][ T4248]  ? __lock_acquire+0x12e8/0x7d10
[  691.393209][ T4248]  ? mark_lock+0x94/0x320
[  691.397547][ T4248]  __lock_acquire+0x2c42/0x7d10
[  691.400507][T13187] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  691.402418][ T4248]  ? verify_lock_unused+0x140/0x140
[  691.402451][ T4248]  lock_acquire+0x19e/0x400
[  691.402469][ T4248]  ? __flush_work+0xfa/0x210
[  691.402485][ T4248]  ? __lock_acquire+0x7d10/0x7d10
[  691.414368][T13008] udevd[13008]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  691.417494][ T4248]  ? read_lock_is_recursive+0x10/0x10
[  691.453097][ T4248]  ? start_flush_work+0x776/0x820
[  691.458180][ T4248]  __flush_work+0x116/0x210
[  691.462796][ T4248]  ? __flush_work+0xfa/0x210
[  691.467402][ T4248]  ? flush_work+0x20/0x20
[  691.471745][ T4248]  ? try_to_grab_pending+0xfa/0x7f0
[  691.477129][ T4248]  ? mark_lock+0x94/0x320
[  691.481617][ T4248]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  691.488167][ T4248]  ? lock_chain_count+0x20/0x20
[  691.491218][T13187] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  691.493043][ T4248]  ? mark_lock+0x94/0x320
[  691.493066][ T4248]  ? __cancel_work_timer+0x36a/0x560
[  691.512849][ T4248]  __cancel_work_timer+0x3f4/0x560
[  691.518250][ T4248]  ? cancel_work_sync+0x20/0x20
[  691.523113][ T4248]  ? __cancel_work+0x1f9/0x2e0
[  691.528002][ T4248]  ? lockdep_hardirqs_on+0x94/0x140
[  691.533563][ T4248]  ? __cancel_work+0x27b/0x2e0
[  691.538361][ T4248]  ? cancel_work+0x20/0x20
[  691.543175][ T4248]  hci_request_cancel_all+0xcc/0x300
[  691.548493][ T4248]  hci_dev_do_close+0x4e/0x1030
[  691.553447][ T4248]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  691.559363][ T4248]  ? _raw_spin_unlock+0x40/0x40
[  691.561167][T13187] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  691.564354][ T4248]  ? kobject_uevent_env+0x371/0x890
[  691.564377][ T4248]  hci_rfkill_set_block+0x10a/0x190
[  691.564405][ T4248]  ? rcu_lock_release+0x20/0x20
[  691.564423][ T4248]  rfkill_set_block+0x1c6/0x420
[  691.564442][ T4248]  rfkill_epo+0x75/0x170
[  691.602159][ T4248]  rfkill_op_handler+0x76/0x220
[  691.607034][ T4248]  process_one_work+0x85f/0x1010
[  691.612080][ T4248]  ? worker_detach_from_pool+0x240/0x240
[  691.617998][ T4248]  ? lockdep_hardirqs_off+0x70/0x100
[  691.623420][ T4248]  ? _raw_spin_lock_irq+0xb7/0xf0
[  691.628464][ T4248]  ? _raw_spin_lock_irqsave+0x100/0x100
[  691.634031][ T4248]  ? wq_worker_running+0x97/0x170
[  691.639361][ T4248]  worker_thread+0xaa6/0x1290
[  691.644082][ T4248]  ? lockdep_hardirqs_on+0x94/0x140
[  691.649892][ T4248]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  691.656013][ T4248]  kthread+0x436/0x520
[  691.660108][ T4248]  ? rcu_lock_release+0x20/0x20
[  691.665080][ T4248]  ? kthread_blkcg+0xd0/0xd0
[  691.669700][ T4248]  ret_from_fork+0x1f/0x30
[  691.674236][ T4248]  </TASK>
[  691.677282][    C1] vkms_vblank_simulate: vblank timer overrun
[  691.689813][T13187] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  691.774520][T13187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.949809][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  691.967641][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  691.986341][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.005630][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.025574][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.042405][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.061908][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.075651][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.083574][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.094179][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.095889][T13187] usb 1-1: GET_CAPABILITIES returned 0
[  692.115681][T13187] usbtmc 1-1:16.0: can't read capabilities
[  692.130092][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.158937][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.173102][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.189051][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.197468][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.209358][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.217891][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.237112][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.244917][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.254897][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.264795][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.272606][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.282644][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.290780][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.298545][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.307629][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.315701][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.323627][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.331590][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.339562][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.347463][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.355484][   T26] hid-generic 0004:FFFFFFFF:0000.000C: unknown main item tag 0x0
[  692.395413][   T26] hid-generic 0004:FFFFFFFF:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  692.463519][T13187] usb 1-1: USB disconnect, device number 18
[  692.769458][ T4241] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  693.186320][ T4241] usb 3-1: config 0 has no interfaces?
[  693.191942][ T4241] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  693.201162][ T4241] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.210587][ T4241] usb 3-1: config 0 descriptor??
[  693.642565][T13187] usb 3-1: USB disconnect, device number 22
[  698.153362][ T4277] device hsr_slave_0 left promiscuous mode
[  698.159709][ T4277] device hsr_slave_1 left promiscuous mode
[  698.165982][ T4277] batman_adv: batadv0: Removing interface: batadv_slave_0
[  698.174942][ T4277] device bridge_slave_1 left promiscuous mode
[  698.181189][ T4277] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.188873][ T4277] device bridge_slave_0 left promiscuous mode
[  698.195697][ T4277] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.204323][ T4277] bond8 (unregistering): Released all slaves
[  698.212560][ T4277] bond7 (unregistering): (slave vlan2): Releasing active interface
[  698.223274][ T4277] bond7 (unregistering): Released all slaves
[  698.231745][ T4277] bond6 (unregistering): Released all slaves
[  698.240366][ T4277] bond5 (unregistering): Released all slaves
[  698.249943][ T4277] bond4 (unregistering): Released all slaves
[  698.258704][ T4277] bond3 (unregistering): Released all slaves
[  698.269007][ T4277] bond2 (unregistering): Released all slaves
[  698.278409][ T4277] bond1 (unregistering): Released all slaves
[  698.400071][ T4277] team0 (unregistering): Port device team_slave_1 removed
[  698.410088][ T4277] team0 (unregistering): Port device team_slave_0 removed
[  698.420347][ T4277] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  698.431441][ T4277] device bond_slave_1 left promiscuous mode
[  698.440159][ T4277] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  698.449027][ T4277] device bond_slave_0 left promiscuous mode
[  698.482896][ T4277] bond0 (unregistering): Released all slaves