last executing test programs:

2m40.709933857s ago: executing program 2 (id=1374):
add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000000000000616263646587fe"], 0x18, 0xfffffffffffffffd)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2, 0xa8d4}}, './file0\x00'})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="0500000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffff"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0, 0x3a}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2m40.279169838s ago: executing program 2 (id=1377):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005080000000000008200000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000048000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a6000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

2m40.085142903s ago: executing program 2 (id=1379):
mkdir(&(0x7f0000000280)='./file0\x00', 0x324)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000040))

2m39.958167683s ago: executing program 2 (id=1381):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000014c0)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x200, {0x0, 0x0, 0x0, r2, {0xc}, {0xfff2}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x8, 0x2, [@TCA_BPF_ACT={0x4}]}}]}, 0x34}}, 0x0)

2m39.778784323s ago: executing program 2 (id=1384):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000940)={'syz1\x00', {0x4, 0x0, 0x5374}, 0x1d, [0x8000, 0x78, 0xf, 0x2, 0x80, 0x6, 0x203, 0x7e, 0x4, 0x4b, 0x39cc1919, 0x42, 0x9, 0x5, 0xffff2d37, 0x881, 0x6, 0x3, 0x0, 0x5, 0x4, 0x3, 0xfffffffb, 0x3c5d, 0x1, 0x0, 0x9, 0x2, 0x15bb, 0x2, 0xe65f, 0x3, 0x7, 0x3, 0x7fff, 0x7, 0x80000000, 0xa72, 0x3, 0x7, 0x0, 0x71, 0xe, 0x5, 0x1, 0x5, 0x9, 0x3a, 0xffffff7f, 0x6, 0x6, 0xfffc0003, 0x5, 0x4, 0x8, 0x101, 0x90, 0x2, 0x4, 0x9, 0x8, 0x7, 0x1f, 0x40], [0x10000007, 0x3, 0x800, 0x8000, 0x10, 0xffeffff3, 0x8, 0x200c7, 0xf7, 0x10, 0x2bf, 0x6c9, 0xfff, 0xfffffffe, 0x5, 0x0, 0xd14, 0x5, 0x2f, 0xe, 0x4312, 0x7c, 0xea4, 0x0, 0x4, 0x22, 0x1, 0x40009, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x5, 0x5f31, 0x7f9, 0x5, 0x2, 0x2, 0x9, 0x5, 0x9, 0x8, 0x800000d, 0x88da, 0x2007, 0xd, 0x1, 0xfe000000, 0x10002, 0x2, 0x7b, 0x8, 0x3, 0x3, 0x8, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x1000042, 0xffff], [0x7, 0xf5fd, 0x0, 0x5, 0x1, 0x100, 0xa, 0x9, 0x800003, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x5, 0x20000005, 0x0, 0x1ef, 0x4, 0x8, 0x86, 0x3, 0x7, 0x3e7, 0xa, 0x5, 0x200, 0x5, 0x3, 0x8, 0x8, 0x6cfc, 0x5, 0x39, 0x8, 0x200, 0x80000000, 0x3, 0x4e0a, 0x7, 0x1000, 0xa2, 0x7, 0x5, 0x1, 0x6, 0xac8, 0xffffffff, 0x2, 0x11, 0x7ff, 0xfffffff9, 0x0, 0x10000, 0xffff, 0x2b98, 0x1, 0x4, 0x120000, 0xbe, 0x0, 0xa2ed, 0x2, 0x25], [0x9, 0xbb31, 0x7, 0xb, 0x5, 0xf0c1, 0xa, 0x80000006, 0x0, 0x5, 0x7d, 0xc9, 0x6, 0x6, 0x8, 0x57b, 0x7, 0x10000, 0x6, 0x7ffd, 0xfffd, 0x4, 0x20002, 0x5, 0xe8a0556, 0x2, 0x14c, 0x3, 0x6, 0x10006, 0x3, 0x80000000, 0x5, 0x8, 0xce, 0xee1, 0xfffff000, 0x179, 0x3, 0x7e, 0x100, 0x9600, 0x56e, 0x2, 0x1007, 0x40000006, 0x1, 0x0, 0x8, 0x4, 0x30b1d693, 0xa1f, 0xc, 0x800007, 0xfffffffe, 0x3, 0x0, 0xffff, 0x8000007, 0x2bf, 0x3, 0x1ff, 0x7fffffff, 0x12]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000fff000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x7, 0x7, 0x8001, 0x7}]})
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setrlimit(0xe, &(0x7f00000002c0)={0x0, 0x1})
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'wg0\x00'})
sendmsg$nl_route(r8, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=@getstats={0x1c, 0x5e, 0x100, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x440c0}, 0x20000001)
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@deltaction={0x1ec, 0x31, 0x100, 0x70bd27, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x30, 0x1, [{0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}, {0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @TCA_ACT_TAB={0x70, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3734}}, {0x14, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffffb}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @TCA_ACT_TAB={0x70, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9000000}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @TCA_ACT_TAB={0x78, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0x14, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x10}, 0x20040044)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

2m38.933175896s ago: executing program 2 (id=1386):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x38)
r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
syz_emit_vhci(0x0, 0x7)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x24, 0x3)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)

2m23.604588637s ago: executing program 32 (id=1386):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x38)
r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
syz_emit_vhci(0x0, 0x7)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x24, 0x3)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)

1m19.17546354s ago: executing program 5 (id=1752):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x10, 0x1411, 0x1, 0x0, 0xfffffffc}, 0x10}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000)

1m19.08241082s ago: executing program 5 (id=1753):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd00031100cd000000a60c6eec00"], 0xfdef)

1m18.866954352s ago: executing program 5 (id=1755):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
write$evdev(r1, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f00000001c0)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb2, &(0x7f0000000140)=""/178, 0x2c8a4ed31704d5db, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8412060, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000}}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)

1m16.67260466s ago: executing program 5 (id=1765):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd00031100cd000000a60c6eec00"], 0xfdef)

1m16.625683727s ago: executing program 1 (id=1766):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
syz_usb_disconnect(r0)

1m14.805269271s ago: executing program 5 (id=1770):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40002, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x4040800)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sched_setscheduler(0x0, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x6020400)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000002000, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket$inet_udp(0x2, 0x2, 0x0)

1m13.280247178s ago: executing program 5 (id=1776):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
shutdown(r1, 0x0)
connect$unix(r1, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=")
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

1m11.169565422s ago: executing program 1 (id=1780):
pselect6(0x40, &(0x7f0000000100)={0xd, 0x0, 0x0, 0x5, 0x293, 0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x1, @loopback, 0xfffffffd}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\t', 0x1}], 0x1}}], 0x1, 0x24000040)

1m11.085754044s ago: executing program 1 (id=1781):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40002, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x4040800)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sched_setscheduler(0x0, 0x1, 0x0)
unshare(0x6020400)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000002000, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket$inet_udp(0x2, 0x2, 0x0)

1m8.388097157s ago: executing program 1 (id=1785):
mkdir(&(0x7f0000000100)='./file0\x00', 0x20)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
r0 = openat(0xffffffffffffff9c, 0x0, 0x4, 0x80)
getdents64(r0, 0x0, 0x0)

1m8.120130277s ago: executing program 1 (id=1787):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40002, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x4040800)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x6020400)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000002000, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket$inet_udp(0x2, 0x2, 0x0)

1m6.883510095s ago: executing program 1 (id=1789):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
shutdown(r1, 0x0)
connect$unix(r1, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

58.067670017s ago: executing program 33 (id=1776):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
shutdown(r1, 0x0)
connect$unix(r1, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=")
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

51.13275337s ago: executing program 34 (id=1789):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
shutdown(r1, 0x0)
connect$unix(r1, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

39.848835815s ago: executing program 4 (id=1835):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000540)={0x1, {&(0x7f0000000200)=""/80, 0xfffffff1, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000000080)=""/163, 0xa3, 0x0, 0x2, 0x2}}, 0x48)
r1 = dup(r0)
write$vhost_msg_v2(r0, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000001540)={0x2, 0x0, {&(0x7f0000000d40)=""/201, 0xc9, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000000600)={0x2, 0x0, {&(0x7f00000005c0)=""/22, 0x16, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000ac0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x3}}, 0x48)

39.00196741s ago: executing program 4 (id=1836):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x38)
r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)

38.270253856s ago: executing program 4 (id=1837):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xca, 0x71, 0x59, 0x20, 0x1546, 0x1010, 0x3abe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r3, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4)
close(r5)
accept4(r4, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

34.721605506s ago: executing program 4 (id=1841):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000600)=ANY=[], 0x8)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r5, 0xffffffffffffffff, 0x0)

32.78302201s ago: executing program 4 (id=1844):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x5)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0, 0x4000}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x7e0, 0x628, 0x3f8, 0x3f8, 0x0, 0x628, 0x710, 0x710, 0x710, 0x710, 0x710, 0x6, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast1, [], [], 'veth1\x00', 'syz_tun\x00'}, 0x11e, 0xa8, 0x1d0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'unconfined\x00'}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @empty, @remote, @private2, @private1, @dev, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @loopback, @local, @private1, @dev]}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'nr0\x00'}}}, {{@ipv6={@empty, @private0, [], [], 'sit0\x00', 'sit0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x840)

30.693469518s ago: executing program 4 (id=1850):
epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
shutdown(r0, 0x0)
connect$unix(r0, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

18.725407452s ago: executing program 0 (id=1866):
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000540)={0x1, {&(0x7f0000000200)=""/80, 0xfffffff1, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000000080)=""/163, 0xa3, 0x0, 0x2, 0x2}}, 0x48)
r0 = dup(0xffffffffffffffff)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000001540)={0x2, 0x0, {&(0x7f0000000d40)=""/201, 0xc9, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000600)={0x2, 0x0, {&(0x7f00000005c0)=""/22, 0x16, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000ac0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x3}}, 0x48)

18.323727622s ago: executing program 0 (id=1867):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x90, "ff00f7000000000000000020af88008300"})
r1 = syz_open_pts(r0, 0x400000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000640), 0x0, 0x8840)
ioctl$EVIOCGABS20(r5, 0x80184529, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000280), 0x12)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='asymmetPic@\xe6u\x18\x8f\x8d\xd0\xb9\xb4d\x97\xee\x9bY\xb3\xa0dI$(\xed\x98S\xdcB\xdf\x99J\x9c&#m\xd0\xb0\x134m\xa7se\x8fvS\x84:\"-\x94\x84\xbd\xf4X\xf2F6\xe44\x1f\xa7f\x82\xd7aLt@%a\x8a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xb4\xc6m39\x9e)\xa5\xe7\xdb\xdc\xb3\xb6\x1f\x1d5\x13\xde\xab\x86\xf5`S<\xd5\xc7@-X0\xa9\xe4l\xab\xf0}\xf0\xeaco\x85kM\x8a<Z\x02\xfc\xb6E\x8c&\f\xb4)l\x93\xb8\xb1\xcfK\x0e\xben \xc3\xc5xH\xa5\t\xcc\"\xcd\xe2\xbb>S\x1bZ\xa1\xba\xb4E\xbc', r6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
mkdirat(0xffffffffffffff9c, 0x0, 0x64)
keyctl$restrict_keyring(0xa, r6, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e')
write(r1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r7 = socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, 0x0)

15.77473343s ago: executing program 3 (id=1869):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000600)="a3"})

14.624781742s ago: executing program 35 (id=1850):
epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
shutdown(r0, 0x0)
connect$unix(r0, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
unshare(0x60000600)
sync()
sync()
sync()
sync()
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

14.341222611s ago: executing program 0 (id=1872):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

13.348847603s ago: executing program 7 (id=1873):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x90, "ff00f7000000000000000020af88008300"})
syz_open_pts(r0, 0x400000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})

13.338902007s ago: executing program 3 (id=1874):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00'})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sched_setscheduler(0x0, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x6020400)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000002000, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket$inet_udp(0x2, 0x2, 0x0)

13.315542438s ago: executing program 6 (id=1875):
add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000000000000616263646587fe"], 0x18, 0xfffffffffffffffd)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2, 0xa8d4}}, './file0\x00'})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="0500000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffff"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x4, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0, 0x3a}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

12.3264765s ago: executing program 7 (id=1876):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005880)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x300}], 0x2}, 0x5)

12.144243321s ago: executing program 3 (id=1877):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xca, 0x71, 0x59, 0x20, 0x1546, 0x1010, 0x3abe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r3, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4)
close(r5)
accept4(r4, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xb10, 0x102)
futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x1)
ioctl$BTRFS_IOC_SEND(r6, 0x40489426, 0x0)

12.076706947s ago: executing program 6 (id=1878):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x90, "ff00f7000000000000000020af88008300"})
syz_open_pts(r0, 0x400000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000640), 0x0, 0x8840)
ioctl$EVIOCGABS20(r4, 0x80184529, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000280), 0x12)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='asymmetPic@\xe6u\x18\x8f\x8d\xd0\xb9\xb4d\x97\xee\x9bY\xb3\xa0dI$(\xed\x98S\xdcB\xdf\x99J\x9c&#m\xd0\xb0\x134m\xa7se\x8fvS\x84:\"-\x94\x84\xbd\xf4X\xf2F6\xe44\x1f\xa7f\x82\xd7aLt@%a\x8a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xb4\xc6m39\x9e)\xa5\xe7\xdb\xdc\xb3\xb6\x1f\x1d5\x13\xde\xab\x86\xf5`S<\xd5\xc7@-X0\xa9\xe4l\xab\xf0}\xf0\xeaco\x85kM\x8a<Z\x02\xfc\xb6E\x8c&\f\xb4)l\x93\xb8\xb1\xcfK\x0e\xben \xc3\xc5xH\xa5\t\xcc\"\xcd\xe2\xbb>S\x1bZ\xa1\xba\xb4E\xbc', r5)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, 0x0)

10.600737056s ago: executing program 7 (id=1879):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xca, 0x71, 0x59, 0x20, 0x1546, 0x1010, 0x3abe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r3, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4)
close(r5)
accept4(r4, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xb10, 0x102)
futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x1)
ioctl$BTRFS_IOC_SEND(r6, 0x40489426, 0x0)

9.663830016s ago: executing program 6 (id=1880):
r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(r0)

5.954032292s ago: executing program 6 (id=1881):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\f\x00\x00'], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000000)={0x20, 0xe, 0x2, {0x2, 0xf}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81d}}, 0x0, 0x0}, &(0x7f0000000380)={0x2c, &(0x7f0000000140)={0x40, 0x31, 0x11, "83d1000000000000000000000000c9ddc8"}, 0x0, 0x0, 0x0, 0x0})

5.700134782s ago: executing program 7 (id=1882):
bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2a}]}, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000280), 0x0}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

5.575441118s ago: executing program 7 (id=1883):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380), 0x1, 0x1000000, &(0x7f0000000600)="a3"})

5.400209153s ago: executing program 3 (id=1884):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xe, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
listen(0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00')
preadv(r4, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}], 0x1, 0x1006c, 0x0)

4.993685266s ago: executing program 0 (id=1885):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xca, 0x71, 0x59, 0x20, 0x1546, 0x1010, 0x3abe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r3, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4)
close(r5)
accept4(r4, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xb10, 0x102)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$BTRFS_IOC_SEND(r6, 0x40489426, 0x0)

4.159547652s ago: executing program 7 (id=1886):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
shutdown(r1, 0x0)
connect$unix(r1, 0x0, 0x0)
unshare(0x60000600)
sync()
sync()
sync()
sync()
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0088a8ffffffffffff2833b1656532080600010800060400"], 0x2e)

4.089341925s ago: executing program 3 (id=1887):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_newroute={0x34, 0x18, 0x309, 0x70bd27, 0x0, {}, [@RTA_EXPIRES={0x8, 0x17, 0x9}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @SEG6_LOCAL_BPF={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_BPF_PROG={0x8}}}]}, 0x34}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
syz_usb_connect$uac1(0x5, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x3, 0x20, 0x3}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xd42617389d614cb9, 0x85, 0x0, 0x4, 0x8, 0x1}]}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x20, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
truncate(&(0x7f0000000140)='./file2\x00', 0x63fc)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
socket(0x10, 0x803, 0x0)

3.424226393s ago: executing program 6 (id=1888):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005880)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x300}], 0x2}, 0x5)

2.223987203s ago: executing program 6 (id=1889):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xb, 0x4, 0x5, 0x80}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xca, 0x71, 0x59, 0x20, 0x1546, 0x1010, 0x3abe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close_range(r0, r3, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4)
close(r5)
accept4(r4, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x1)
ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, 0x0)

1.413287808s ago: executing program 0 (id=1890):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = syz_open_dev$evdev(0x0, 0x1, 0x2002)
write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000001c0)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c)

256.185364ms ago: executing program 3 (id=1891):
socket$inet_udp(0x2, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x4}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x54}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, 0x0, &(0x7f0000000000)=""/10, 0x2}, 0x20)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
write(r4, &(0x7f00000008c0)="bae2bf808214ff98d8d00b4e4aa5b63a86342a471feaedd023fe0d23081a02d33e4a469ab9d700b98dbc637a1ab17ee404dfa6c5d5a144ee59221d4b94680ba508343a208a525cff39a2733191ec729e1ed6ee89970d901cdde9274de2a14d16d4b60efff4a823051100a4766a36baa70307cd088fcc9e7146a60c52282f525d113a20c411358bfa0b288791cc9dba6ba75a160cb7beda4a2a7f1a2fa5c565ff344c6b7550c85aeec24195055e0cb2b5ed37875be4e627ef1027ef44c76edb024b67d2dd316c9025880d70300e9ac5abae459e1de4d6868facadaf5c07042ba04768b47d542ef67510bc6a31e1c671cd366d1060843996078b8bceab4299a1fd7ff0318b010dfc8a95b9163505bdde7f92bccfb94a227d620c7fbf355564d75dadaeb40bfa148575d175ba6b276dd1f08de275305c679ed2ca319a0d0ea310eee868429deb863319197812d62a2961765536e8b81edabf419b3ee6c60e17b9c61353366cb3e11572e94b996053feb7854704a86cd638976f8373557ca455e43463252bff8f4835f05ac57cc3e29031d648a942c4f83823378367ff5ff6157e59ccb6b7236eeca6a5f962d3f79b677fa1d2b8baa374f5aab9ecabd7f024941d73db13ba01090a7544d51c2e1ffc35d383b355c359568623715caadca70f1125419af0a5ec9832a5885c29ac40b3fe2f9f173934bb57eef3c9ab71d1b747554fb403d22cd39f98d2ac6df121c75ea827d1790db6fc7c21f601f75bc9b7d5facd83cf77e4b666e3257fb81ac213d2afccd3cc5e2bab7db075d051cd5c9f860f421e672e6d3c2ffce5f51b45e24a1dcf27de17e47ad0d34fa1ead3fc3892593f29f94f26413603c490f9c7d0682de6f9048ae911615975cee4e8b1349133192bfe71130368238688b67b74631a1a524699d28d86427694f753daf88e009c4d34ed310fea1c7356e5abc256595589f704a69b36b6dd05060f3abd79af70d2eb438b85b3d35d300eabaf51bdf479e07ff1338eba821f0c2a395cd355103df33032c1cd8edcdc5425f4418f18b7c1e85fceeb6f41fbaed2573052cf087659520618fe64ec82ae8484b2ddb50a41762fc3f90b3ceb8b2d10bac688e2d35d35e93639ab72384bebe7690c467f0f678bd75c9aa67bc96d94c98ced73d22c6776c918fe50143b80dc80d97326858cbbff3d66f7dc788b788ef275c5037081e9f025e3becca7cf496f7cddd0da37a4ea323d5037bfbcb61edf8b5980269c788605be92bd56b2399e1d5c6dfb43b65d6c9fb9a1ea1c8c548833c48a255b81ac0f7029be6234823bcf232efdc8116d530b652bc6aeab4367f7a33b4d152646003c2064a0b1cabaef6c2391e71c822409130fc4d0a3c9d2895b3f3468a51b33c512711e36632597b3e582af545f29b698d2d41f8362080977d0a0d48d492cc4f61816b7fedd27b826f81e1cbffed54c31dc6ef4b986bad01da626237a2e6bca61e2329bc4e06de64fa68d371a2f0b5dfe017d321e09bd5fc8fba5416e8d7ea329ec0f9be877dc406b6f592dfb3176cffcd9a82ac7479e674d6f3c346fcd3cd2f65e724693b5ace04bb74c2e8a47717162a3b14fcd0b9045b48545ec9dd4d2d1926da207371dbb8e339bd5456f7e00dfb73a9ad86e5e902311644a9a0ce2cb9483b90c25c8e30984bac1c462c06f1b76c68f5a8ef8e6414c67b6a0f77e9eb2e56a8b9ebe6af0a8fa69a92ea6ffde0eee16696a065da53bb4cb51c5985fcb0434589b4628efcf14ddd5f17ec6bd1f219096e02dc364d036b21df65c16a7a83a2145996f2154719317f49444f6ba380b821e4ca10ebba5795d6f04fe252cfabc4ffba1ae5938450b6da37ad734cf298029bfdac3b28cf86f27696fb2b7707702606e3bf5ae65e0d74b3ba450cb36af1c975aead56e69d4e61d3b1941b15d4e017f46552caf43c5ac8beafcf4c0e64c8247136d8e36409ef2986b79c806f4122a44cf988ce789797ec8919f6daff8e353e2391e45f4a2dd9984fbc8646132e2502d462d04b2d7be73cca3ede4240e3368585083f7721da55c95fc49b43a28c3e09c5fb7b43e4dc48d1095d7327ec859d657cf9cc8eef62aac5f1948358727267b87741c27fcc4b3577552e8ad3393a28261a1f754e8130c5b696509b608eb18a0cea00709ec2698527182412559deb8158e2caac436d000b4fb0f98cf920be07f0cbf3eb042bf865f68ca9295e541ae1ec6620b657ffd021794c9e2af3fdaeb5d453c30f8f915b28f230deb1f0717992d9b33425b79106de94e1cdb79dd14627413af70a2d34c908d0c165a3601b0339a335bb44ae635fe96c932111f6eef5216e32a46085216ad85423ef9b0e335ff7028464ccaaaf146d846c436e1db3c77877dce48b92d6b7e1d04f455f66093a9b24c07ef58cbfa7626c03cdf2153f14b055eb6c3c98a28ca85a74c48773f829a35433f11078249dd0a4295dbc3cf539a2b68c472a3000bb1b8e0faee8ea405270532c20ef4955b54d768d99d83ba165f37061bad1d1dcb1d90162b2a6c7678068e665dfa9501d367e4ba272238a3f8919d7f19cb692f2679fb1ea43d3fcf7119ce967529450de7fb3a2bb9902bf5b146e37661a934554f12dfec8647a96c5efc7bf3256af35cc94b64ad1a6902c6b052bb7334a364b0eaa485dee260d1331620e59260517f5d79c5eefc11148062fc6d8296d40a0e832b406c39440945ef986f7bd5beeef8954a86d4efb2f0b1215a3860df643bfa2f8bc99113ea1401188b580ee168a3b62201529b581e360754ae9528f9a2339e9b91a60111bd31a0079f739219cc44f909291b62f120154f6b52acde04dbccf990fcc7a69ce2038abcb3a67c6486096646dda436b4a95e50c18756554c60c6c1cc54ce217b56bdc191ed7eb7878913203bc227b28d5fdf65953a59a2ee1e1238e2c661777a9159a101fccee86d1ce2b95f5ad3d91466d9c466f5eca143b29c2609c13f708d1467c3be9834a7846eb6914861aa7b44f63c509484ffca1cfb2e561af51cbde7ee3fc2e07fc5e0e81df9d935b09f9f9476b1f3dd14952ca4d110933ee4d92eb98ea6fac1111a33e4a23a8a0c8542d5351cf34820daf5b4b805b7e70e47daa9e2dad1f8c8bb88d49322c0b40b9d7517aeee63f2167aff6cbd520a7703b38f5fb1b35437b78749c884aeec19d39a27703422dca08f5ab657bd5fd49710b7ae5da0ebd1f8846bc2d52550a576ebd6d40e6ad3c4dfc6333a244aac3f37d2c4fba92a0a9fbee36a3aa25c3bb992bb427a8f5e5b7711b2dcf2dd6e4b539d480547cffed5d71ee72f6f9de2ff259582bfd1a30d555529f49b2736addfbfe2c41112b4d303f47eca8efa1f6352a732825e98a8492a9822d91ecf3ac3328cd35c65f2c0a66f63b3c99a1366281790302a81dad6e40927e2ba721d45f9b3872900afabbd43d2b58164f7e32ca1ce161e7b3a1e05e749b99bac07f491958dd690d91e642f5c7dc560a71c56e9da22f914b15aac87c34bdc97a81a76fc083786709faf2253f90ec09708376092cc0fd168f1c8a28b70c633b7332409e09c8ebc6f44140661b43d68cb38fed68b16ab576ae2968c9d0f919cf353bdcba23a604bd501b467e8f87fd4dc6a1f411c8cee636239246054c86011f36d789233458fda552462448b4c8ffb7fb1266f0ba9b2445dc6646739f014244370940d7478aef9b59149666d8611df11dd9a188bbdb74605bf6948c75d3254b50520e4478029137386507f14fe07eb290f58d657c3d652c79684177f2086d4f8ee233d01843b5072f68bf954683daa28df895a8a61dc6ce683d388c0231d971c76509826de3df51fdfbbaaab194f0d7833e0af79004c1e1ef1849aa92598cd59e4a6e772e408791409ce179376020ebd176eeb5f1a0210bc203e4eb7caab029dab9e630463dda20f4ccaf65b1a16c1f5c84e58ee82d718c8f486ea3b7da88689a52eb38e91cd9366b1bc406e78e18964aedc915fc4fa15567276cb15d75c71eb566a8bff6e96666616c88312071c98c97ab74116e131a8aeef4bd278ae292f8bd9677e2c6b7d4a541475c20824c10da9ae336a32c51e25e58c6658d0404af0a64518bf6338fdee18cabb1373d1fdf1381f40c3408239bccfb601dfde6f76199e06023544a216749bcdde531655f7a4bc275ec02001aad0d232c82f07a9bd679ec406bf076a21be31f896885cc3189b61ab7170fb798670777e7863f4d6b171e697031b73ab8c207b83e4454018894c97f4f80c0f8a7538a395e3a5fb9d9de5c82f34b4f412a12c106bcbfb9289802c66948eca04d37afb1e496bcfdea5d4b26dfcbde0ee7c5967f20a5ab546b843082ea5fc188db08be145c05d4303b95478317e25d89a974b6bb40695cac52497f37a22b7fc580e3fff572fb953f3d83ad4ccee8497dda59ea1ecc2f5ad86b516f46889aff394d8c3e82ceaa013d299c0b461677ad5a49311f32799f44e504f15265ac587344b519c60273c2a0fdbd4e3f15fb0b27308cf5d8ee031fa8d2c6d6af5cac4760edef7e7733bff3417432a7a3a145035d238cffb60621c9836b51889cf4439dc927dbeb0277e9b40", 0xcad)

0s ago: executing program 0 (id=1892):
ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x190)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="18020000002000000000000000000000850000000700000095"], 0x0, 0x5}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000e80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r2, r3, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x8840)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x7, 0x0, 0x7fffffff}]})
close_range(r6, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

 prio class 2
[  397.382244][T10040] Buffer I/O error on dev nbd1, logical block 0, async page read
[  397.382394][T10040] Dev nbd1: unable to read RDB block 0
[  397.472845][T10040]  nbd1: unable to read partition table
[  397.485071][T10204] FAT-fs (loop2): Directory bread(block 64) failed
[  397.487993][T10040] ldm_validate_partition_table(): Disk read failed.
[  397.511332][T10040] Dev nbd1: unable to read RDB block 0
[  397.517099][T10040]  nbd1: unable to read partition table
[  397.520997][T10204] FAT-fs (loop2): Directory bread(block 65) failed
[  397.581180][T10204] FAT-fs (loop2): Directory bread(block 66) failed
[  397.587721][T10204] FAT-fs (loop2): Directory bread(block 67) failed
[  397.609168][T10204] FAT-fs (loop2): Directory bread(block 68) failed
[  397.678112][T10204] FAT-fs (loop2): Directory bread(block 69) failed
[  397.708001][T10204] FAT-fs (loop2): Directory bread(block 70) failed
[  397.728925][T10204] FAT-fs (loop2): Directory bread(block 71) failed
[  397.745093][T10204] FAT-fs (loop2): Directory bread(block 72) failed
[  397.766922][T10204] FAT-fs (loop2): Directory bread(block 73) failed
[  397.814617][T10216] kvm: pic: non byte read
[  397.828039][T10216] kvm: pic: non byte read
[  397.841184][T10216] kvm: pic: non byte read
[  397.854112][T10216] kvm: pic: non byte read
[  397.874827][T10216] kvm: pic: non byte read
[  397.901309][T10216] kvm: pic: non byte read
[  397.910669][T10216] kvm: pic: non byte read
[  397.929416][T10216] kvm: pic: non byte read
[  397.939018][T10216] kvm: pic: non byte read
[  397.942153][ T9885] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  397.954494][T10216] kvm: pic: non byte read
[  398.123481][ T9885] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  398.142990][ T9885] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  398.170985][ T9885] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  398.206999][ T9885] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  398.224474][ T9885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.247611][ T9885] usb 5-1: Product: syz
[  398.261835][ T9885] usb 5-1: Manufacturer: syz
[  398.276726][ T9885] usb 5-1: SerialNumber: syz
[  398.343309][ T9885] hub 5-1:1.0: bad descriptor, ignoring hub
[  398.375060][ T9885] hub 5-1:1.0: probe with driver hub failed with error -5
[  398.543035][ T9885] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  398.704826][T10251] loop3: detected capacity change from 0 to 256
[  398.757557][T10251] FAT-fs (loop3): Directory bread(block 64) failed
[  398.804501][T10251] FAT-fs (loop3): Directory bread(block 65) failed
[  398.821308][T10251] FAT-fs (loop3): Directory bread(block 66) failed
[  398.855685][T10251] FAT-fs (loop3): Directory bread(block 67) failed
[  398.880337][T10251] FAT-fs (loop3): Directory bread(block 68) failed
[  398.897665][T10251] FAT-fs (loop3): Directory bread(block 69) failed
[  398.921939][T10251] FAT-fs (loop3): Directory bread(block 70) failed
[  398.931460][ T9888] usb 5-1: USB disconnect, device number 18
[  398.941197][T10251] FAT-fs (loop3): Directory bread(block 71) failed
[  398.959546][ T9888] usblp0: removed
[  398.963656][T10251] FAT-fs (loop3): Directory bread(block 72) failed
[  398.980538][T10251] FAT-fs (loop3): Directory bread(block 73) failed
[  399.476004][T10261] loop3: detected capacity change from 0 to 256
[  399.582896][T10261] FAT-fs (loop3): Directory bread(block 64) failed
[  399.596816][T10261] FAT-fs (loop3): Directory bread(block 65) failed
[  399.624672][T10261] FAT-fs (loop3): Directory bread(block 66) failed
[  399.641601][T10261] FAT-fs (loop3): Directory bread(block 67) failed
[  399.658436][T10261] FAT-fs (loop3): Directory bread(block 68) failed
[  399.671633][T10261] FAT-fs (loop3): Directory bread(block 69) failed
[  399.678561][T10261] FAT-fs (loop3): Directory bread(block 70) failed
[  399.700996][T10261] FAT-fs (loop3): Directory bread(block 71) failed
[  399.707653][T10261] FAT-fs (loop3): Directory bread(block 72) failed
[  399.728222][T10261] FAT-fs (loop3): Directory bread(block 73) failed
[  399.801738][ T9878] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  399.919286][T10275] loop1: detected capacity change from 0 to 256
[  399.985523][T10275] FAT-fs (loop1): Directory bread(block 64) failed
[  399.992274][ T9878] usb 1-1: Using ep0 maxpacket: 32
[  400.006069][T10275] FAT-fs (loop1): Directory bread(block 65) failed
[  400.013439][ T9878] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.032526][T10275] FAT-fs (loop1): Directory bread(block 66) failed
[  400.041149][ T9878] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.062741][T10275] FAT-fs (loop1): Directory bread(block 67) failed
[  400.069400][T10275] FAT-fs (loop1): Directory bread(block 68) failed
[  400.078201][ T9878] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  400.091896][T10275] FAT-fs (loop1): Directory bread(block 69) failed
[  400.098527][T10275] FAT-fs (loop1): Directory bread(block 70) failed
[  400.107100][ T9878] usb 1-1: config 0 interface 0 has no altsetting 0
[  400.114172][ T9878] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  400.123345][ T9878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.131064][T10275] FAT-fs (loop1): Directory bread(block 71) failed
[  400.139444][T10275] FAT-fs (loop1): Directory bread(block 72) failed
[  400.146894][T10275] FAT-fs (loop1): Directory bread(block 73) failed
[  400.152393][ T9878] usb 1-1: config 0 descriptor??
[  400.173934][ T9878] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  400.292400][T10280] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1334'.
[  400.297801][T10273] loop4: detected capacity change from 0 to 32768
[  400.955185][T10220] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  400.983909][T10246] netlink: 'syz.2.1315': attribute type 2 has an invalid length.
[  401.887111][T10166] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  401.979480][T10310] loop4: detected capacity change from 0 to 256
[  402.020649][T10310] FAT-fs (loop4): Directory bread(block 64) failed
[  402.036277][T10310] FAT-fs (loop4): Directory bread(block 65) failed
[  402.041878][T10166] usb 3-1: Using ep0 maxpacket: 32
[  402.043468][T10310] FAT-fs (loop4): Directory bread(block 66) failed
[  402.055894][T10310] FAT-fs (loop4): Directory bread(block 67) failed
[  402.062970][T10310] FAT-fs (loop4): Directory bread(block 68) failed
[  402.063083][T10166] usb 3-1: config 0 has an invalid interface number: 119 but max is 0
[  402.069583][T10310] FAT-fs (loop4): Directory bread(block 69) failed
[  402.085090][T10310] FAT-fs (loop4): Directory bread(block 70) failed
[  402.087177][T10166] usb 3-1: config 0 has no interface number 0
[  402.092321][T10310] FAT-fs (loop4): Directory bread(block 71) failed
[  402.099287][T10166] usb 3-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  402.117986][T10310] FAT-fs (loop4): Directory bread(block 72) failed
[  402.118000][T10166] usb 3-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  402.132961][T10310] FAT-fs (loop4): Directory bread(block 73) failed
[  402.138578][T10166] usb 3-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  402.248234][T10166] usb 3-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  402.267099][T10166] usb 3-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  402.279162][T10166] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.287681][T10166] usb 3-1: Product: syz
[  402.300615][T10166] usb 3-1: Manufacturer: syz
[  402.323273][T10166] usb 3-1: SerialNumber: syz
[  402.341894][T10314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1346'.
[  402.381515][T10166] usb 3-1: config 0 descriptor??
[  402.384323][T10316] loop4: detected capacity change from 0 to 256
[  402.817235][T10166] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.119/input/input11
[  402.913783][T10166] usb 3-1: USB disconnect, device number 20
[  402.934784][T10316] FAT-fs (loop4): Directory bread(block 64) failed
[  402.961362][ T9885] usb 1-1: USB disconnect, device number 26
[  402.974102][T10316] FAT-fs (loop4): Directory bread(block 65) failed
[  402.980715][T10316] FAT-fs (loop4): Directory bread(block 66) failed
[  403.038075][T10316] FAT-fs (loop4): Directory bread(block 67) failed
[  403.067920][T10316] FAT-fs (loop4): Directory bread(block 68) failed
[  403.096995][T10316] FAT-fs (loop4): Directory bread(block 69) failed
[  403.129887][T10316] FAT-fs (loop4): Directory bread(block 70) failed
[  403.155224][T10316] FAT-fs (loop4): Directory bread(block 71) failed
[  403.196255][T10316] FAT-fs (loop4): Directory bread(block 72) failed
[  403.224803][T10316] FAT-fs (loop4): Directory bread(block 73) failed
[  403.315091][T10324] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  403.675839][T10312] loop3: detected capacity change from 0 to 32768
[  403.914433][T10352] loop2: detected capacity change from 0 to 256
[  403.943972][T10166] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  403.984526][T10352] FAT-fs (loop2): Directory bread(block 64) failed
[  403.991370][T10352] FAT-fs (loop2): Directory bread(block 65) failed
[  403.998525][T10352] FAT-fs (loop2): Directory bread(block 66) failed
[  404.005312][T10352] FAT-fs (loop2): Directory bread(block 67) failed
[  404.014651][T10352] FAT-fs (loop2): Directory bread(block 68) failed
[  404.021397][T10352] FAT-fs (loop2): Directory bread(block 69) failed
[  404.028040][T10352] FAT-fs (loop2): Directory bread(block 70) failed
[  404.034792][T10352] FAT-fs (loop2): Directory bread(block 71) failed
[  404.041658][T10352] FAT-fs (loop2): Directory bread(block 72) failed
[  404.048356][T10352] FAT-fs (loop2): Directory bread(block 73) failed
[  404.115789][T10166] usb 1-1: Using ep0 maxpacket: 32
[  404.135658][T10166] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[  404.162465][T10166] usb 1-1: config 0 has no interface number 0
[  404.189020][T10166] usb 1-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  404.210819][T10166] usb 1-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  404.234255][T10166] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  404.261280][T10166] usb 1-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  404.830007][T10166] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  404.931821][T10166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.017124][T10166] usb 1-1: Product: syz
[  405.034689][T10166] usb 1-1: Manufacturer: syz
[  405.048819][T10166] usb 1-1: SerialNumber: syz
[  405.092018][T10166] usb 1-1: config 0 descriptor??
[  405.149830][T10166] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.119/input/input12
[  405.204710][T10363] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1358'.
[  406.484912][ T9883] usb 1-1: USB disconnect, device number 27
[  406.615057][T10331] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  406.635743][T10353] netlink: 'syz.4.1350': attribute type 2 has an invalid length.
[  406.707901][T10372] netlink: 'syz.3.1359': attribute type 1 has an invalid length.
[  406.719342][T10374] loop1: detected capacity change from 0 to 256
[  406.795223][T10374] FAT-fs (loop1): Directory bread(block 64) failed
[  406.821204][T10374] FAT-fs (loop1): Directory bread(block 65) failed
[  406.839618][T10374] FAT-fs (loop1): Directory bread(block 66) failed
[  406.847037][T10374] FAT-fs (loop1): Directory bread(block 67) failed
[  406.854167][T10374] FAT-fs (loop1): Directory bread(block 68) failed
[  406.864003][T10374] FAT-fs (loop1): Directory bread(block 69) failed
[  406.872277][T10374] FAT-fs (loop1): Directory bread(block 70) failed
[  406.882115][T10374] FAT-fs (loop1): Directory bread(block 71) failed
[  406.918486][T10374] FAT-fs (loop1): Directory bread(block 72) failed
[  406.936172][T10374] FAT-fs (loop1): Directory bread(block 73) failed
[  407.314312][T10388] loop2: detected capacity change from 0 to 256
[  407.444911][T10388] FAT-fs (loop2): Directory bread(block 64) failed
[  407.484688][T10388] FAT-fs (loop2): Directory bread(block 65) failed
[  407.505757][T10388] FAT-fs (loop2): Directory bread(block 66) failed
[  407.621070][T10388] FAT-fs (loop2): Directory bread(block 67) failed
[  408.234033][T10388] FAT-fs (loop2): Directory bread(block 68) failed
[  408.329661][T10388] FAT-fs (loop2): Directory bread(block 69) failed
[  408.361107][T10388] FAT-fs (loop2): Directory bread(block 70) failed
[  408.367681][T10388] FAT-fs (loop2): Directory bread(block 71) failed
[  408.374708][T10388] FAT-fs (loop2): Directory bread(block 72) failed
[  408.384738][T10388] FAT-fs (loop2): Directory bread(block 73) failed
[  408.531122][T10398] nbd4: detected capacity change from 0 to 112
[  408.564369][T10400] block nbd4: shutting down sockets
[  408.628782][ T5186] blk_print_req_error: 27 callbacks suppressed
[  408.628798][ T5186] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  408.651012][ T5186] buffer_io_error: 27 callbacks suppressed
[  408.651029][ T5186] Buffer I/O error on dev nbd4, logical block 0, async page read
[  408.665271][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  408.689747][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  408.716403][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  408.742972][T10405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1372'.
[  408.761824][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  408.769683][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  408.812483][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  408.913284][T10166] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  408.927825][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.252372][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.270795][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.282638][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.292872][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.319873][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.328660][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.343816][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.360349][ T9015] ldm_validate_partition_table(): Disk read failed.
[  409.384763][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.402711][T10166] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  409.416579][T10386] loop1: detected capacity change from 0 to 32768
[  409.424440][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.434085][T10166] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  409.444305][ T9015] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  409.461109][T10166] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  409.474630][ T9015] Buffer I/O error on dev nbd4, logical block 0, async page read
[  409.493177][ T9015] Dev nbd4: unable to read RDB block 0
[  409.494679][T10166] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  409.520143][ T9015]  nbd4: unable to read partition table
[  409.527563][T10166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.542973][T10166] usb 1-1: Product: syz
[  409.551022][ T9015] ldm_validate_partition_table(): Disk read failed.
[  409.557927][T10166] usb 1-1: Manufacturer: syz
[  409.566040][T10166] usb 1-1: SerialNumber: syz
[  409.571131][ T9015] Dev nbd4: unable to read RDB block 0
[  409.587189][ T9015]  nbd4: unable to read partition table
[  409.654795][T10166] hub 1-1:1.0: bad descriptor, ignoring hub
[  409.677769][T10166] hub 1-1:1.0: probe with driver hub failed with error -5
[  409.864368][T10166] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  410.161726][T10166] usb 1-1: USB disconnect, device number 28
[  410.220351][T10166] usblp0: removed
[  410.288351][T10425] loop3: detected capacity change from 0 to 256
[  410.311004][ T9878] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  410.348234][T10425] FAT-fs (loop3): Directory bread(block 64) failed
[  410.367504][T10425] FAT-fs (loop3): Directory bread(block 65) failed
[  410.380666][T10425] FAT-fs (loop3): Directory bread(block 66) failed
[  410.411522][T10425] FAT-fs (loop3): Directory bread(block 67) failed
[  410.425867][T10430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1384'.
[  410.432512][T10425] FAT-fs (loop3): Directory bread(block 68) failed
[  410.455074][T10425] FAT-fs (loop3): Directory bread(block 69) failed
[  410.462955][T10427] syzkaller0: entered promiscuous mode
[  410.469878][T10425] FAT-fs (loop3): Directory bread(block 70) failed
[  410.481104][ T9878] usb 2-1: Using ep0 maxpacket: 32
[  410.516811][T10427] syzkaller0: entered allmulticast mode
[  410.521253][ T9878] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  410.523857][T10425] FAT-fs (loop3): Directory bread(block 71) failed
[  410.601603][T10425] FAT-fs (loop3): Directory bread(block 72) failed
[  410.607968][ T9878] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  410.608395][T10425] FAT-fs (loop3): Directory bread(block 73) failed
[  410.675213][ T9878] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  410.719140][ T9878] usb 2-1: Product: syz
[  410.729002][ T9878] usb 2-1: Manufacturer: syz
[  410.736165][ T9878] usb 2-1: SerialNumber: syz
[  410.856502][ T9878] usb 2-1: config 0 descriptor??
[  410.909654][T10419] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  410.993978][ T9878] hub 2-1:0.0: bad descriptor, ignoring hub
[  411.020004][ T9878] hub 2-1:0.0: probe with driver hub failed with error -5
[  411.331106][T10436] nbd2: detected capacity change from 0 to 112
[  411.626074][T10444] netlink: 'syz.3.1388': attribute type 1 has an invalid length.
[  411.981074][T10454] nbd0: detected capacity change from 0 to 112
[  411.989359][T10454] block nbd0: shutting down sockets
[  411.995630][ T9015] ldm_validate_partition_table(): Disk read failed.
[  412.013977][ T9015] Dev nbd0: unable to read RDB block 0
[  412.019911][ T9015]  nbd0: unable to read partition table
[  412.051847][ T9015] ldm_validate_partition_table(): Disk read failed.
[  412.065282][ T9015] Dev nbd0: unable to read RDB block 0
[  412.084911][ T5825] block nbd2: Receive control failed (result -104)
[  412.085291][ T9015]  nbd0: unable to read partition table
[  412.122894][   T13] raw-gadget.1 gadget.1: failed to queue suspend event
[  412.201225][T10419] raw-gadget.1 gadget.1: failed to queue resume event
[  412.296001][ T6122] raw-gadget.1 gadget.1: failed to queue suspend event
[  412.370758][T10462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1396'.
[  412.380040][T10419] raw-gadget.1 gadget.1: failed to queue resume event
[  412.551741][   T13] raw-gadget.1 gadget.1: failed to queue suspend event
[  412.562804][ T9878] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  412.661537][T10419] raw-gadget.1 gadget.1: failed to queue resume event
[  412.814587][ T9878] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  412.881683][   T12] raw-gadget.1 gadget.1: failed to queue suspend event
[  412.928620][ T9878] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  412.938493][ T9878] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  412.956174][ T9878] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  412.967253][ T9878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.975469][T10419] raw-gadget.1 gadget.1: failed to queue resume event
[  412.984630][ T9878] usb 5-1: Product: syz
[  412.989985][ T9878] usb 5-1: Manufacturer: syz
[  412.996200][ T9878] usb 5-1: SerialNumber: syz
[  413.002037][ T7682] raw-gadget.1 gadget.1: failed to queue suspend event
[  413.027333][ T9878] hub 5-1:1.0: bad descriptor, ignoring hub
[  413.034764][ T9878] hub 5-1:1.0: probe with driver hub failed with error -5
[  413.073907][T10419] raw-gadget.1 gadget.1: failed to queue resume event
[  413.102798][ T7682] raw-gadget.1 gadget.1: failed to queue suspend event
[  413.164873][T10419] raw-gadget.1 gadget.1: failed to queue disconnect event
[  413.250099][ T9878] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  413.273938][T10470] loop0: detected capacity change from 0 to 256
[  413.281290][ T9875] usb 2-1: USB disconnect, device number 19
[  413.332783][T10470] FAT-fs (loop0): Directory bread(block 64) failed
[  413.348805][T10470] FAT-fs (loop0): Directory bread(block 65) failed
[  413.365801][T10470] FAT-fs (loop0): Directory bread(block 66) failed
[  413.398089][T10470] FAT-fs (loop0): Directory bread(block 67) failed
[  413.422275][T10470] FAT-fs (loop0): Directory bread(block 68) failed
[  413.445834][T10470] FAT-fs (loop0): Directory bread(block 69) failed
[  413.493134][T10470] FAT-fs (loop0): Directory bread(block 70) failed
[  413.528330][T10470] FAT-fs (loop0): Directory bread(block 71) failed
[  413.554596][ T9878] usb 5-1: USB disconnect, device number 19
[  413.561940][T10470] FAT-fs (loop0): Directory bread(block 72) failed
[  413.578917][T10470] FAT-fs (loop0): Directory bread(block 73) failed
[  413.589247][ T9878] usblp1: removed
[  415.012878][T10493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1407'.
[  416.381047][ T9875] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  416.567190][ T9875] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  416.594282][ T9875] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  416.622584][ T9875] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.658212][ T9875] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  416.673257][ T9875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.697177][ T9875] usb 2-1: Product: syz
[  416.711556][ T9875] usb 2-1: Manufacturer: syz
[  416.730443][ T9875] usb 2-1: SerialNumber: syz
[  416.754938][ T9875] hub 2-1:1.0: bad descriptor, ignoring hub
[  416.772476][ T9875] hub 2-1:1.0: probe with driver hub failed with error -5
[  416.799072][T10522] netlink: 'syz.4.1416': attribute type 1 has an invalid length.
[  416.973819][ T9875] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  417.032360][ T9875] usb 2-1: USB disconnect, device number 20
[  417.065442][ T9875] usblp0: removed
[  417.834101][T10528] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  418.670080][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1419'.
[  419.861174][ T9883] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  420.056626][T10561] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  420.077758][ T9877] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  420.154025][ T9883] usb 1-1: Using ep0 maxpacket: 32
[  420.295153][ T9877] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  420.309487][ T9877] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  420.332770][ T9877] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  420.366991][ T9877] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  420.383858][ T9877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.394758][ T9877] usb 2-1: Product: syz
[  420.399356][ T9877] usb 2-1: Manufacturer: syz
[  420.412293][ T9877] usb 2-1: SerialNumber: syz
[  420.851328][ T9877] hub 2-1:1.0: bad descriptor, ignoring hub
[  420.894052][ T9883] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  420.895967][ T9877] hub 2-1:1.0: probe with driver hub failed with error -5
[  420.906330][ T9883] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  420.927614][ T9883] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  420.936985][ T9883] usb 1-1: Product: syz
[  420.942081][ T9883] usb 1-1: Manufacturer: syz
[  420.943439][ T9877] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  420.946697][ T9883] usb 1-1: SerialNumber: syz
[  420.974555][ T9883] usb 1-1: config 0 descriptor??
[  420.982631][T10552] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  420.993557][ T9883] hub 1-1:0.0: bad descriptor, ignoring hub
[  421.022393][ T9883] hub 1-1:0.0: probe with driver hub failed with error -5
[  421.052192][ T9877] usb 2-1: USB disconnect, device number 21
[  421.087987][ T9877] usblp0: removed
[  421.213607][T10565] block nbd4: shutting down sockets
[  421.593230][T10571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1433'.
[  421.602935][ T9883] usb 1-1: USB disconnect, device number 29
[  422.262467][T10577] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  422.623569][T10587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1439'.
[  422.636177][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1439'.
[  422.699417][T10587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1439'.
[  422.710410][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1439'.
[  423.096266][T10596] netlink: 'syz.3.1440': attribute type 1 has an invalid length.
[  423.141885][ T9878] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  423.230115][T10599] syzkaller0: entered promiscuous mode
[  423.240697][T10599] syzkaller0: entered allmulticast mode
[  423.311243][ T9878] usb 2-1: Using ep0 maxpacket: 32
[  423.319912][ T9878] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  423.342441][ T9878] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.370837][ T9878] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.386839][ T9878] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  423.416355][ T9878] usb 2-1: config 0 interface 0 has no altsetting 0
[  423.439199][ T9878] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  423.464334][ T9878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.496602][ T9878] usb 2-1: config 0 descriptor??
[  423.919956][ T9878] usbhid 2-1:0.0: can't add hid device: -71
[  423.933098][ T9878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  423.953093][ T9878] usb 2-1: USB disconnect, device number 22
[  425.521046][ T9883] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  425.686820][ T9883] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  425.705132][ T9883] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  425.730833][ T9883] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  425.759146][ T9883] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  425.777921][ T9883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.789324][ T9883] usb 1-1: Product: syz
[  425.797848][ T9883] usb 1-1: Manufacturer: syz
[  425.803893][ T9883] usb 1-1: SerialNumber: syz
[  425.861425][ T9883] hub 1-1:1.0: bad descriptor, ignoring hub
[  425.901104][ T9883] hub 1-1:1.0: probe with driver hub failed with error -5
[  426.045871][ T9883] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  426.115138][ T9883] usb 1-1: USB disconnect, device number 30
[  426.135208][ T9883] usblp0: removed
[  426.211289][T10613] loop3: detected capacity change from 0 to 128
[  426.341313][T10613] bio_check_eod: 101 callbacks suppressed
[  426.341338][T10613] syz.3.1447: attempt to access beyond end of device
[  426.341338][T10613] loop3: rw=1, sector=145, nr_sectors = 896 limit=128
[  426.849915][T10621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1450'.
[  426.861411][T10621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1450'.
[  426.874262][T10621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1450'.
[  426.902690][T10621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1450'.
[  426.980524][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  426.998752][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  427.012836][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  427.021446][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  427.029947][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  427.468150][T10623] chnl_net:caif_netlink_parms(): no params data found
[  427.960684][T10639] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  428.156806][T10623] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.178936][T10623] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.198693][T10623] bridge_slave_0: entered allmulticast mode
[  428.221556][T10623] bridge_slave_0: entered promiscuous mode
[  428.253011][T10623] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.271286][T10623] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.278651][T10623] bridge_slave_1: entered allmulticast mode
[  428.294832][T10623] bridge_slave_1: entered promiscuous mode
[  428.404655][T10623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.443406][T10623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  428.560263][T10623] team0: Port device team_slave_0 added
[  428.575362][T10623] team0: Port device team_slave_1 added
[  428.693628][T10623] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.717720][T10623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  428.801230][T10623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.824323][T10623] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.832080][T10623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  428.869645][T10623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  429.055600][T10623] hsr_slave_0: entered promiscuous mode
[  429.071038][ T5825] Bluetooth: hci5: command tx timeout
[  429.083125][T10623] hsr_slave_1: entered promiscuous mode
[  429.099915][T10623] debugfs: 'hsr0' already exists in 'hsr'
[  429.122122][T10623] Cannot create hsr debugfs directory
[  429.913596][T10623] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  429.941190][T10623] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  429.963975][T10623] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  430.000475][T10623] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  430.274683][T10623] 8021q: adding VLAN 0 to HW filter on device bond0
[  430.371510][T10623] 8021q: adding VLAN 0 to HW filter on device team0
[  430.404233][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.411544][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  430.453517][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.460720][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  430.797117][T10693] overlayfs: failed to resolve './file0': -2
[  430.844415][T10695] loop0: detected capacity change from 0 to 128
[  430.909201][T10697] syz.0.1466: attempt to access beyond end of device
[  430.909201][T10697] loop0: rw=1, sector=145, nr_sectors = 16 limit=128
[  430.924238][T10697] syz.0.1466: attempt to access beyond end of device
[  430.924238][T10697] loop0: rw=1, sector=169, nr_sectors = 8 limit=128
[  430.937700][T10697] syz.0.1466: attempt to access beyond end of device
[  430.937700][T10697] loop0: rw=1, sector=185, nr_sectors = 8 limit=128
[  430.951123][T10697] syz.0.1466: attempt to access beyond end of device
[  430.951123][T10697] loop0: rw=1, sector=201, nr_sectors = 8 limit=128
[  430.964582][T10697] syz.0.1466: attempt to access beyond end of device
[  430.964582][T10697] loop0: rw=1, sector=217, nr_sectors = 8 limit=128
[  430.977980][T10697] syz.0.1466: attempt to access beyond end of device
[  430.977980][T10697] loop0: rw=1, sector=233, nr_sectors = 8 limit=128
[  430.991733][T10697] syz.0.1466: attempt to access beyond end of device
[  430.991733][T10697] loop0: rw=1, sector=249, nr_sectors = 8 limit=128
[  431.005358][T10697] syz.0.1466: attempt to access beyond end of device
[  431.005358][T10697] loop0: rw=1, sector=265, nr_sectors = 8 limit=128
[  431.018768][T10697] syz.0.1466: attempt to access beyond end of device
[  431.018768][T10697] loop0: rw=1, sector=281, nr_sectors = 8 limit=128
[  431.152190][ T5825] Bluetooth: hci5: command tx timeout
[  431.328975][T10623] 8021q: adding VLAN 0 to HW filter on device batadv0
[  433.080772][T10623] veth0_vlan: entered promiscuous mode
[  433.100736][T10623] veth1_vlan: entered promiscuous mode
[  433.186505][T10623] veth0_macvtap: entered promiscuous mode
[  433.202411][T10623] veth1_macvtap: entered promiscuous mode
[  433.235015][ T5825] Bluetooth: hci5: command tx timeout
[  433.298312][T10623] batman_adv: batadv0: Interface activated: batadv_slave_0
[  433.360701][T10745] program syz.0.1479 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.408793][T10623] batman_adv: batadv0: Interface activated: batadv_slave_1
[  433.486673][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  433.525159][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  433.559556][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.570121][T10750] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1481'.
[  433.580714][T10750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1481'.
[  433.596838][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  433.626041][T10750] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1481'.
[  433.642119][T10750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1481'.
[  433.926498][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  434.771020][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  434.857517][ T6122] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  434.891009][ T6122] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  434.892770][T10761] overlayfs: failed to resolve './file0': -2
[  435.320995][ T5825] Bluetooth: hci5: command tx timeout
[  435.959544][T10777] program syz.0.1490 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  435.996293][T10780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1489'.
[  436.041511][T10783] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1492'.
[  436.457343][T10783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1492'.
[  436.504187][T10783] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1492'.
[  436.515704][T10783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1492'.
[  437.182409][T10793] overlayfs: failed to resolve './file1': -2
[  437.250202][T10799] sctp: [Deprecated]: syz.0.1494 (pid 10799) Use of struct sctp_assoc_value in delayed_ack socket option.
[  437.250202][T10799] Use struct sctp_sack_info instead
[  437.340190][T10799] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1494'.
[  438.640793][T10830] program syz.1.1504 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  439.040994][T10166] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  439.087228][T10841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1508'.
[  439.530983][T10166] usb 6-1: Using ep0 maxpacket: 32
[  439.558777][T10166] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  439.591458][T10166] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  439.611930][T10166] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  439.718180][T10166] usb 6-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  439.789095][T10166] usb 6-1: config 0 interface 0 has no altsetting 0
[  439.811020][T10166] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  439.861089][T10166] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.876038][T10850] syzkaller0: entered promiscuous mode
[  439.891197][T10850] syzkaller0: entered allmulticast mode
[  439.914558][T10166] usb 6-1: config 0 descriptor??
[  440.285328][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  440.300934][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  440.550312][T10166] usbhid 6-1:0.0: can't add hid device: -71
[  440.566600][T10166] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  440.621216][T10166] usb 6-1: USB disconnect, device number 2
[  440.975587][T10870] binder: 10869:10870 ioctl c0306201 0 returned -14
[  441.055691][T10870] binder: 10869:10870 ioctl c0306201 200000000640 returned -22
[  441.406192][T10882] program syz.0.1516 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  441.554047][ T5186] block nbd2: Possible stuck request ffff8880276c0000: control (read@0,4096B). Runtime 30 seconds
[  441.668106][T10891] loop4: detected capacity change from 0 to 256
[  441.795226][T10891] FAT-fs (loop4): Directory bread(block 64) failed
[  441.826727][T10891] FAT-fs (loop4): Directory bread(block 65) failed
[  441.909630][T10891] FAT-fs (loop4): Directory bread(block 66) failed
[  441.933434][T10891] FAT-fs (loop4): Directory bread(block 67) failed
[  441.966784][T10891] FAT-fs (loop4): Directory bread(block 68) failed
[  441.996079][T10891] FAT-fs (loop4): Directory bread(block 69) failed
[  442.038371][T10891] FAT-fs (loop4): Directory bread(block 70) failed
[  442.099240][T10891] FAT-fs (loop4): Directory bread(block 71) failed
[  442.135039][T10891] FAT-fs (loop4): Directory bread(block 72) failed
[  442.152301][T10891] FAT-fs (loop4): Directory bread(block 73) failed
[  442.220970][T10905] nbd1: detected capacity change from 0 to 112
[  442.252298][T10906] block nbd1: shutting down sockets
[  442.266872][ T6304] blk_print_req_error: 64 callbacks suppressed
[  442.266893][ T6304] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.283191][ T6304] buffer_io_error: 64 callbacks suppressed
[  442.283209][ T6304] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.297796][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.321024][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.338906][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.358990][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.367168][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.376948][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.386601][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.396424][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.404827][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.423666][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.441657][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.484961][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.512695][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.535892][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.596498][ T9015] ldm_validate_partition_table(): Disk read failed.
[  442.614761][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.644545][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.701267][ T9015] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  442.710829][ T9015] Buffer I/O error on dev nbd1, logical block 0, async page read
[  442.784489][ T9015] Dev nbd1: unable to read RDB block 0
[  442.873268][ T9015]  nbd1: unable to read partition table
[  442.979759][ T9015] ldm_validate_partition_table(): Disk read failed.
[  443.015714][ T9015] Dev nbd1: unable to read RDB block 0
[  443.035260][ T9015]  nbd1: unable to read partition table
[  443.182079][T10920] binder: 10919:10920 ioctl c0306201 200000000640 returned -22
[  444.216030][T10946] overlayfs: failed to resolve './file1': -2
[  444.351169][ T5907] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  444.539702][ T5907] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  444.581723][ T5907] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  444.606735][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.646681][ T5907] usb 4-1: Product: syz
[  444.660125][ T5907] usb 4-1: Manufacturer: syz
[  444.676988][ T5907] usb 4-1: SerialNumber: syz
[  444.738882][ T5907] hub 4-1:1.0: bad descriptor, ignoring hub
[  444.772324][ T5907] hub 4-1:1.0: probe with driver hub failed with error -5
[  444.847076][T10962] loop0: detected capacity change from 0 to 256
[  445.037332][T10962] FAT-fs (loop0): Directory bread(block 64) failed
[  445.074253][T10962] FAT-fs (loop0): Directory bread(block 65) failed
[  445.111227][T10962] FAT-fs (loop0): Directory bread(block 66) failed
[  445.112169][ T5907] usb 4-1: USB disconnect, device number 18
[  445.117796][T10962] FAT-fs (loop0): Directory bread(block 67) failed
[  445.117897][T10962] FAT-fs (loop0): Directory bread(block 68) failed
[  445.193355][T10962] FAT-fs (loop0): Directory bread(block 69) failed
[  445.230595][T10962] FAT-fs (loop0): Directory bread(block 70) failed
[  445.253965][T10962] FAT-fs (loop0): Directory bread(block 71) failed
[  445.264646][T10962] FAT-fs (loop0): Directory bread(block 72) failed
[  445.284931][T10962] FAT-fs (loop0): Directory bread(block 73) failed
[  445.525048][T10974] program syz.5.1536 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  445.541093][ T5907] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  445.780996][ T5907] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  445.850233][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  445.850252][   T30] audit: type=1326 audit(1772295234.422:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.5.1539" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c4439c799 code=0x0
[  445.879093][ T5907] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  445.923701][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.953107][ T5907] usb 4-1: Product: syz
[  445.970985][ T5907] usb 4-1: Manufacturer: syz
[  445.984637][ T5907] usb 4-1: SerialNumber: syz
[  446.014770][ T5907] hub 4-1:1.0: bad descriptor, ignoring hub
[  446.026470][ T5907] hub 4-1:1.0: probe with driver hub failed with error -5
[  446.201034][ T9883] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  446.373972][ T9883] usb 1-1: config 0 has no interfaces?
[  446.384960][ T9883] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  446.399743][ T9883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.413275][ T5907] usb 4-1: USB disconnect, device number 19
[  446.421258][ T9883] usb 1-1: Product: syz
[  446.428675][ T9883] usb 1-1: Manufacturer: syz
[  446.441346][ T9883] usb 1-1: SerialNumber: syz
[  446.470559][ T9883] usb 1-1: config 0 descriptor??
[  446.850720][ T5907] usb 1-1: USB disconnect, device number 31
[  447.008339][T11001] binder: 11000:11001 ioctl 4018620d 0 returned -22
[  447.529414][T11016] fuse: Bad value for 'group_id'
[  447.557140][T11016] fuse: Bad value for 'group_id'
[  448.195965][T11033] binder: 11029:11033 ioctl c0306201 200000000640 returned -22
[  448.457892][T11052] binder: 11050:11052 ioctl 4018620d 0 returned -22
[  448.888836][T11067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1557'.
[  449.970988][ T9877] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  450.150949][ T9877] usb 2-1: Using ep0 maxpacket: 32
[  450.162298][ T9877] usb 2-1: config 0 has an invalid interface number: 119 but max is 0
[  450.180931][ T9877] usb 2-1: config 0 has no interface number 0
[  450.187091][ T9877] usb 2-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  450.220961][ T9877] usb 2-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89
[  450.243022][ T9877] usb 2-1: config 0 interface 119 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  450.254078][ T9877] usb 2-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  450.269875][ T9877] usb 2-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  450.279626][ T9877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.287933][ T9877] usb 2-1: Product: syz
[  450.292503][ T9877] usb 2-1: Manufacturer: syz
[  450.297119][ T9877] usb 2-1: SerialNumber: syz
[  450.306177][ T9877] usb 2-1: config 0 descriptor??
[  450.327121][ T9877] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.119/input/input14
[  450.549686][ T9877] usb 2-1: USB disconnect, device number 23
[  450.650793][T11097] loop4: detected capacity change from 0 to 128
[  450.790751][T11101] bio_check_eod: 102 callbacks suppressed
[  450.790771][T11101] syz.4.1565: attempt to access beyond end of device
[  450.790771][T11101] loop4: rw=1, sector=145, nr_sectors = 672 limit=128
[  450.828313][T11101] syz.4.1565: attempt to access beyond end of device
[  450.828313][T11101] loop4: rw=1, sector=825, nr_sectors = 8 limit=128
[  450.885669][T11101] syz.4.1565: attempt to access beyond end of device
[  450.885669][T11101] loop4: rw=1, sector=841, nr_sectors = 48 limit=128
[  450.925352][T11101] syz.4.1565: attempt to access beyond end of device
[  450.925352][T11101] loop4: rw=1, sector=897, nr_sectors = 8 limit=128
[  450.948714][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1568'.
[  450.978064][T11101] syz.4.1565: attempt to access beyond end of device
[  450.978064][T11101] loop4: rw=1, sector=913, nr_sectors = 8 limit=128
[  451.086001][T11101] syz.4.1565: attempt to access beyond end of device
[  451.086001][T11101] loop4: rw=1, sector=929, nr_sectors = 8 limit=128
[  451.119128][T11034] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  451.119343][T11101] syz.4.1565: attempt to access beyond end of device
[  451.119343][T11101] loop4: rw=1, sector=945, nr_sectors = 8 limit=128
[  451.221085][T11060] netlink: 'syz.5.1550': attribute type 2 has an invalid length.
[  451.277343][T11101] syz.4.1565: attempt to access beyond end of device
[  451.277343][T11101] loop4: rw=1, sector=961, nr_sectors = 8 limit=128
[  451.624180][T11101] syz.4.1565: attempt to access beyond end of device
[  451.624180][T11101] loop4: rw=1, sector=977, nr_sectors = 8 limit=128
[  451.763322][T11101] syz.4.1565: attempt to access beyond end of device
[  451.763322][T11101] loop4: rw=1, sector=993, nr_sectors = 16 limit=128
[  452.090979][ T9883] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  452.323810][T11123] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1574'.
[  452.333228][T11123] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1574'.
[  452.335025][ T9883] usb 2-1: unable to read config index 0 descriptor/start: -71
[  452.366367][T11124] sctp: [Deprecated]: syz.0.1573 (pid 11124) Use of struct sctp_assoc_value in delayed_ack socket option.
[  452.366367][T11124] Use struct sctp_sack_info instead
[  452.392786][ T9883] usb 2-1: can't read configurations, error -71
[  452.424142][T11124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1573'.
[  454.623356][T11155] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1582'.
[  455.791038][ T9883] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  456.002444][ T9883] usb 6-1: unable to read config index 0 descriptor/start: -71
[  456.042678][ T9883] usb 6-1: can't read configurations, error -71
[  457.114980][T11184] loop0: detected capacity change from 0 to 128
[  457.235855][T11184] bio_check_eod: 13 callbacks suppressed
[  457.235870][T11184] syz.0.1588: attempt to access beyond end of device
[  457.235870][T11184] loop0: rw=1, sector=153, nr_sectors = 8 limit=128
[  457.328963][T11184] syz.0.1588: attempt to access beyond end of device
[  457.328963][T11184] loop0: rw=1, sector=169, nr_sectors = 8 limit=128
[  457.461235][T11184] syz.0.1588: attempt to access beyond end of device
[  457.461235][T11184] loop0: rw=1, sector=185, nr_sectors = 8 limit=128
[  457.542311][T11184] syz.0.1588: attempt to access beyond end of device
[  457.542311][T11184] loop0: rw=1, sector=201, nr_sectors = 8 limit=128
[  457.622741][T11184] syz.0.1588: attempt to access beyond end of device
[  457.622741][T11184] loop0: rw=1, sector=217, nr_sectors = 8 limit=128
[  457.668419][T11184] syz.0.1588: attempt to access beyond end of device
[  457.668419][T11184] loop0: rw=1, sector=233, nr_sectors = 8 limit=128
[  457.771741][T11184] syz.0.1588: attempt to access beyond end of device
[  457.771741][T11184] loop0: rw=1, sector=249, nr_sectors = 8 limit=128
[  457.786302][T11184] syz.0.1588: attempt to access beyond end of device
[  457.786302][T11184] loop0: rw=1, sector=265, nr_sectors = 8 limit=128
[  457.803083][T11184] syz.0.1588: attempt to access beyond end of device
[  457.803083][T11184] loop0: rw=1, sector=281, nr_sectors = 8 limit=128
[  457.835169][T11184] syz.0.1588: attempt to access beyond end of device
[  457.835169][T11184] loop0: rw=1, sector=297, nr_sectors = 8 limit=128
[  458.140809][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1594'.
[  459.005035][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1599'.
[  459.783128][T11228] loop5: detected capacity change from 0 to 128
[  460.141115][ T5907] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  460.310998][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  460.326578][ T5907] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  460.338893][ T5907] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.364150][ T5907] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  460.388217][ T5907] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  460.405189][ T5907] usb 2-1: config 0 interface 0 has no altsetting 0
[  460.413041][ T5907] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  460.422292][ T9883] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  460.467917][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.504061][ T5907] usb 2-1: config 0 descriptor??
[  460.604111][ T9883] usb 1-1: unable to read config index 0 descriptor/start: -71
[  460.629655][ T9883] usb 1-1: can't read configurations, error -71
[  460.983779][T11243] syzkaller0: entered promiscuous mode
[  461.004327][T11243] syzkaller0: entered allmulticast mode
[  461.132413][ T5907] usbhid 2-1:0.0: can't add hid device: -71
[  461.161141][ T5907] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  461.186231][ T5907] usb 2-1: USB disconnect, device number 26
[  461.861006][ T9883] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  462.064702][ T9883] usb 1-1: config 0 has no interfaces?
[  462.075484][ T9883] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  462.097421][ T9883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.108588][ T9883] usb 1-1: Product: syz
[  462.154963][ T9883] usb 1-1: Manufacturer: syz
[  462.159601][ T9883] usb 1-1: SerialNumber: syz
[  462.165547][ T5907] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  462.176575][ T9883] usb 1-1: config 0 descriptor??
[  462.263600][ T9877] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  462.343980][ T5907] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  462.354137][ T5907] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  462.369913][ T5907] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  462.409731][ T5907] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  462.420540][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.438176][ T5907] usb 5-1: Product: syz
[  462.450971][ T5907] usb 5-1: Manufacturer: syz
[  462.461539][ T5907] usb 5-1: SerialNumber: syz
[  462.487709][ T5907] hub 5-1:1.0: bad descriptor, ignoring hub
[  462.501550][ T9877] usb 2-1: unable to read config index 0 descriptor/start: -71
[  462.513160][ T5907] hub 5-1:1.0: probe with driver hub failed with error -5
[  462.520257][ T9877] usb 2-1: can't read configurations, error -71
[  462.727860][ T5907] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  463.050586][ T9888] usb 5-1: USB disconnect, device number 20
[  463.067415][ T9888] usblp0: removed
[  463.734373][T11282] loop4: detected capacity change from 0 to 128
[  463.980596][T11280] bio_check_eod: 170 callbacks suppressed
[  463.980611][T11280] syz.4.1622: attempt to access beyond end of device
[  463.980611][T11280] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  464.705343][T11294] sctp: [Deprecated]: syz.4.1626 (pid 11294) Use of struct sctp_assoc_value in delayed_ack socket option.
[  464.705343][T11294] Use struct sctp_sack_info instead
[  464.770646][T11294] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1626'.
[  466.298139][T11315] Bluetooth: MGMT ver 1.23
[  466.984311][ T5907] usb 1-1: USB disconnect, device number 34
[  468.263777][T11370] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  468.360985][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  468.367174][ T5825] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  468.654448][T11336] loop4: detected capacity change from 0 to 32768
[  469.110960][ T5881] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  469.261016][ T5881] usb 5-1: Using ep0 maxpacket: 8
[  469.272884][ T5881] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  469.287484][ T5881] usb 5-1: config 0 has no interface number 0
[  469.295618][ T5881] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  469.315578][ T5881] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  469.335631][ T5881] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  469.354513][ T5881] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  469.377062][ T5881] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  469.396595][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.415596][ T5881] usb 5-1: config 0 descriptor??
[  469.446317][ T5881] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  469.665843][T10166] usb 5-1: USB disconnect, device number 21
[  469.685353][T10166] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  469.828801][T11333] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  469.865464][T11354] netlink: 'syz.3.1639': attribute type 2 has an invalid length.
[  470.349814][ T5830] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260
[  470.628370][T11413] loop4: detected capacity change from 0 to 32768
[  470.781683][T11417] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  471.633646][ T5186] block nbd2: Possible stuck request ffff8880276c0000: control (read@0,4096B). Runtime 60 seconds
[  473.047640][T11398] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  473.188694][T11436] netlink: 'syz.0.1667': attribute type 2 has an invalid length.
[  473.200980][ T9877] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  473.401539][ T9877] usb 6-1: config 0 has no interfaces?
[  473.407927][T11463] sctp: [Deprecated]: syz.1.1670 (pid 11463) Use of struct sctp_assoc_value in delayed_ack socket option.
[  473.407927][T11463] Use struct sctp_sack_info instead
[  473.457396][ T9877] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  473.470931][ T9877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.491225][ T9877] usb 6-1: Product: syz
[  473.501263][ T9877] usb 6-1: Manufacturer: syz
[  473.509542][ T9877] usb 6-1: SerialNumber: syz
[  473.514225][T11463] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1670'.
[  473.557627][ T9877] usb 6-1: config 0 descriptor??
[  473.803394][T11473] loop3: detected capacity change from 0 to 128
[  473.811017][ T5907] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  473.916360][T11474] syz.3.1674: attempt to access beyond end of device
[  473.916360][T11474] loop3: rw=1, sector=145, nr_sectors = 816 limit=128
[  473.931991][T11438] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.957616][T11474] syz.3.1674: attempt to access beyond end of device
[  473.957616][T11474] loop3: rw=1, sector=969, nr_sectors = 24 limit=128
[  473.988729][T11474] syz.3.1674: attempt to access beyond end of device
[  473.988729][T11474] loop3: rw=1, sector=1001, nr_sectors = 8 limit=128
[  474.008927][ T5907] usb 1-1: unable to read config index 0 descriptor/start: -71
[  474.023843][ T5907] usb 1-1: can't read configurations, error -71
[  474.056738][T11474] syz.3.1674: attempt to access beyond end of device
[  474.056738][T11474] loop3: rw=1, sector=1017, nr_sectors = 24 limit=128
[  474.065765][ T9878] usb 6-1: USB disconnect, device number 5
[  474.099102][T11474] syz.3.1674: attempt to access beyond end of device
[  474.099102][T11474] loop3: rw=1, sector=993, nr_sectors = 8 limit=128
[  474.179173][T11474] syz.3.1674: attempt to access beyond end of device
[  474.179173][T11474] loop3: rw=1, sector=961, nr_sectors = 8 limit=128
[  474.212840][T11474] syz.3.1674: attempt to access beyond end of device
[  474.212840][T11474] loop3: rw=1, sector=1009, nr_sectors = 8 limit=128
[  474.505034][ T5830] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  474.654602][T11486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1679'.
[  475.228782][ T5830] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  475.371154][ T5907] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  475.551015][ T9878] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  475.608557][ T5907] usb 5-1: unable to read config index 0 descriptor/start: -71
[  475.627161][ T5907] usb 5-1: can't read configurations, error -71
[  475.753754][ T9878] usb 4-1: config 0 has no interfaces?
[  475.768086][ T9878] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  475.788336][ T9878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.814278][ T9878] usb 4-1: Product: syz
[  475.831498][ T9878] usb 4-1: Manufacturer: syz
[  475.836133][ T9878] usb 4-1: SerialNumber: syz
[  475.859738][ T9878] usb 4-1: config 0 descriptor??
[  475.867168][ T5830] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  476.304601][T11499] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.336307][T11512] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1687'.
[  476.423624][T11512] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1687'.
[  476.442890][ T9878] usb 4-1: USB disconnect, device number 20
[  476.661677][T11522] block nbd0: shutting down sockets
[  476.701059][ T5881] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  476.839380][T11526] loop0: detected capacity change from 0 to 128
[  476.876792][ T5881] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  476.893195][ T5881] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  476.909240][ T5881] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  476.925187][ T5881] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  476.946068][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.948001][T11527] syz.0.1692: attempt to access beyond end of device
[  476.948001][T11527] loop0: rw=1, sector=145, nr_sectors = 896 limit=128
[  476.954548][ T5881] usb 2-1: Product: syz
[  476.997461][ T5881] usb 2-1: Manufacturer: syz
[  477.018576][ T5881] usb 2-1: SerialNumber: syz
[  477.059406][ T5881] hub 2-1:1.0: bad descriptor, ignoring hub
[  477.076829][ T5881] hub 2-1:1.0: probe with driver hub failed with error -5
[  477.269871][ T5881] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  477.399389][T11534] kAFS: No cell specified
[  477.755577][ T9877] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  477.774097][T11539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1697'.
[  477.836062][T11489] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  478.339693][ T9877] usb 5-1: unable to read config index 0 descriptor/start: -71
[  478.368063][ T9877] usb 5-1: can't read configurations, error -71
[  478.453382][ T9883] usb 2-1: USB disconnect, device number 29
[  478.479928][ T9883] usblp0: removed
[  478.652368][T11553] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1701'.
[  478.673542][T11553] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1701'.
[  479.092881][T11574] sctp: [Deprecated]: syz.3.1704 (pid 11574) Use of struct sctp_assoc_value in delayed_ack socket option.
[  479.092881][T11574] Use struct sctp_sack_info instead
[  479.125495][T11574] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1704'.
[  479.331515][ T5907] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  479.486157][ T9877] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  479.504196][ T5907] usb 2-1: Using ep0 maxpacket: 8
[  479.534525][ T5907] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  479.549561][ T5907] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  479.560490][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.570667][ T5907] usb 2-1: Product: syz
[  479.576212][ T5907] usb 2-1: Manufacturer: syz
[  479.594471][ T5907] usb 2-1: SerialNumber: syz
[  479.613681][ T5907] usb 2-1: config 0 descriptor??
[  479.640726][ T5907] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  479.656823][ T5907] usb 2-1: setting power ON
[  479.663876][ T5907] dvb-usb: bulk message failed: -22 (2/0)
[  479.704747][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  479.726083][ T5907] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  479.747333][ T9877] usb 5-1: unable to read config index 0 descriptor/start: -71
[  479.781026][ T9877] usb 5-1: can't read configurations, error -71
[  479.793061][ T5907] usb 2-1: media controller created
[  479.801073][ T9877] usb usb5-port1: attempt power cycle
[  479.843023][T11573] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1706'.
[  479.846733][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  479.908678][T11584] dvb-usb: bulk message failed: -22 (3/0)
[  479.953782][ T5907] usb 2-1: selecting invalid altsetting 6
[  480.038771][T11588] loop0: detected capacity change from 0 to 128
[  480.162991][T11589] syz.0.1707: attempt to access beyond end of device
[  480.162991][T11589] loop0: rw=1, sector=145, nr_sectors = 896 limit=128
[  480.744076][ T5907] usb 2-1: digital interface selection failed (-22)
[  480.779301][ T5907] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  480.791441][ T5907] usb 2-1: setting power OFF
[  480.796083][ T5907] dvb-usb: bulk message failed: -22 (2/0)
[  480.805514][ T5907] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  480.814886][ T5907] (NULL device *): no alternate interface
[  480.870556][ T5907] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  480.942406][ T5907] usb 2-1: USB disconnect, device number 30
[  481.428418][ T5830] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  481.617096][T11610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1713'.
[  481.671794][T11610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1713'.
[  482.321115][T10166] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  482.389675][T11626] loop0: detected capacity change from 0 to 128
[  483.085979][T11625] syz.0.1718: attempt to access beyond end of device
[  483.085979][T11625] loop0: rw=1, sector=145, nr_sectors = 896 limit=128
[  483.292482][T10166] usb 4-1: config 0 has no interfaces?
[  483.345581][T10166] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  483.363966][T10166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.391103][T10166] usb 4-1: Product: syz
[  483.395319][T10166] usb 4-1: Manufacturer: syz
[  483.398491][ T9878] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  483.399933][T10166] usb 4-1: SerialNumber: syz
[  483.412436][ T9883] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  483.444887][T10166] usb 4-1: config 0 descriptor??
[  483.584271][ T9878] usb 6-1: config 0 has no interfaces?
[  483.599915][ T9883] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  483.615101][ T9883] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  483.615980][ T9878] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  483.638546][ T9878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.646676][ T9878] usb 6-1: Product: syz
[  483.651210][ T9878] usb 6-1: Manufacturer: syz
[  483.655833][ T9878] usb 6-1: SerialNumber: syz
[  483.672006][ T9883] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  483.681199][T10166] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  483.699085][ T9883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.708220][ T9883] usb 5-1: Product: syz
[  483.712088][ T9878] usb 6-1: config 0 descriptor??
[  483.728291][ T9883] usb 5-1: Manufacturer: syz
[  483.740425][ T9883] usb 5-1: SerialNumber: syz
[  483.756800][ T9883] hub 5-1:1.0: bad descriptor, ignoring hub
[  483.765029][ T9883] hub 5-1:1.0: probe with driver hub failed with error -5
[  483.861369][T10166] usb 1-1: Using ep0 maxpacket: 8
[  483.868467][T10166] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  483.879719][T10166] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  483.889942][T10166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.898316][T10166] usb 1-1: Product: syz
[  483.903421][T10166] usb 1-1: Manufacturer: syz
[  483.908091][T10166] usb 1-1: SerialNumber: syz
[  483.915262][ T9878] usb 4-1: USB disconnect, device number 21
[  483.932004][T10166] usb 1-1: config 0 descriptor??
[  483.966877][T10166] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  483.989892][T10166] usb 1-1: setting power ON
[  484.005805][T10166] dvb-usb: bulk message failed: -22 (2/0)
[  484.024753][T10166] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  484.041630][T10166] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  484.050215][T10166] usb 1-1: media controller created
[  484.080159][T10166] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  484.121807][ T5907] usb 5-1: USB disconnect, device number 27
[  484.136314][T10166] usb 1-1: selecting invalid altsetting 6
[  484.159871][T11634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1721'.
[  484.185774][T10166] usb 1-1: digital interface selection failed (-22)
[  484.219343][T10166] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  484.219357][T11634] dvb-usb: bulk message failed: -22 (3/0)
[  484.258462][T10166] usb 1-1: setting power OFF
[  484.272517][ T9878] usb 6-1: USB disconnect, device number 6
[  484.281022][T10166] dvb-usb: bulk message failed: -22 (2/0)
[  484.301680][T10166] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  484.321064][T10166] (NULL device *): no alternate interface
[  484.363492][T10166] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  484.409146][T10166] usb 1-1: USB disconnect, device number 37
[  484.481023][ T5907] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  484.660989][ T5907] usb 5-1: Using ep0 maxpacket: 16
[  484.680111][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short
[  484.689911][ T5907] usb 5-1: unable to read config index 0 descriptor/start: -71
[  484.698270][ T5907] usb 5-1: can't read configurations, error -71
[  484.915772][ T5830] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  485.314176][T11664] loop5: detected capacity change from 0 to 256
[  485.552759][T11670] loop0: detected capacity change from 0 to 128
[  485.729753][T11670] syz.0.1731: attempt to access beyond end of device
[  485.729753][T11670] loop0: rw=1, sector=145, nr_sectors = 896 limit=128
[  487.649130][T11652] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  488.602517][T10171] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  488.721188][ T9877] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  488.813564][T10171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  488.824599][T10171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  488.843067][T10171] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  488.866095][T10171] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  488.877522][T10171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.885592][ T9877] usb 6-1: Using ep0 maxpacket: 8
[  488.898621][ T9877] usb 6-1: config index 0 descriptor too short (expected 30, got 18)
[  488.908699][T10171] usb 1-1: config 0 descriptor??
[  488.919674][ T9877] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  488.931186][ T9877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.939333][ T9877] usb 6-1: Product: syz
[  488.944766][ T9877] usb 6-1: Manufacturer: syz
[  488.949512][ T9877] usb 6-1: SerialNumber: syz
[  488.960971][ T9877] usb 6-1: config 0 descriptor??
[  488.969804][ T9877] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  489.004325][ T9877] usb 6-1: setting power ON
[  489.008895][ T9877] dvb-usb: bulk message failed: -22 (2/0)
[  489.052856][ T9877] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  489.075465][ T9877] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  489.087375][ T9877] usb 6-1: media controller created
[  489.105692][ T9877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  489.128063][ T9877] usb 6-1: selecting invalid altsetting 6
[  489.135096][ T9877] usb 6-1: digital interface selection failed (-22)
[  489.142155][ T9877] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  489.151498][ T9877] usb 6-1: setting power OFF
[  489.156233][ T9877] dvb-usb: bulk message failed: -22 (2/0)
[  489.162187][ T9877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  489.171601][ T9877] (NULL device *): no alternate interface
[  489.195378][T11686] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1738'.
[  489.214195][ T9877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  489.228862][ T9877] usb 6-1: USB disconnect, device number 7
[  489.260987][ T9878] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  489.325204][ T5907] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  489.369284][T10171] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  489.414638][ T9878] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  489.430541][ T9878] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  489.445667][ T9878] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  489.460089][ T9878] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  489.469242][ T9878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.500046][ T9878] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  489.511264][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  489.526642][ T9878] usb 2-1: invalid MIDI out EP 0
[  489.528789][ T5907] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  489.583794][ T5907] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  489.598078][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  489.602256][ T9877] usb 1-1: USB disconnect, device number 38
[  489.606888][ T5907] usb 5-1: Product: syz
[  489.616516][ T5907] usb 5-1: Manufacturer: syz
[  489.625786][ T5907] usb 5-1: SerialNumber: syz
[  489.653275][ T5907] usb 5-1: config 0 descriptor??
[  489.666190][T11696] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  489.706334][ T5907] hub 5-1:0.0: bad descriptor, ignoring hub
[  489.722966][ T5907] hub 5-1:0.0: probe with driver hub failed with error -5
[  489.856684][ T9878] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  489.912753][ T9878] usb 2-1: USB disconnect, device number 31
[  490.855711][ T5907] usb 5-1: USB disconnect, device number 30
[  491.981031][ T9883] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  492.193327][ T9883] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  492.223947][ T9883] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  492.283471][ T9883] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  492.320977][ T9883] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  492.365388][ T9883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.425923][ T9883] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  492.447100][ T9883] usb 2-1: invalid MIDI out EP 0
[  492.609136][T11756] syzkaller0: entered promiscuous mode
[  492.637544][T11756] syzkaller0: entered allmulticast mode
[  492.822023][ T9883] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  492.863198][ T9883] usb 2-1: USB disconnect, device number 32
[  493.781060][ T9877] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  493.943890][ T9877] usb 2-1: Using ep0 maxpacket: 32
[  493.964900][ T9877] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  493.998713][ T9877] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  494.007929][ T9877] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  494.016718][ T9877] usb 2-1: Product: syz
[  494.021420][ T9877] usb 2-1: Manufacturer: syz
[  494.026039][ T9877] usb 2-1: SerialNumber: syz
[  494.041676][ T9877] usb 2-1: config 0 descriptor??
[  494.056401][T11769] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  494.072902][ T9877] hub 2-1:0.0: bad descriptor, ignoring hub
[  494.079469][ T9877] hub 2-1:0.0: probe with driver hub failed with error -5
[  494.226743][T11775] loop3: detected capacity change from 0 to 256
[  494.310831][T11775] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010001)
[  494.327292][T11775] exFAT-fs (loop3): Filesystem has been set read-only
[  494.338057][T11775] exFAT-fs (loop3): failed to count the number of clusters in root
[  494.352871][T11775] exFAT-fs (loop3): failed to recognize exfat type
[  494.643970][ T9877] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  494.804036][ T9877] usb 4-1: Using ep0 maxpacket: 8
[  494.821545][ T9877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  494.831970][ T9877] usb 4-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00
[  494.841270][ T9877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.856314][ T9877] usb 4-1: config 0 descriptor??
[  494.873530][ T9877] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  495.140743][ T5907] usb 4-1: USB disconnect, device number 22
[  495.754872][T11791] netlink: 'syz.0.1771': attribute type 1 has an invalid length.
[  495.806805][T11797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1771'.
[  495.879503][T11797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1771'.
[  495.960051][T11791] 8021q: adding VLAN 0 to HW filter on device bond1
[  496.988833][T11810] loop0: detected capacity change from 0 to 2048
[  497.033617][T11810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  497.085107][T11810] ext4 filesystem being mounted at /370/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  497.132108][ T5907] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  497.304148][ T5907] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  497.333233][ T5907] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  497.492036][T11823] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  497.976938][ T5907] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  497.992844][ T5907] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  498.002368][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.010502][ T5907] usb 4-1: Product: syz
[  498.014754][ T5907] usb 4-1: Manufacturer: syz
[  498.020642][ T5907] usb 4-1: SerialNumber: syz
[  498.039974][ T5907] hub 4-1:1.0: bad descriptor, ignoring hub
[  498.058572][ T5907] hub 4-1:1.0: probe with driver hub failed with error -5
[  498.061771][T11822] bridge1: entered promiscuous mode
[  498.071065][T11822] bridge1: entered allmulticast mode
[  498.158226][ T5818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.178030][T11825] loop5: detected capacity change from 0 to 512
[  498.289191][ T5907] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  498.336734][T11825] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  498.475805][T11828] syzkaller0: entered promiscuous mode
[  498.484715][T11828] syzkaller0: entered allmulticast mode
[  498.682699][ T9878] usb 4-1: USB disconnect, device number 23
[  498.797093][ T9883] usb 2-1: USB disconnect, device number 33
[  498.799830][ T9878] usblp1: removed
[  499.134773][ T9878] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  499.312715][ T9878] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  499.329027][ T9878] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  499.351566][ T9878] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  499.388217][ T9878] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  499.397840][ T9878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.413551][ T9878] usb 4-1: Product: syz
[  499.425272][ T9878] usb 4-1: Manufacturer: syz
[  499.430124][ T9878] usb 4-1: SerialNumber: syz
[  499.470635][ T9878] hub 4-1:1.0: bad descriptor, ignoring hub
[  499.484366][ T9878] hub 4-1:1.0: probe with driver hub failed with error -5
[  499.701946][ T9878] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 24 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  499.744735][ T9878] usb 4-1: USB disconnect, device number 24
[  499.759057][ T9878] usblp0: removed
[  499.931001][ T9877] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  500.082997][ T9877] usb 5-1: config 0 has no interfaces?
[  500.091803][ T9877] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  500.101253][ T9877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.109307][ T9877] usb 5-1: Product: syz
[  500.119822][ T9877] usb 5-1: Manufacturer: syz
[  500.124949][ T9877] usb 5-1: SerialNumber: syz
[  500.136744][ T9877] usb 5-1: config 0 descriptor??
[  500.335621][T11845] loop3: detected capacity change from 0 to 2048
[  500.411643][T11843] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1782'.
[  500.429386][T11845] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  500.456059][T11845] ext4 filesystem being mounted at /328/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  501.576290][T11849] bridge1: entered promiscuous mode
[  501.581703][T11849] bridge1: entered allmulticast mode
[  501.663640][ T5819] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  501.715494][ T5186] block nbd2: Possible stuck request ffff8880276c0000: control (read@0,4096B). Runtime 90 seconds
[  501.729621][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  501.736211][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  501.876398][T11853] netlink: 'syz.3.1784': attribute type 1 has an invalid length.
[  501.980359][T11859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1784'.
[  502.021888][T11856] loop0: detected capacity change from 0 to 2048
[  502.040976][T11859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1784'.
[  502.064749][T11853] 8021q: adding VLAN 0 to HW filter on device bond2
[  502.068318][T11856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  502.131500][T11856] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  502.594699][T11871] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  503.099714][T11869] bridge2: entered promiscuous mode
[  503.105041][T11869] bridge2: entered allmulticast mode
[  503.220045][ T5818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.271365][ T5881] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  504.475062][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  504.497824][ T5881] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  504.565147][ T5881] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  504.585487][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  504.594956][ T5881] usb 1-1: Product: syz
[  504.599382][ T5881] usb 1-1: Manufacturer: syz
[  504.604487][ T5881] usb 1-1: SerialNumber: syz
[  504.624322][ T5881] usb 1-1: config 0 descriptor??
[  504.645958][T11882] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  504.662443][ T9883] usb 5-1: USB disconnect, device number 31
[  504.663423][ T5881] hub 1-1:0.0: bad descriptor, ignoring hub
[  504.684569][ T5881] hub 1-1:0.0: probe with driver hub failed with error -5
[  504.765252][T11894] loop4: detected capacity change from 0 to 2048
[  504.804605][T11894] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  504.819396][T11894] ext4 filesystem being mounted at /353/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  505.151443][T11899] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  505.882055][ T5820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.930251][ T9883] usb 1-1: USB disconnect, device number 39
[  505.962949][T11902] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  507.775411][T11916] loop4: detected capacity change from 0 to 2048
[  507.831984][T11916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  507.835547][T11908] syzkaller0: entered promiscuous mode
[  507.849655][T11908] syzkaller0: entered allmulticast mode
[  507.857904][T11916] ext4 filesystem being mounted at /355/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  510.738129][T11926] bridge1: entered promiscuous mode
[  510.743441][T11926] bridge1: entered allmulticast mode
[  510.873427][ T5820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.089457][T11937] loop3: detected capacity change from 0 to 2048
[  511.164486][T11937] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  511.187214][T11937] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  512.376787][T11947] bridge2: entered promiscuous mode
[  512.382127][T11947] bridge2: entered allmulticast mode
[  512.744231][ T5819] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.917895][T11953] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  512.927665][T11953] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  512.936534][T11953] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  512.945002][T11953] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  512.958163][T11953] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  513.181788][T11957] loop3: detected capacity change from 0 to 512
[  513.201472][T11957] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  513.259989][T11957] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  513.281639][T11957] ext4 filesystem being mounted at /338/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  513.380974][T10171] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  513.440431][T11951] chnl_net:caif_netlink_parms(): no params data found
[  513.530946][T10171] usb 5-1: Using ep0 maxpacket: 32
[  513.538612][T10171] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  513.562403][T10171] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  513.580639][T10171] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  513.590948][ T5881] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  513.597563][T10171] usb 5-1: Product: syz
[  513.611006][T10171] usb 5-1: Manufacturer: syz
[  513.615781][T10171] usb 5-1: SerialNumber: syz
[  513.633809][T10171] usb 5-1: config 0 descriptor??
[  513.651475][T11955] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  513.665766][T11951] bridge0: port 1(bridge_slave_0) entered blocking state
[  513.673869][T10171] hub 5-1:0.0: bad descriptor, ignoring hub
[  513.679819][T10171] hub 5-1:0.0: probe with driver hub failed with error -5
[  513.688083][T11951] bridge0: port 1(bridge_slave_0) entered disabled state
[  513.698125][T11951] bridge_slave_0: entered allmulticast mode
[  513.709569][T11951] bridge_slave_0: entered promiscuous mode
[  513.734919][T11951] bridge0: port 2(bridge_slave_1) entered blocking state
[  513.742543][T11951] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.750281][T11951] bridge_slave_1: entered allmulticast mode
[  513.768188][T11951] bridge_slave_1: entered promiscuous mode
[  513.928552][T11969] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  514.135940][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.232090][T10171] usb 5-1: USB disconnect, device number 32
[  514.366356][T11951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  514.564242][T11951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  514.600165][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.611218][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  514.624565][ T5881] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  514.638143][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.651474][ T5881] usb 4-1: config 0 descriptor??
[  514.726752][T11951] team0: Port device team_slave_0 added
[  514.758907][T11951] team0: Port device team_slave_1 added
[  514.940473][T11973] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  514.984338][T11951] batman_adv: batadv0: Adding interface: batadv_slave_0
[  514.991563][T11953] Bluetooth: hci6: command tx timeout
[  515.004573][T11951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  515.037255][T11951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  515.050659][T11951] batman_adv: batadv0: Adding interface: batadv_slave_1
[  515.057700][T11951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  515.084417][T11951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  515.134859][ T5881] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd
[  515.153881][T11951] hsr_slave_0: entered promiscuous mode
[  515.165631][T11951] hsr_slave_1: entered promiscuous mode
[  515.172664][ T5881] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  515.186900][T11951] debugfs: 'hsr0' already exists in 'hsr'
[  515.192878][T11951] Cannot create hsr debugfs directory
[  515.271050][ T9877] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  515.416772][T10171] usb 4-1: USB disconnect, device number 25
[  515.422589][T11951] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  515.434506][ T9877] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  515.448911][ T9877] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  515.463452][T11951] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  515.470676][ T9877] usb 5-1: config 0 has no interfaces?
[  515.483705][T11951] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  515.493577][ T9877] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  515.506574][ T9877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  515.514909][ T9877] usb 5-1: Product: syz
[  515.519225][ T9877] usb 5-1: Manufacturer: syz
[  515.524240][T11951] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  515.531097][ T9877] usb 5-1: SerialNumber: syz
[  515.543949][ T9877] usb 5-1: config 0 descriptor??
[  515.645506][T11951] 8021q: adding VLAN 0 to HW filter on device bond0
[  515.668080][T11951] 8021q: adding VLAN 0 to HW filter on device team0
[  515.682937][  T131] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.690066][  T131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  515.710831][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.718067][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  516.497247][ T5819] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  516.878443][T11951] 8021q: adding VLAN 0 to HW filter on device batadv0
[  517.071454][T11953] Bluetooth: hci6: command tx timeout
[  517.091217][ T9877] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  517.129384][T11951] veth0_vlan: entered promiscuous mode
[  517.154985][T11951] veth1_vlan: entered promiscuous mode
[  517.216219][T11951] veth0_macvtap: entered promiscuous mode
[  517.233656][T11951] veth1_macvtap: entered promiscuous mode
[  517.251119][ T9877] usb 4-1: Using ep0 maxpacket: 32
[  517.258835][ T9877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  517.274411][T11951] batman_adv: batadv0: Interface activated: batadv_slave_0
[  517.279565][ T9877] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  517.312669][ T9877] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  517.312898][T11951] batman_adv: batadv0: Interface activated: batadv_slave_1
[  517.332139][ T9877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.344255][  T131] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  517.358510][ T9877] usb 4-1: config 0 descriptor??
[  517.366807][  T131] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  517.374789][ T9877] hub 4-1:0.0: bad descriptor, ignoring hub
[  517.389025][ T9877] hub 4-1:0.0: probe with driver hub failed with error -5
[  517.390635][  T131] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  517.412155][ T9877] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  517.427915][  T131] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  517.555179][  T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  517.570924][  T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  517.617933][  T131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  517.626603][  T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  519.461620][ T9878] usb 5-1: USB disconnect, device number 33
[  519.480469][T11953] Bluetooth: hci6: command tx timeout
[  520.513055][ T9877] usb 4-1: USB disconnect, device number 26
[  520.804008][T12019] netlink: 'syz.3.1815': attribute type 1 has an invalid length.
[  520.981317][T12019] 8021q: adding VLAN 0 to HW filter on device bond3
[  521.126521][ T5830] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  521.136250][ T5830] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  521.144306][ T5830] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  521.156283][ T5830] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  521.164286][ T5830] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  521.463243][T12016] syzkaller0: entered promiscuous mode
[  521.468751][T12016] syzkaller0: entered allmulticast mode
[  521.551595][T11953] Bluetooth: hci6: command tx timeout
[  523.252520][ T5830] Bluetooth: hci7: command tx timeout
[  524.489713][T12028] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  524.851156][T12061] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  524.891357][T12040] netlink: 'syz.3.1817': attribute type 2 has an invalid length.
[  525.312965][ T5830] Bluetooth: hci7: command tx timeout
[  526.069759][ T9878] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  526.164750][T12023] chnl_net:caif_netlink_parms(): no params data found
[  526.251066][ T9878] usb 7-1: Using ep0 maxpacket: 32
[  526.268901][ T9878] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  526.310566][ T9878] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  526.343521][ T9878] usb 7-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  526.385106][ T9878] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.395138][ T9878] usb 7-1: Product: syz
[  526.399421][ T9878] usb 7-1: Manufacturer: syz
[  526.410971][ T9878] usb 7-1: SerialNumber: syz
[  526.432114][ T9878] usb 7-1: config 0 descriptor??
[  526.460747][T12093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1829'.
[  526.474530][T12023] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.482639][T12023] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.490021][T12023] bridge_slave_0: entered allmulticast mode
[  526.500568][T12023] bridge_slave_0: entered promiscuous mode
[  526.508551][T12089] syzkaller0: entered promiscuous mode
[  526.514315][T12089] syzkaller0: entered allmulticast mode
[  526.522887][T12023] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.530287][T12023] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.537664][T12023] bridge_slave_1: entered allmulticast mode
[  526.545666][T12023] bridge_slave_1: entered promiscuous mode
[  526.617308][T12023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.630468][T12023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.685621][T12023] team0: Port device team_slave_0 added
[  526.697871][T12023] team0: Port device team_slave_1 added
[  526.895860][T12023] batman_adv: batadv0: Adding interface: batadv_slave_0
[  527.397214][ T5830] Bluetooth: hci7: command tx timeout
[  527.443371][T12096] loop6: detected capacity change from 0 to 4096
[  527.450726][T12096] EXT4-fs: Ignoring removed mblk_io_submit option
[  527.469627][T12096] EXT4-fs (loop6): Test dummy encryption mode enabled
[  527.540537][T12096] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  527.635100][T12096] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  527.713879][T12100] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  527.883257][T12023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  527.910539][T12023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  527.953035][T12023] batman_adv: batadv0: Adding interface: batadv_slave_1
[  527.970892][T12023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  528.014880][T12023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  528.097039][T12103] loop4: detected capacity change from 0 to 1024
[  528.107526][T12103] EXT4-fs: Ignoring removed nomblk_io_submit option
[  528.212963][T12103] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  528.221762][T12103] System zones: 0-1, 3-36
[  528.238734][T12103] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  529.298940][T12108] syzkaller0: entered promiscuous mode
[  529.309038][T12108] syzkaller0: entered allmulticast mode
[  529.398013][ T9883] usb 7-1: USB disconnect, device number 2
[  529.471001][ T5830] Bluetooth: hci7: command tx timeout
[  529.625229][T11951] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.661676][T10171] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  529.856601][T10171] usb 1-1: Using ep0 maxpacket: 32
[  529.880592][T10171] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  529.891226][T10171] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  529.929660][T10171] usb 1-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  529.940110][T10171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.956857][T10171] usb 1-1: Product: syz
[  529.968149][T10171] usb 1-1: Manufacturer: syz
[  529.985673][T10171] usb 1-1: SerialNumber: syz
[  530.043900][T10171] usb 1-1: config 0 descriptor??
[  530.252089][ T5820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.917897][T12126] loop0: detected capacity change from 0 to 4096
[  530.925855][T12126] EXT4-fs: Ignoring removed mblk_io_submit option
[  531.012708][T12126] EXT4-fs (loop0): Test dummy encryption mode enabled
[  531.153426][T12126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  531.482942][T12134] nbd4: detected capacity change from 0 to 112
[  531.524549][T12137] block nbd4: shutting down sockets
[  531.532152][    C1] blk_print_req_error: 27 callbacks suppressed
[  531.532171][    C1] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.547912][    C1] buffer_io_error: 27 callbacks suppressed
[  531.547931][    C1] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.566534][ T5186] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.576894][ T5186] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.586623][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.596615][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.604584][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.616272][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.624281][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.634531][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.642593][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.652219][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.660616][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.670304][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.678503][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.688176][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.696114][T10039] ldm_validate_partition_table(): Disk read failed.
[  531.702914][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.712671][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.720579][T10039] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  531.730219][T10039] Buffer I/O error on dev nbd4, logical block 0, async page read
[  531.738249][T10039] Dev nbd4: unable to read RDB block 0
[  531.744215][T10039]  nbd4: unable to read partition table
[  531.757167][T10039] ldm_validate_partition_table(): Disk read failed.
[  531.765110][T10039] Dev nbd4: unable to read RDB block 0
[  531.771418][T10039]  nbd4: unable to read partition table
[  531.797473][ T5186] block nbd2: Possible stuck request ffff8880276c0000: control (read@0,4096B). Runtime 120 seconds
[  532.110967][ T9878] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  532.281271][ T9878] usb 5-1: Using ep0 maxpacket: 32
[  532.290610][ T9878] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  532.301160][ T9878] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  532.320405][ T9878] usb 5-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  532.329635][ T9878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.337862][ T9878] usb 5-1: Product: syz
[  532.342226][ T9878] usb 5-1: Manufacturer: syz
[  532.346949][ T9878] usb 5-1: SerialNumber: syz
[  532.363047][ T9878] usb 5-1: config 0 descriptor??
[  532.556735][ T9878] usb 1-1: USB disconnect, device number 40
[  532.633049][ T5818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.207227][T12144] loop4: detected capacity change from 0 to 4096
[  533.215256][T12144] EXT4-fs: Ignoring removed mblk_io_submit option
[  533.233550][T12144] EXT4-fs (loop4): Test dummy encryption mode enabled
[  533.294402][T12144] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  533.420975][T12112] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  535.265180][T10171] usb 5-1: USB disconnect, device number 34
[  535.330105][T12023] hsr_slave_0: entered promiscuous mode
[  535.338063][T12023] hsr_slave_1: entered promiscuous mode
[  535.349064][T12023] debugfs: 'hsr0' already exists in 'hsr'
[  535.358313][T12023] Cannot create hsr debugfs directory
[  535.366323][T12115] netlink: 'syz.6.1834': attribute type 2 has an invalid length.
[  535.452780][ T5820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.684127][T10171] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  536.944910][T12023] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  537.349087][T12023] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  537.380976][T10171] usb 4-1: Using ep0 maxpacket: 32
[  537.396721][T10171] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  537.466052][T12023] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  537.473571][T10171] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  537.520180][T10171] usb 4-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  537.550173][T12023] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  537.566181][T10171] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.582385][T12168] loop4: detected capacity change from 0 to 2048
[  537.601840][T10171] usb 4-1: Product: syz
[  537.606061][T10171] usb 4-1: Manufacturer: syz
[  537.622805][T10171] usb 4-1: SerialNumber: syz
[  537.664977][T10171] usb 4-1: config 0 descriptor??
[  537.672490][T12168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  537.757441][T12168] ext4 filesystem being mounted at /370/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  538.881259][T12186] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  539.414025][ T5820] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.514814][T12023] 8021q: adding VLAN 0 to HW filter on device bond0
[  539.678460][T12023] 8021q: adding VLAN 0 to HW filter on device team0
[  539.725907][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.733193][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  539.935818][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.943122][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  540.264390][T12209] loop6: detected capacity change from 0 to 1024
[  540.274663][T12209] EXT4-fs: Ignoring removed nomblk_io_submit option
[  540.314080][T12209] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  540.322922][T12209] System zones: 0-1, 3-36
[  540.341039][T12209] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  541.473547][T12023] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  541.513402][T12023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  542.396308][T11951] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.692544][T12023] 8021q: adding VLAN 0 to HW filter on device batadv0
[  542.701723][T12217] loop6: detected capacity change from 0 to 2048
[  542.755187][T12217] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  542.768321][T12217] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  543.188273][T12223] bridge1: entered promiscuous mode
[  543.194148][T12223] bridge1: entered allmulticast mode
[  543.904843][T11951] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.276890][T12023] veth0_vlan: entered promiscuous mode
[  545.315432][T12023] veth1_vlan: entered promiscuous mode
[  545.446720][T12023] veth0_macvtap: entered promiscuous mode
[  545.493097][T12023] veth1_macvtap: entered promiscuous mode
[  545.565263][T12023] batman_adv: batadv0: Interface activated: batadv_slave_0
[  545.609540][T12023] batman_adv: batadv0: Interface activated: batadv_slave_1
[  545.649907][   T58] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  545.677051][   T58] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  545.693968][   T58] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  545.711368][   T58] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  545.883717][ T9877] usb 4-1: USB disconnect, device number 27
[  545.910160][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  545.944553][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  546.014234][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.032921][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.037700][ T9878] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  548.223577][ T9878] usb 7-1: Using ep0 maxpacket: 32
[  548.234049][ T9878] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.263153][ T9878] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  548.328692][ T9878] usb 7-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  548.348820][ T9878] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.368902][ T9878] usb 7-1: Product: syz
[  548.378321][ T9878] usb 7-1: Manufacturer: syz
[  548.396809][ T9878] usb 7-1: SerialNumber: syz
[  548.419892][ T9878] usb 7-1: config 0 descriptor??
[  550.183152][T11953] Bluetooth: hci5: command 0x0406 tx timeout
[  551.271968][T12262] loop6: detected capacity change from 0 to 4096
[  551.279356][T12262] EXT4-fs: Ignoring removed mblk_io_submit option
[  551.338201][T12262] EXT4-fs (loop6): Test dummy encryption mode enabled
[  551.455749][T12262] EXT4-fs: error -4 creating inode table initialization thread
[  551.464175][T12262] EXT4-fs (loop6): mount failed
[  551.625451][T12266] loop7: detected capacity change from 0 to 1024
[  551.743408][T12266] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  551.887066][T12266] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1865'.
[  552.159952][ T9875] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  553.210174][T10171] usb 7-1: USB disconnect, device number 3
[  554.921144][ T9875] usb 4-1: device descriptor read/all, error -71
[  555.426462][T12281] loop6: detected capacity change from 0 to 1024
[  555.517913][T12281] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  555.615979][T12281] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1868'.
[  555.742657][T12023] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  555.986308][T11953] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  556.017584][T11953] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  556.028534][T11953] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  556.130086][T11953] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  556.603743][T11953] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  556.854063][T11951] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.370298][T12289] chnl_net:caif_netlink_parms(): no params data found
[  557.914616][T12289] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.928494][T12289] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.938019][T12289] bridge_slave_0: entered allmulticast mode
[  557.947593][T12289] bridge_slave_0: entered promiscuous mode
[  557.959649][T12289] bridge0: port 2(bridge_slave_1) entered blocking state
[  557.967467][T12289] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.975233][T12289] bridge_slave_1: entered allmulticast mode
[  557.997488][T12289] bridge_slave_1: entered promiscuous mode
[  558.332109][T10166] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  558.343357][T12316] syzkaller0: entered promiscuous mode
[  558.349884][T12316] syzkaller0: entered allmulticast mode
[  558.369517][T12289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  558.400900][T12289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  558.684854][ T5830] Bluetooth: hci8: command tx timeout
[  559.408217][T12289] team0: Port device team_slave_0 added
[  559.420928][T10166] usb 4-1: Using ep0 maxpacket: 32
[  559.428563][T12289] team0: Port device team_slave_1 added
[  559.635198][T12289] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.661044][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  559.718060][T12289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.753210][T12289] batman_adv: batadv0: Adding interface: batadv_slave_1
[  559.770448][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  559.828648][T12289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.870939][ T5881] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  560.007966][T12289] hsr_slave_0: entered promiscuous mode
[  560.025943][T12289] hsr_slave_1: entered promiscuous mode
[  560.042031][ T5881] usb 8-1: Using ep0 maxpacket: 32
[  560.055882][T12289] debugfs: 'hsr0' already exists in 'hsr'
[  560.064536][ T5881] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.080876][T12289] Cannot create hsr debugfs directory
[  560.090915][ T5881] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  560.123075][ T5881] usb 8-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  560.152278][ T5881] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.191354][ T5881] usb 8-1: Product: syz
[  560.195638][ T5881] usb 8-1: Manufacturer: syz
[  560.200250][ T5881] usb 8-1: SerialNumber: syz
[  560.301656][ T5881] usb 8-1: config 0 descriptor??
[  560.390027][T10166] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.400456][T10166] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  560.432698][T10166] usb 4-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  560.450906][T10166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.458949][T10166] usb 4-1: Product: syz
[  560.479641][T10166] usb 4-1: Manufacturer: syz
[  560.484554][T10166] usb 4-1: SerialNumber: syz
[  560.502971][T10166] usb 4-1: config 0 descriptor??
[  560.750979][ T5830] Bluetooth: hci8: command tx timeout
[  562.095503][T12331] loop7: detected capacity change from 0 to 4096
[  562.102955][T12331] EXT4-fs: Ignoring removed mblk_io_submit option
[  562.746039][T12334] loop3: detected capacity change from 0 to 4096
[  562.764012][T12334] EXT4-fs: Ignoring removed mblk_io_submit option
[  562.897569][ T5830] Bluetooth: hci8: command tx timeout
[  563.172827][ T5186] block nbd2: Possible stuck request ffff8880276c0000: control (read@0,4096B). Runtime 150 seconds
[  563.290912][T12331] EXT4-fs (loop7): Test dummy encryption mode enabled
[  563.893682][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  563.900058][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  563.932787][T12331] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  563.932921][T12331] EXT4-fs: failed to create workqueue
[  563.947852][T12331] EXT4-fs (loop7): mount failed
[  563.970449][T12334] EXT4-fs (loop3): Test dummy encryption mode enabled
[  563.996522][T12334] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  563.996601][T12334] EXT4-fs: failed to create workqueue
[  564.011986][T12334] EXT4-fs (loop3): mount failed
[  564.322343][ T9883] usb 8-1: USB disconnect, device number 2
[  564.620952][T10166] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  564.674701][ T9878] usb 4-1: USB disconnect, device number 30
[  564.781351][T10166] usb 7-1: Using ep0 maxpacket: 32
[  564.803199][T10166] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.843010][T10166] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.865698][T10166] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  564.876477][T10166] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.897815][T10166] usb 7-1: config 0 descriptor??
[  564.910987][ T5830] Bluetooth: hci8: command tx timeout
[  564.932157][T10166] hub 7-1:0.0: USB hub found
[  565.048916][T12289] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  565.151597][T10166] hub 7-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  565.166056][T12289] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  565.190192][T12289] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  565.223866][T12289] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  565.471210][ T5881] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  565.865597][T10166] hid-generic 0003:046D:C31C.0004: item fetching failed at offset 0/1
[  565.895792][T10166] hid-generic 0003:046D:C31C.0004: probe with driver hid-generic failed with error -22
[  566.020917][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  566.037225][ T5881] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.071600][ T5881] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  566.111936][ T5881] usb 1-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  566.124782][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.133963][ T5881] usb 1-1: Product: syz
[  566.138202][ T5881] usb 1-1: Manufacturer: syz
[  566.144220][ T5881] usb 1-1: SerialNumber: syz
[  566.156684][ T5881] usb 1-1: config 0 descriptor??
[  566.212718][ T9883] usb 7-1: USB disconnect, device number 4
[  566.245866][T12289] 8021q: adding VLAN 0 to HW filter on device bond0
[  566.297244][T12289] 8021q: adding VLAN 0 to HW filter on device team0
[  566.315374][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  566.322675][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  566.339006][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.346283][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state
[  566.370954][ T5881] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  566.644629][ T5881] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  566.690210][ T5881] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  566.843896][ T5881] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  566.939076][T12370] loop0: detected capacity change from 0 to 4096
[  566.946466][T12370] EXT4-fs: Ignoring removed mblk_io_submit option
[  566.960472][ T5881] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  566.975640][ T5881] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  566.984819][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.997068][ T5881] usb 4-1: Product: syz
[  567.014461][ T5881] usb 4-1: Manufacturer: syz
[  567.045488][ T5881] usb 4-1: SerialNumber: syz
[  567.059734][T12370] EXT4-fs (loop0): Test dummy encryption mode enabled
[  567.136388][T12370] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  567.542871][T12379] syzkaller0: entered promiscuous mode
[  567.549012][T12379] syzkaller0: entered allmulticast mode
[  567.815463][T12289] 8021q: adding VLAN 0 to HW filter on device batadv0
[  568.040850][T12384] loop3: detected capacity change from 0 to 256
[  568.240703][T12384] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  568.649795][ T9885] usb 1-1: USB disconnect, device number 41
[  568.735283][ T5818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  568.822553][ T9883] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  568.991492][ T9883] usb 7-1: Using ep0 maxpacket: 32
[  569.003121][ T9883] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  569.027835][ T9883] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  569.052739][ T9883] usb 7-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=3a.be
[  569.082611][ T9883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.096622][T12289] veth0_vlan: entered promiscuous mode
[  569.105763][ T9883] usb 7-1: Product: syz
[  569.116120][ T9883] usb 7-1: Manufacturer: syz
[  569.127359][ T9883] usb 7-1: SerialNumber: syz
[  569.134132][T12289] veth1_vlan: entered promiscuous mode
[  569.149583][ T9883] usb 7-1: config 0 descriptor??
[  569.803509][T12289] veth0_macvtap: entered promiscuous mode
[  569.825733][T12289] veth1_macvtap: entered promiscuous mode
[  569.867413][T12289] batman_adv: batadv0: Interface activated: batadv_slave_0
[  569.891628][T12289] batman_adv: batadv0: Interface activated: batadv_slave_1
[  569.917279][   T36] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  569.932424][   T36] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  569.947707][   T36] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  570.098505][ T5881] usb 4-1: 0:2 : does not exist
[  570.464113][T12398] loop6: detected capacity change from 0 to 4096
[  570.472169][T12398] EXT4-fs: Ignoring removed mblk_io_submit option
[  570.526490][T12398] EXT4-fs (loop6): Test dummy encryption mode enabled
[  570.553349][   T36] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  570.606362][T12398] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.851210][   T31] INFO: task syz.2.1386:10434 blocked for more than 144 seconds.
[  570.868367][   T31]       Not tainted syzkaller #0
[  570.873941][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  570.884355][   T31] task:syz.2.1386      state:D stack:25760 pid:10434 tgid:10434 ppid:5831   task_flags:0x400040 flags:0x00080002
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  570.899246][   T31] Call Trace:
[  570.907678][   T31]  <TASK>
[  570.913899][   T31]  __schedule+0x15dd/0x52d0
[  570.923860][   T31]  ? __pfx___schedule+0x10/0x10
[  570.938382][   T31]  ? schedule+0x90/0x360
[  570.960980][   T31]  schedule+0x164/0x360
[  570.965348][   T31]  schedule_preempt_disabled+0x13/0x30
[  570.988765][   T31]  __mutex_lock+0x7fe/0x1300
[  571.025374][   T31]  ? __mutex_lock+0x5ac/0x1300
[  571.066305][   T31]  ? bdev_release+0x1a9/0x650
[  571.086260][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  571.109365][   T31]  ? __asan_memset+0x22/0x50
[  571.131183][   T31]  ? __fsnotify_parent+0x267/0x620
[  571.154582][   T31]  ? __pfx___fsnotify_parent+0x10/0x10
[  571.193111][   T31]  bdev_release+0x1a9/0x650
[  571.207272][   T31]  ? __pfx_blkdev_release+0x10/0x10
[  571.221027][   T31]  blkdev_release+0x15/0x20
[  571.231325][   T31]  __fput+0x44f/0xa70
[  571.240691][   T31]  task_work_run+0x1d9/0x270
[  571.250935][   T31]  ? __pfx_task_work_run+0x10/0x10
[  571.258980][   T31]  exit_to_user_mode_loop+0xed/0x480
[  571.285049][ T5881] usb 4-1: USB disconnect, device number 31
[  571.340890][   T31]  ? rcu_is_watching+0x15/0xb0
[  571.347783][   T31]  do_syscall_64+0x32d/0xf80
[  571.352722][   T31]  ? trace_irq_disable+0x3b/0x150
[  571.357951][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.138557][   T31]  ? clear_bhb_loop+0x40/0x90
[  572.166505][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.200940][   T31] RIP: 0033:0x7f660319c799
[  572.205423][   T31] RSP: 002b:00007ffed9229548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  572.250963][   T31] RAX: 0000000000000000 RBX: 00007f6603417da0 RCX: 00007f660319c799
[  572.258994][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  572.294869][   T31] RBP: 00007f6603417da0 R08: 0000000000000006 R09: 0000000000000000
[  572.302974][   T31] R10: 00007f6603417cb0 R11: 0000000000000246 R12: 0000000000064980
[  572.311442][   T31] R13: 00007f6603415fac R14: 00000000000646b0 R15: 00007ffed9229650
[  572.326062][ T9015] udevd[9015]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  572.343233][   T31]  </TASK>
[  572.346334][   T31] INFO: task syz.2.1386:10436 blocked for more than 145 seconds.
[  572.354687][   T31]       Not tainted syzkaller #0
[  572.359716][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  572.400917][   T31] task:syz.2.1386      state:D stack:27056 pid:10436 tgid:10434 ppid:5831   task_flags:0x400140 flags:0x00080002
[  572.414222][   T31] Call Trace:
[  572.418041][   T31]  <TASK>
[  572.421475][   T31]  __schedule+0x15dd/0x52d0
[  572.426043][   T31]  ? __pfx___schedule+0x10/0x10
[  572.432618][   T31]  ? schedule+0x90/0x360
[  572.436916][   T31]  schedule+0x164/0x360
[  572.441560][   T31]  schedule_preempt_disabled+0x13/0x30
[  572.447053][   T31]  __mutex_lock+0x7fe/0x1300
[  572.451803][   T31]  ? __mutex_lock+0x5ac/0x1300
[  572.456597][   T31]  ? bdev_release+0x1a9/0x650
[  572.461544][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  572.466603][   T31]  ? __asan_memset+0x22/0x50
[  572.471530][   T31]  ? __fsnotify_parent+0x267/0x620
[  572.476688][   T31]  ? __pfx___fsnotify_parent+0x10/0x10
[  572.482268][   T31]  bdev_release+0x1a9/0x650
[  572.486867][   T31]  ? __pfx_blkdev_release+0x10/0x10
[  572.493781][   T31]  blkdev_release+0x15/0x20
[  572.498339][   T31]  __fput+0x44f/0xa70
[  572.502873][   T31]  task_work_run+0x1d9/0x270
[  572.507534][   T31]  ? __pfx_task_work_run+0x10/0x10
[  572.513172][   T31]  ? __fput_deferred+0x216/0x380
[  572.518873][   T31]  exit_to_user_mode_loop+0xed/0x480
[  572.524284][   T31]  ? rcu_is_watching+0x15/0xb0
[  572.529075][   T31]  do_syscall_64+0x32d/0xf80
[  572.533778][   T31]  ? trace_irq_disable+0x3b/0x150
[  572.538818][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.545008][   T31]  ? clear_bhb_loop+0x40/0x90
[  572.549720][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.555697][   T31] RIP: 0033:0x7f660319c799
[  572.560133][   T31] RSP: 002b:00007f6604091028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  572.568756][   T31] RAX: 0000000000000000 RBX: 00007f6603415fa0 RCX: 00007f660319c799
[  572.576939][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000004
[  572.585061][   T31] RBP: 00007f6603232bd9 R08: 0000000000000000 R09: 0000000000000000
[  572.593210][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  572.601408][   T31] R13: 00007f6603416038 R14: 00007f6603415fa0 R15: 00007ffed92293e8
[  572.609426][   T31]  </TASK>
[  572.638435][   T31] 
[  572.638435][   T31] Showing all locks held in the system:
[  572.662108][   T31] 1 lock held by khungtaskd/31:
[  572.667092][   T31]  #0: ffffffff8e760620 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  572.689600][   T31] 3 locks held by kworker/u8:2/36:
[  572.720996][   T31]  #0: ffff8880320ba948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
[  572.741445][   T31]  #1: ffffc90000ac7c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
[  572.757851][   T31]  #2: ffffffff8fbd3188 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0
[  572.767568][   T31] 2 locks held by getty/5579:
[  572.772311][   T31]  #0: ffff8880374710a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  572.782176][   T31]  #1: ffffc900033332f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[  572.792516][   T31] 3 locks held by syz-executor/5818:
[  572.797836][   T31]  #0: ffff88807b788ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0
[  572.807927][   T31]  #1: ffff88807b7880c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0
[  572.817700][   T31]  #2: ffffffff8e7668b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  572.832634][   T31] 2 locks held by kworker/1:5/5881:
[  572.837886][   T31]  #0: ffff88801b057548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
[  572.849717][   T31]  #1: ffffc9000404fc40 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
[  572.859769][   T31] 1 lock held by syz.3.369/6918:
[  572.864850][   T31] 1 lock held by udevd/9321:
[  572.869574][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  572.888140][   T31] 1 lock held by syz.2.1386/10434:
[  572.893375][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[  572.903408][   T31] 1 lock held by syz.2.1386/10436:
[  572.908544][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[  572.918255][   T31] 1 lock held by syz.5.1776/11815:
[  572.923494][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  572.933469][   T31] 1 lock held by syz.5.1776/11817:
[  572.938600][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  572.948618][   T31] 1 lock held by syz.5.1776/11821:
[  572.953860][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  572.963723][   T31] 1 lock held by syz.5.1776/11824:
[  572.968855][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  572.979554][   T31] 1 lock held by syz.1.1789/11878:
[  572.984816][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  572.994512][   T31] 1 lock held by syz.1.1789/11880:
[  572.999639][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.009211][   T31] 1 lock held by syz.1.1789/11883:
[  573.014760][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.024366][   T31] 1 lock held by syz.1.1789/11886:
[  573.029741][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.039297][   T31] 1 lock held by syz.4.1850/12198:
[  573.044633][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.054294][   T31] 1 lock held by syz.4.1850/12199:
[  573.059418][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.069100][   T31] 1 lock held by syz.4.1850/12200:
[  573.074780][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.084371][   T31] 1 lock held by syz.4.1850/12201:
[  573.089511][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.098977][   T31] 1 lock held by syz.7.1886/12360:
[  573.104128][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.113565][   T31] 1 lock held by syz.7.1886/12362:
[  573.118682][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.128119][   T31] 1 lock held by syz.7.1886/12363:
[  573.133839][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.143343][   T31] 1 lock held by syz.7.1886/12365:
[  573.148475][   T31]  #0: ffff88802757e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  573.158126][   T31] 2 locks held by syz.6.1889/12398:
[  573.163352][   T31]  #0: ffff8880550f00e0 (&type->s_umount_key#60){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  573.173731][   T31]  #1: ffffffff8e7668b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  573.184918][   T31] 2 locks held by syz.0.1892/12404:
[  573.190127][   T31]  #0: ffffffff8fbd3188 (rtnl_mutex){+.+.}-{4:4}, at: bpf_xdp_link_attach+0x121/0x980
[  573.199804][   T31]  #1: ffffffff8fbd6928 (bpf_dispatcher_xdp.mutex){+.+.}-{4:4}, at: bpf_dispatcher_change_prog+0xc6/0xd70
[  573.211186][   T31] 1 lock held by syz.0.1892/12405:
[  573.216286][   T31]  #0: ffffffff8fbd3188 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x42a/0x820
[  573.225293][   T31] 1 lock held by dhcpcd/12414:
[  573.230061][   T31]  #0: ffff888077d9ca48 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[  573.242175][   T31] 
[  573.244533][   T31] =============================================
[  573.244533][   T31] 
[  573.258937][   T31] NMI backtrace for cpu 0
[  573.258954][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  573.258975][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  573.258987][   T31] Call Trace:
[  573.258995][   T31]  <TASK>
[  573.259003][   T31]  dump_stack_lvl+0xe8/0x150
[  573.259037][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[  573.259065][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  573.259094][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  573.259124][   T31]  sys_info+0x135/0x170
[  573.259146][   T31]  watchdog+0xfd9/0x1030
[  573.259172][   T31]  ? watchdog+0x21a/0x1030
[  573.259198][   T31]  kthread+0x388/0x470
[  573.259220][   T31]  ? __pfx_watchdog+0x10/0x10
[  573.259237][   T31]  ? __pfx_kthread+0x10/0x10
[  573.259258][   T31]  ret_from_fork+0x51e/0xb90
[  573.259287][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  573.259311][   T31]  ? __switch_to+0xc7d/0x1450
[  573.259339][   T31]  ? __pfx_kthread+0x10/0x10
[  573.259361][   T31]  ret_from_fork_asm+0x1a/0x30
[  573.259396][   T31]  </TASK>
[  573.259403][   T31] Sending NMI from CPU 0 to CPUs 1:
[  573.371372][    C1] NMI backtrace for cpu 1
[  573.371391][    C1] CPU: 1 UID: 0 PID: 12398 Comm: syz.6.1889 Not tainted syzkaller #0 PREEMPT(full) 
[  573.371408][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  573.371417][    C1] RIP: 0010:get_stack_info_noinstr+0xf7/0x130
[  573.371444][    C1] Code: d7 40 0f 92 c6 49 39 cf 40 0f 93 c7 40 08 f7 75 27 41 c7 06 02 00 00 00 49 89 56 08 49 89 4e 10 48 8b 00 49 89 46 18 89 d8 5b <41> 5c 41 5d 41 5e 41 5f e9 7c 19 03 00 cc 4c 89 ff 4c 89 f6 5b 41
[  573.371457][    C1] RSP: 0018:ffffc9001bf9f570 EFLAGS: 00000202
[  573.371472][    C1] RAX: 000000001bf9f601 RBX: ffffc9001bf9f648 RCX: ffffc9001bf98000
[  573.371484][    C1] RDX: ffffc9001bf9f628 RSI: ffffc9001bfa0000 RDI: ffffc9001bf9f5c8
[  573.371494][    C1] RBP: ffffc9001bf9f601 R08: ffffc9001bf9f601 R09: 0000000000000000
[  573.371505][    C1] R10: ffffc9001bf9f628 R11: fffff520037f3ed1 R12: ffff88807f7cbd00
[  573.371516][    C1] R13: ffffc9001bf9f648 R14: ffffc9001bf9f628 R15: ffffc9001bf9f5c8
[  573.371528][    C1] FS:  0000000000000000(0000) GS:ffff888125557000(0000) knlGS:0000000000000000
[  573.371540][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  573.371551][    C1] CR2: 00007ffd22194818 CR3: 0000000037ef0000 CR4: 00000000003526f0
[  573.371567][    C1] Call Trace:
[  573.371573][    C1]  <TASK>
[  573.371580][    C1]  get_stack_info+0x3a/0xf0
[  573.371603][    C1]  __unwind_start+0x43e/0x760
[  573.371629][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  573.371646][    C1]  arch_stack_walk+0xe3/0x150
[  573.371664][    C1]  ? __unwind_start+0xf7/0x760
[  573.371686][    C1]  stack_trace_save+0xa9/0x100
[  573.371702][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  573.371719][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[  573.371741][    C1]  save_stack+0x122/0x230
[  573.371758][    C1]  ? __pfx_save_stack+0x10/0x10
[  573.371785][    C1]  __reset_page_owner+0x71/0x1f0
[  573.371802][    C1]  __free_frozen_pages+0xbe2/0xd60
[  573.371820][    C1]  ? ___free_pages+0xb2/0x220
[  573.371839][    C1]  vfree+0x1e9/0x3d0
[  573.371855][    C1]  ? __pfx_kcov_close+0x10/0x10
[  573.371869][    C1]  kcov_close+0x28/0x50
[  573.371882][    C1]  __fput+0x44f/0xa70
[  573.371916][    C1]  task_work_run+0x1d9/0x270
[  573.371934][    C1]  ? __pfx_task_work_run+0x10/0x10
[  573.371951][    C1]  ? kmem_cache_free+0x187/0x630
[  573.371967][    C1]  ? do_exit+0x70a/0x23c0
[  573.371985][    C1]  do_exit+0x70f/0x23c0
[  573.372001][    C1]  ? try_to_wake_up+0x7fc/0x1390
[  573.372019][    C1]  ? __pfx_do_exit+0x10/0x10
[  573.372036][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  573.372056][    C1]  do_group_exit+0x21b/0x2d0
[  573.372071][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  573.372094][    C1]  get_signal+0x1284/0x1330
[  573.372123][    C1]  arch_do_signal_or_restart+0xbc/0x830
[  573.372142][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  573.372169][    C1]  exit_to_user_mode_loop+0x86/0x480
[  573.372185][    C1]  ? rcu_is_watching+0x15/0xb0
[  573.372208][    C1]  do_syscall_64+0x32d/0xf80
[  573.372223][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.372239][    C1]  ? clear_bhb_loop+0x40/0x90
[  573.372257][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.372271][    C1] RIP: 0033:0x7fd8df19c799
[  573.372285][    C1] Code: Unable to access opcode bytes at 0x7fd8df19c76f.
[  573.372292][    C1] RSP: 002b:00007fd8dffd00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  573.372308][    C1] RAX: fffffffffffffe00 RBX: 00007fd8df416188 RCX: 00007fd8df19c799
[  573.372319][    C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd8df416188
[  573.372328][    C1] RBP: 00007fd8df416180 R08: 0000000000000000 R09: 0000000000000000
[  573.372338][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  573.372348][    C1] R13: 00007fd8df416218 R14: 00007ffe355e0940 R15: 00007ffe355e0a28
[  573.372368][    C1]  </TASK>
[  573.770902][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  573.777800][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  573.786933][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  573.796993][   T31] Call Trace:
[  573.800273][   T31]  <TASK>
[  573.803208][   T31]  vpanic+0x56c/0xa60
[  573.807205][   T31]  ? __pfx___schedule+0x10/0x10
[  573.812056][   T31]  ? __pfx_vpanic+0x10/0x10
[  573.816566][   T31]  ? __pfx_console_unlock+0x10/0x10
[  573.821788][   T31]  panic+0xc5/0xd0
[  573.825529][   T31]  ? __pfx_panic+0x10/0x10
[  573.829969][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  573.835356][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  573.841527][   T31]  watchdog+0x1023/0x1030
[  573.845951][   T31]  ? watchdog+0x21a/0x1030
[  573.850386][   T31]  kthread+0x388/0x470
[  573.854462][   T31]  ? __pfx_watchdog+0x10/0x10
[  573.859143][   T31]  ? __pfx_kthread+0x10/0x10
[  573.863735][   T31]  ret_from_fork+0x51e/0xb90
[  573.868345][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  573.873460][   T31]  ? __switch_to+0xc7d/0x1450
[  573.878148][   T31]  ? __pfx_kthread+0x10/0x10
[  573.882740][   T31]  ret_from_fork_asm+0x1a/0x30
[  573.887516][   T31]  </TASK>
[  573.891048][   T31] Kernel Offset: disabled
[  573.895367][   T31] Rebooting in 86400 seconds..