last executing test programs:

4m48.054201932s ago: executing program 0 (id=157):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400009"], 0x50)
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000))
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000002800)=[{{&(0x7f00000004c0)={0xa, 0x4e22, 0x6, @private2, 0x8}, 0x1c, &(0x7f0000000a40)=[{&(0x7f0000000500)='J', 0x1}], 0x1}}], 0x1, 0xc010)

4m47.70391605s ago: executing program 0 (id=159):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, 0x0}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x16, 0x5})

4m47.198672334s ago: executing program 0 (id=164):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2800000068000100fdfc0000ffdbdf25020000000400000008000600e00a000008000500", @ANYRES32=r2], 0x28}}, 0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

4m47.082711538s ago: executing program 0 (id=167):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2c2, &(0x7f00000006c0)="$eJzs3T+LI2UYAPBndpNJ7iySwkoEB7SwOm6vtckiOThMpaRQC128O5AkCHew4CkGK1sbSz+BINj5JWwEP4DgB7DzioNXJpkh2btJsoHLrX9+vyL77Lzv877POzPZPyzz7sevziZ3i7j/9Ze/R7ebxdEgBvE4i34cRS2llGJl8G0AAP9mj1OKP9PSJVMG5UsWEd3DlgYAHMje3/9/OnhJAMCBvff+B++cjkbDd4uiG7dn35yPy9/sy4/L9tP78WlM417cjF48Wf4toP5poXy9nVKat4pSP96Yzc/HZebso1+q8U/riU6iF/1FdDH/zmh4Uiyt5c/LOq5X8w/K+W9FL15umP/OaHirIT/Gebz5+lr9N6IXv34Sn8U07i6KWOV/dVIUb6fv/vriw7K8Mj+bn487i34r6fjFXRUAAAAAAAAAAAAAAAAAAAAAAP7rblR753RisX9Peajaf+f4SflJO4pa/+L+PMv8rB7oqf2B5im+T6nTihgNbxZFkaqOq/xWvNKK1tWsGgAAAAAAAAAAAAAAAAAAAP5ZHn7+aHI2nd570BD8dj1iQ9OGoN4NoH6sf0fW8aamwdqR1+LR5KyzecC1pqMq3DJpHNd9soity4lWux65v9dJ2D+4tqnmH37cd8Du7j7tbefn+QT13TU5y6KxTyfqI936mv683iePS86Vb2pKu2+/tSBvbOrtvfb8pUUw39Insm2FvfXH8sxVR7KnV5EvzmpjenttN47me6P5Wmx6pzwjW7yt8+f3xQcAAAAAAAAAAAAAAAAAALhg9dDvM03XdqQepc7BygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2r1///3COZV8iU65/Hg4RUvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwMAAP//QSRWPA==")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x1ff, &(0x7f0000000440)=<r1=>0x0)
ftruncate(r0, 0x81fe)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])

4m46.693592668s ago: executing program 0 (id=171):
r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e)
close(r0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r1, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

4m46.395799756s ago: executing program 0 (id=176):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
mlock(&(0x7f0000400000/0xc00000)=nil, 0xc00000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010011a801000f4800400058008000900000000000800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c"], 0x270}}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfc)

4m45.85907112s ago: executing program 32 (id=176):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
mlock(&(0x7f0000400000/0xc00000)=nil, 0xc00000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010011a801000f4800400058008000900000000000800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c"], 0x270}}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfc)

2m48.94627566s ago: executing program 4 (id=1128):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000001200)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})

2m46.048618647s ago: executing program 4 (id=1150):
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1, 0x0, 0xc00}, 0x80)
r1 = socket$kcm(0x1e, 0x4, 0x0)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef)

2m45.828120944s ago: executing program 4 (id=1152):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f00000006c0)=[@in6={0xa, 0x4e20, 0x0, @private2}, @in6={0xa, 0x4e20, 0xff000000, @dev={0xfe, 0x80, '\x00', 0x12}, 0x8}]}, &(0x7f0000000100)=0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2}, 0x90)

2m45.59263274s ago: executing program 4 (id=1156):
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade50151923a70b46eacfc1aaaebcf156e549eae4b2f81fd363b7ef31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffff7fff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b149ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d000000000000000094654729e4c442741c3a73c017c555a77a006acb", @ANYRESHEX], 0x1, 0x1a3, &(0x7f00000009c0)="$eJzsmDFP6lAUx/+3hTY8XsJb31veSx4JvOGVtrxnZHBgdtBEo3GTSCVoEQMdgM34IZz9BM7Ehe+hgzo5qJtxcKhpe6GXSnHAGBLPb7j99dyTy7mH5JAAgiA+LTfXj1dnuWzK86/IQuXxWznMkYT8fub5z0V95fxEf7jsD5ZLkePS6fiPYpOCCQCDsgyHv7uu64r7Wf5chzT0pLi/iSdo3LchYYO7BYYt7nuCN8Ggadpu3ba0naZd9UT3FsNbTG8pRuu7P2KoCvWJF2l3e/sV27ZaI1ERjcwq8S3l9ZUlLAn1id/XsDd62D8YkGBwL4Jhjfsi1GFvgpYI9/+RCM+Xp96fZFy+Z97ISWJeSiV5B2Hw5C4FRLYUAHNR4cdIOJ/cU4acMJ8SwvwoOI3DQrvb+1tvVGpWzTowzeKC/k/X/5sFfxAF65T5l/Ln0xfh/GRMrsIUdCqO0zKCdfRudlQ4LXPSxFX8+Sch/zuomvGYiP978I398h55GTiOrZYgCIIgCIIgCIIgCIIgCGIWfoL5/4KOUXoVMlf97JcAAAD//z7Sbhk=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x1a)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r1, &(0x7f0000000400)=""/4096, 0xc00)

2m45.339991567s ago: executing program 4 (id=1158):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
r1 = dup(r0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, 0x0)

2m44.766224052s ago: executing program 4 (id=1165):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='oom_adj\x00')
close(0x3)
fchdir(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)

2m44.49326895s ago: executing program 33 (id=1165):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='oom_adj\x00')
close(0x3)
fchdir(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)

1m53.264775959s ago: executing program 5 (id=1586):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x40000005, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x27, 0x0, 0x0, 0x0, 0x0, 0x3, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1002}, 0x50)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000001c0)=0x7f, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1m53.035274816s ago: executing program 5 (id=1589):
r0 = socket(0x2, 0x3, 0xff)
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
rt_sigtimedwait(&(0x7f00000000c0)={[0xe]}, 0x0, 0x0, 0x8)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00', <r2=>0x0})
sendmmsg$inet(r1, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}}], 0x1, 0x40014)

1m51.195056815s ago: executing program 5 (id=1603):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newtaction={0x84, 0x30, 0xb, 0x0, 0x4, {}, [{0x70, 0x1, [@m_gact={0x6c, 0x1, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x3, 0xa6, 0x20000000, 0x1, 0x7fffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1dc3, 0x2}}, @TCA_GACT_PARMS={0x18, 0x2, {0xfffffffc, 0xfffffff5, 0x0, 0xfffffffb, 0x80000001}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r2, &(0x7f0000000140)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="2c000000000000000000000007000000441c0503e0"], 0x30}, 0x40880)

1m51.053795669s ago: executing program 5 (id=1598):
syz_mount_image$udf(&(0x7f0000000480), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f00000005c0)=ANY=[@ANYBLOB='adinicb,dmode=00000000000000000000006,utf8,uid=', @ANYRESDEC=0x0, @ANYBLOB="2c7569643d69676e6f72652c696f636861727365743d6d6163696e7569742c6d6f64653d30303030303030303030303030303030303030303031302c696f636861727365743d69736f383835392d31332c6164696e6963622c6769643d69676e6f72652c6c617374626c6f636b3d30303030303030303030303030303030303030372c6769643d666f726765742c766f6c756d653d30303030303030303030303030303030303132342c6206c81400"], 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x34, &(0x7f0000000000)=0x2f, 0x4)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x198)

1m50.813891835s ago: executing program 5 (id=1601):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)

1m50.27369457s ago: executing program 5 (id=1608):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000002000000fe8000000000000000000000030000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000010000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x10040)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

1m50.037931146s ago: executing program 34 (id=1608):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000002000000fe8000000000000000000000030000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000010000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x10040)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

53.568429868s ago: executing program 1 (id=2170):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, r1, 0x2f, 0x0, @void}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000017c0)={r2, r1, 0x4, r1}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

52.800761998s ago: executing program 1 (id=2175):
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
accept(r0, 0x0, 0x0)

51.749716497s ago: executing program 1 (id=2178):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)=@delchain={0x24, 0x65, 0x200, 0x4070bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x2, 0xfff1}, {0x3, 0x6}, {0xfff1, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0xc050)
recvmsg$can_raw(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)

51.59814475s ago: executing program 1 (id=2179):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@resgid}, {@barrier}, {@quota}, {@delalloc}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, 0x0)
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xb, 0x0, 0x100000}, 0x20)

51.201456271s ago: executing program 1 (id=2185):
open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ff7000/0x4000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x4eaa, 0xc000, 0x0, 0x25e})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

50.045594212s ago: executing program 1 (id=2197):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000500), &(0x7f0000000080)=0x8)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/36, 0x24}], 0x1)

49.696124441s ago: executing program 35 (id=2197):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000500), &(0x7f0000000080)=0x8)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/36, 0x24}], 0x1)

4.11021459s ago: executing program 3 (id=2593):
r0 = epoll_create1(0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESDEC=r1])
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000001c0)={0x20000001})
close_range(r3, 0xffffffffffffffff, 0x0)

4.10466125s ago: executing program 6 (id=2601):
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000780)="39000000130003c700bb68e1cbe4ffff010000000100000056000000099a00a1649afddfd281b625000000190004000400000007fdd411efc4", 0x39}], 0x1)
close(r0)

3.902171015s ago: executing program 6 (id=2594):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00444, &(0x7f0000000040)={[{@data_err_ignore}, {@noblock_validity}, {@noload}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xa5a}}, {@jqfmt_vfsv0}, {@nodiscard}, {@nombcache}]}, 0x1, 0xbbb, &(0x7f0000001800)="$eJzs3M9rHOUbAPBnJpvf+TbpF1FbBANSFcVt2pQKPbWeRQU9eGxMNiVk+8Mkggk9pPWuHkQ8FKR/guDdXjwJHupB619QxCJFL20PK7M/0jWb3cR0s2PTzwfezPvOO9nneTLZzDuwkwCeWJPZlzTiUEScTSLG6/vTiBio9oYi1mvH3b97eTZrSVQq7/6RRBIR9+5enm28VlLfjtYHQxFx840k/v9Ja9zl1bXFmXK5tFQfH105f+no8uraawvnZ86VzpUunJh+/cT0yenpLtZ6+9IHXz3301svXr3+6dTbXx74IYnTMVafa66jWyZjcuNn0qwQETPdDpaTvno9zXUmhRwTAgCgo7RpDfd0jEdfPFy8jcf3P+eaHAAAANAVlb6ICgAAALDPJe7/AQAAYJ9rfA7g3t3Ls42W7ycSeuvOmYiYqNXfeL65NlOI9ep2KPojYuTPJJofa01q3/bIJrNI3/5Yylps9xzycBcCbrJ+JSKe3er8J9X6J6pPcbfWn0bEVBfiT24a9/r371HqP92F+HnXD8CT6caZ2oWs9fqX1tY/g7XR5utfYYtr127kff1rrP/ut6z/0o31X1+b9d87O4xx+MErN9vNNa//3v/s17ksfrZ9pKL+hTtXIg4Xtqo/2ag/aVP/2R3GGJ29fa3dXFZ/Vm+j9br+yvWII9XVXGv9DUmn/090dH6hXJqqfd3i9VdPdo7ffP6zlsVv3Av0Qnb+R2J35//SDmNMPPP7oXZz29ef/jaQvFftDdT3fDyzsrJ0LGIgebN1//HOuTSOabxGVv/LL3R+/29Vf/Y3Yb3+c8h+e67Ut9n46qaYo0eOf7P7+vdWVv/cLs//5zuM8fV31z7ctGvjzZV3/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HtKIGIskLW7007RYjBiNiKdiJC1fXF55df7iRxfmsrmIiehP5xfKpamIGK+Nk2x8rNp/OD6+aTwdEQcj4ovx4eq4OHuxPJd38QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwYjYixSNJiRKQR8dd4mhaLeWcFAAAAdN1E3gkAAAAAe879PwAAAOx/Lff/hX+MhnqZCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPvSwedv3EoiYv3UcLVlBupz/blmBuy1dGeHjex1HkDv9eWdAJCbQlO/UqlUckwF6DH3+ECyzfxQ25nBrucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/XS4du3EoiYv3UcLVlBupz/blmBuy1NO8EgNz0dZpMtt0BPMYKeScA5MY9PlBb2T+o1LTOD7X9zsGH3fXdRQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8TFWbUlajIi02k/TYjHifxExEf3J/ELEVEQciIhfxvsH5xfKpWN5Jw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDXLa+uLc6Uy6UlHR2dLnaGo2exhutv5jbHDLaf6tDJ+Q8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5WF5dW5wpl0tLy3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORteXVtcaZcLi3tYSfvGgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyM/fAQAA///+hAlq")
syz_mount_image$vfat(&(0x7f0000005880), &(0x7f00000001c0)='./bus\x00', 0x2000041, 0x0, 0x3, 0x0, &(0x7f0000000240))
r0 = open$dir(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x83)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x2, @desc2})
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000080)=@v2={0x2, @aes256, 0x8, '\x00', @b})

3.901479355s ago: executing program 3 (id=2595):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8002, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc778000)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x100)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)

3.322517011s ago: executing program 6 (id=2600):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42280, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3.038979948s ago: executing program 2 (id=2602):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x6, 0x104}}, 0x10)
bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x40, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40040}, 0x4)

2.866373293s ago: executing program 2 (id=2603):
mount$fuse(0x0, 0x0, &(0x7f00000020c0), 0x0, &(0x7f0000000200)=ANY=[@ANYRESDEC=0x0])
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000040000090000000000000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2aaa12fb1c658c08}, 0x4000041)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c300000638af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x5, 0xe, 0x0, &(0x7f00000000c0)="469dc2d342e2b7000091000000000bcf48f3ac4e19a56ceb0b42c0", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x22)

2.701682557s ago: executing program 7 (id=2604):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./file0\x00')
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x61)
copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0)

2.61112349s ago: executing program 7 (id=2605):
sched_setscheduler(0x0, 0x2, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x2200408, &(0x7f0000000200)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x0e\x94\x95>\x95\xb4@\x12\xc9\xf3\xb4\n\x99\xd1A\xcd\xfa\xdc\xfa\x0e&zr\x94>88\x10L\xdc\xb2o\xc3\x02|\xb8m\xb2\xa7\x15\xed\x9eP\xbdi\xdb\xc1\x98F\xd0\xd9\x9d\xbd\x1bi\xe8\xe31C/e\x9e\xdc\xb0I\x9d\x92\xae\xd6\xb4\xe2\xea\x10LJy\a\xf2\x96\xf8\x13ti\xfb5;\xfax\xab\x85\xc9\xe4\xef\x84\x92?\xaco\xb0v\x94\x93\xd9\xd3U|\x88Un\xc4\x8d\xc0|\x80Q\xdf+\xcaEN\x1e\x05\x82$\x7f\xd1\x96\f\xc9\xfb\xfe(]MR#\xffcA\xc9Y3\b\xb57^\x9d'}}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e040a260c"], 0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0xc0384707, 0x0)

2.198954461s ago: executing program 7 (id=2606):
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000100)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@barrier_val={'barrier', 0x3d, 0xde2}}]}, 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=")
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f000001fc00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1814011, 0x0, 0x40, 0x0, &(0x7f0000000140))
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x824851, 0x0, 0x1, 0x0, &(0x7f0000000d40))
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x600, 0x1)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)

1.829759601s ago: executing program 7 (id=2607):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

1.829619731s ago: executing program 2 (id=2608):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa1010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000280)={0x20, 0x1}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000180)={0x20, 0xa}, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000480)={0x0, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.645384576s ago: executing program 6 (id=2609):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xfff2}, {}, {0x10, 0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x405}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0xe6a7, 0x300}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010)

1.282702326s ago: executing program 2 (id=2610):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x8, 0x0, 0x0, 0x200000c1}], 0x1, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000280)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB="02"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000040)={r2, 0x2}, 0x8)

1.157433409s ago: executing program 6 (id=2611):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x91b47000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000028c0)=""/4071, 0xfe7}], 0x1}, 0x6}], 0x1, 0x2101, 0x0)

1.061585931s ago: executing program 3 (id=2612):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000380)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f00000000c0)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x7, @v={0x3, 0x6, 0x6, 0x9, {0x3, 0x6, "a2ea88bcffaf9d73"}}}, 0x12)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

1.041243322s ago: executing program 2 (id=2613):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
writev(r0, &(0x7f0000001480)=[{&(0x7f00000010c0)="1feb4934c3a9dd7b4a6487a396e4a71fdc2e89eb3d6578aefbddb891034a52a3b66f79499db172def10fc8db93f99bc0c966b43520d9dfb463a66e0d4394322d7b12a2c4a2021e73c6f08cd14bfdf4565bf2ae6509a78fcdd601fdbda3c358450b3c4faa4225bfb17eb25fdedd57edba4b5ef399040800000000000041f15918f3", 0x81}, {&(0x7f00000003c0)="51e4b68f19536342b73677cd5193777110de0eae1de8642c503cfd94f0929123460e2fe755b2ef981f6cb4794a5c33e2b006c993cfebcfdd2813b72755830fc1bcfbbd7a1ff49f6ec717c6e10cfe71375323712d4f2882b87c870932ce4a5ad25b467da6530db47373882b", 0x6b}, {&(0x7f0000000140)="8682d68bf197cfcfb4d1c8f754288b238afd9bb95e245b25f7f0ee2aea5e3994c570b2995e5b4d002855fd74a42ea4adc6fdb48eced6938e98f566c5aa74c8", 0x3f}, {&(0x7f00000001c0)="af930f839896cd6a27c09f1e7cdc9c7d3f9a35c4552ebd13766b87946822df5f7a5217f835603e3e8d9733823b5f98a2a3bef845f19a47060a02", 0x3a}, {&(0x7f0000001300)="a90e3d7b8a5479a2f0458411bddb88a48fd1959dd300ff511daadcc1ac0d53152efed2e14f33938bf77d08f56cdc796e03a1a9ec42d287bb519b115cfb82955d0ae005c709521d5f60eade09372ecdd859451d847e604859331c426712117ae10d6b688512875fe940377e", 0x6b}, {&(0x7f0000001500)="1df5cf947b8580fc5790cccc28fecc918594c64112b0268e34ef2cb9b5e34e3c7be27759b0a6a7e0ec3a0ea8c7cb52669a07864d42b618041a6a5c090c62786b7d742437533a", 0x46}], 0x6)
write$binfmt_script(r0, &(0x7f0000000040), 0x18a3c85)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x77)
r2 = accept$alg(r1, 0x0, 0x0)
sendfile(r2, r0, 0x0, 0xf)

822.245338ms ago: executing program 3 (id=2614):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./bus\x00', 0x304080b, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x101546, 0x81)
fsetxattr(r0, &(0x7f0000000400)=@known='trusted.overlay.metacopy\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Ls1cYB+CTwEsoVCIiONhBMLg0KsRBh2SwEtMsRsSKFGfBQQfBwUFSorMf/4DiF4iL2NlRjCAKcZKM4lxQXDKltD6FtnZpiyl9ua4lnHPf59w5/J7A/1o8/NRsNmMhhGbi75/+7jQ/XuyZHJ2aDiEW5kII+a++/LUSizp+u/U8WpeidTGRqe3fjL2ctt/23ldTh/GofhEP4YcQwuLjUfLfvo3P31nuKrm+sVzYXM0tPBTWnobm+/PdW/mlneGDbHmmKzsbfVgX8dbMT9VGju+apefdtoFP1Vojcx31pWMfM5//1p/z3+us1CuNib6TlcF0R/2yvB3l/ip/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgg53lrpLrG8uFzdXcwkNh7Wlovj/fvZVf2hk+yJZnurKz8be+i3hr5qdqI8d3zdLzbtvAp2qtkbmO+tKxd0e/+fFj/hIt9HX4Y/57nZV6pTHRd7IymO6oX5a3o9xf3+cPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCX8uPFnsnRqekQYmEuhPDt/fe9v+w3E2/1WNR3Hv2Wov1iIlPbvxl7OW2/7b2vpg4nEyEkfnfv4uNR8otWPoR/5OcAAAD//2wlhu4=")

220.541464ms ago: executing program 3 (id=2615):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000050000000200000004"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000011e0000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4048801}, 0x20000050)

197.181865ms ago: executing program 7 (id=2616):
capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x0, 0x0, 0x5})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x3, 0x2, 0xfffd}, {0x10000002, 0x0, 0x0, 0x9}]}, 0x94)
r0 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)

188.088445ms ago: executing program 2 (id=2617):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000140), 0x8, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}, {@userxattr}]})
chdir(&(0x7f0000000300)='./bus\x00')
linkat(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000003c0)='.\x00', 0x3a424bc, &(0x7f0000001040)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRESOCT, @ANYRESOCT=0x0, @ANYRESHEX, @ANYBLOB="e486301f94ddf2a3c6e9c6a4598fef2f7853d743f4831d65b415af9ec7dbc191ae080a134bb75d703b909f2312a98aee8b0f9b0db8e7ed2462a00363dad1638b2153b8042adc1cad959cd28efb4c8408de3df91b02cf343ff378c71b87fe0d59824e1618cd9913d306913a737be0e0af9d7310bf01ca4a8807b84427333d19419f24196d806ff138823247a8bf660b3819db5bbac9a3d8c83bbc03f79dd97f2a3ceb4e16d6a19e70233dd475778c5a2ff5143c51b6058a6effbef0ad0e432f91e823", @ANYRES16, @ANYBLOB="3c6b885bf908489ef65acbe7ed477655fb09210347b7d8625aea2bf1bbe1438c6c7bb3bacc3d987cb3a16cc54c097fcf5bad6fb10f7be6ae948910b691713032a5f6763d324bc636ee214b30bb728d56866bb38294011ac677107fbdf03cbafab6e797204db8b4ecc6e4800260c3da08f67c26f3ddcba7cf5431c12ad1499eb7bf91968e636f0dfefe231011580202573605119adcf2d373223b1697bbf0f1b6ce0ea484188eb2f1883b7198913a9037fb65541a3d7fe5e832b772bcf4727b3959c5a88681d9cd998988e0f7086ef4138436a56ce2100ea996b47c991bcbd1f015ae204010a3e6974e32c43ada4033cd328bc2d9607c57925e6f80007acbd2f75eb275f4e1a0a4d40ca9b923efabf4b7bf9ba393650c4ec8baaae9f6aea489705a4636aa5e3b4eae7a018dd6b2146759ed1f881018c86a58aa50721998e85536bb98db21a521591207e412b3f464abf7665b763c61bf5e448e727d1977efeef078e9793fc701b6f0422a31295785763b6dda5317e8f70f324a3e04ac10296c48226593d5eb8e29505182a351977bf3e75846bf69b2dd255aa3b0f8eef8395a1873065715b9e500"/433, @ANYRESHEX, @ANYRES8=0x0, @ANYBLOB="787fbcf0d953c7f09e72bb2e52a1f87e9302fa845ff03171634dcdcbfde9f09ac5308b68bf8ccb1186dcaa791090376a8ced429e212b7d50db18595fe44dc1973a193e4ccbd838bba3cb884f228953e593dbe276a8ce3da4d9ee24916115"], 0x5, 0x0, &(0x7f0000000000))
lchown(&(0x7f0000000000)='./cgroup\x00', 0x0, 0xee00)

71.250848ms ago: executing program 6 (id=2618):
unshare(0x6020400)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f00000001c0)='cpu.max\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x10000a006)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)

51.655529ms ago: executing program 3 (id=2619):
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(r0, r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8001)
r3 = getpgid(0x0)
fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3})
sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x4040011)

0s ago: executing program 7 (id=2620):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x0, @private2={0xfc, 0x2, '\x00', 0xff}}, @in6={0xa, 0x4e21, 0xf, @loopback, 0x6}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x4e24, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e24, @empty}}}, 0x90)

kernel console output (not intermixed with test programs):

0111][    T8] usb 5-1: config 0 descriptor??
[  214.569723][ T9338] loop3: detected capacity change from 0 to 16
[  214.592684][    T8] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  214.599692][ T9338] erofs: (device loop3): mounted with root inode @ nid 36.
[  215.414756][ T9340] loop2: detected capacity change from 0 to 40427
[  215.434559][ T9340] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  215.461662][ T9340] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  215.478755][ T9340] F2FS-fs (loop2): invalid crc value
[  215.496053][ T9340] F2FS-fs (loop2): Found nat_bits in checkpoint
[  215.610460][ T9340] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  215.617617][ T9340] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  215.796060][    T8] usb 5-1: USB disconnect, device number 8
[  215.864849][ T9357] overlayfs: upper fs does not support file handles, falling back to index=off.
[  215.934946][ T5761] syz-executor: attempt to access beyond end of device
[  215.934946][ T5761] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  215.971117][ T5761] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  216.006289][ T6101] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  216.035524][ T6101] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  216.970022][ T9389] loop4: detected capacity change from 0 to 16
[  216.992707][ T9389] erofs: (device loop4): mounted with root inode @ nid 36.
[  217.122845][ T6402] erofs: (device loop4): erofs_fill_dentries: bogus dirent @ nid 36
[  217.785409][ T9408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1164'.
[  218.203666][ T6101] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.236382][ T6101] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.421061][ T6101] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.453717][ T6101] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.594558][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  218.608261][ T5082] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  218.637333][ T6101] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.654123][ T5082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  218.661425][ T6101] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.682379][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  218.709370][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  218.717390][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  218.868236][ T6101] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  218.898057][ T6101] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.999096][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  219.190130][    T9] usb 3-1: Using ep0 maxpacket: 8
[  219.199535][    T9] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.211457][    T9] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.222072][    T9] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  219.237497][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  219.245375][    T9] usb 3-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00
[  219.254990][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.267850][    T9] usb 3-1: config 0 descriptor??
[  219.550331][ T9428] chnl_net:caif_netlink_parms(): no params data found
[  219.701408][    T9] wacom 0003:056A:032F.000A: unknown main item tag 0x2
[  219.708358][    T9] wacom 0003:056A:032F.000A: unknown main item tag 0x0
[  219.752725][    T9] wacom 0003:056A:032F.000A: hidraw0: USB HID vff.fc Device [HID 056a:032f] on usb-dummy_hcd.2-1/input0
[  219.797957][ T9428] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.812104][ T9428] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.823430][ T9428] bridge_slave_0: entered allmulticast mode
[  219.836239][ T9428] bridge_slave_0: entered promiscuous mode
[  219.906078][    T9] usb 3-1: USB disconnect, device number 16
[  219.917723][ T9428] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.931683][ T9428] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.942424][ T9428] bridge_slave_1: entered allmulticast mode
[  219.953247][ T9428] bridge_slave_1: entered promiscuous mode
[  220.029525][ T9428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.066533][ T9428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.156142][ T9428] team0: Port device team_slave_0 added
[  220.165838][ T9428] team0: Port device team_slave_1 added
[  220.283491][ T9428] batman_adv: batadv0: Adding interface: batadv_slave_0
[  220.308893][ T9428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.346233][ T9428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  220.405370][ T9428] batman_adv: batadv0: Adding interface: batadv_slave_1
[  220.422656][ T9428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.458110][ T9428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.618177][ T9481] loop1: detected capacity change from 0 to 16
[  220.630634][ T5802] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  220.639122][ T9481] erofs: (device loop1): mounted with root inode @ nid 36.
[  220.764177][ T9428] hsr_slave_0: entered promiscuous mode
[  220.778710][ T5771] Bluetooth: hci0: command tx timeout
[  220.799508][ T9428] hsr_slave_1: entered promiscuous mode
[  220.813488][ T9428] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  220.823086][ T9428] Cannot create hsr debugfs directory
[  220.852685][ T5802] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  220.861989][ T5802] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.870763][ T5802] usb 4-1: Product: syz
[  220.874966][ T5802] usb 4-1: Manufacturer: syz
[  220.880157][ T5802] usb 4-1: SerialNumber: syz
[  220.893716][ T5802] usb 4-1: config 0 descriptor??
[  221.073258][ T6101] hsr_slave_0: left promiscuous mode
[  221.080881][ T6101] hsr_slave_1: left promiscuous mode
[  221.087187][ T6101] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.095150][ T6101] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.118981][ T5802] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  221.128550][ T6101] bridge_slave_1: left allmulticast mode
[  221.134955][ T6101] bridge_slave_1: left promiscuous mode
[  221.144337][ T6101] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.155077][ T6101] bridge_slave_0: left allmulticast mode
[  221.164956][ T6101] bridge_slave_0: left promiscuous mode
[  221.174461][ T6101] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.263945][ T6101] veth1_macvtap: left promiscuous mode
[  221.279975][ T6101] veth0_macvtap: left promiscuous mode
[  221.309957][ T6101] veth1_vlan: left promiscuous mode
[  221.315350][ T6101] veth0_vlan: left promiscuous mode
[  221.579010][   T42] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  221.808992][   T42] usb 2-1: Using ep0 maxpacket: 8
[  221.837996][   T42] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  221.853309][   T42] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  221.872770][   T42] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  221.886845][   T42] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  221.906792][   T42] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  221.916302][   T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.199898][   T42] usb 2-1: GET_CAPABILITIES returned 0
[  222.205493][   T42] usbtmc 2-1:16.0: can't read capabilities
[  222.282749][ T9508] loop2: detected capacity change from 0 to 32768
[  222.291447][ T9508] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1189 (9508)
[  222.306606][ T9508] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  222.327365][ T9508] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  222.338194][ T9508] BTRFS info (device loop2): using free space tree
[  222.355243][ T5802] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  222.387105][ T5802] usb 4-1: USB disconnect, device number 17
[  222.456219][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.465488][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.474659][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.483813][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.510527][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.519703][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.548114][ T9508] BTRFS info (device loop2): enabling ssd optimizations
[  222.556253][ T9508] BTRFS info (device loop2): auto enabling async discard
[  222.573931][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.583094][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.592211][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.601303][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.659418][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.668615][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.683869][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.693033][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.702160][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.711283][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  222.775917][  T786] usb 2-1: USB disconnect, device number 15
[  222.865908][ T5771] Bluetooth: hci0: command tx timeout
[  222.938299][ T5761] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  223.273397][ T6101] team0 (unregistering): Port device team_slave_1 removed
[  223.554342][ T6101] team0 (unregistering): Port device team_slave_0 removed
[  223.700504][ T6101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  223.716649][ T6101] bond_slave_1 (unregistering): left promiscuous mode
[  223.809776][ T6101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  223.823477][ T6101] bond_slave_0 (unregistering): left promiscuous mode
[  224.377360][ T6101] bond0 (unregistering): Released all slaves
[  224.692049][ T9545] loop2: detected capacity change from 0 to 16
[  224.757612][ T9545] erofs: (device loop2): mounted with root inode @ nid 36.
[  224.936310][ T5771] Bluetooth: hci0: command tx timeout
[  224.938776][    T9] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  225.133035][ T9428] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  225.173840][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  225.190928][ T9428] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  225.201963][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  225.235542][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  225.254653][ T9428] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  225.266802][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.318758][ T5802] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  225.318888][ T9428] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  225.501104][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  225.511666][ T5802] usb 2-1: Using ep0 maxpacket: 16
[  225.517036][    T9] usbtmc 4-1:16.0: can't read capabilities
[  225.533704][ T5802] usb 2-1: unable to get BOS descriptor or descriptor too short
[  225.561326][ T5802] usb 2-1: config 6 has an invalid interface number: 91 but max is 1
[  225.576923][ T9428] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.595820][ T5802] usb 2-1: config 6 has an invalid interface number: 189 but max is 1
[  225.624799][ T5802] usb 2-1: config 6 has no interface number 0
[  225.632890][ T9428] 8021q: adding VLAN 0 to HW filter on device team0
[  225.642623][ T5802] usb 2-1: config 6 has no interface number 1
[  225.650869][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.658043][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.666873][ T5802] usb 2-1: config 6 interface 189 altsetting 19 bulk endpoint 0x8 has invalid maxpacket 8
[  225.681728][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.687270][ T5802] usb 2-1: config 6 interface 91 has no altsetting 0
[  225.688918][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.712684][ T5802] usb 2-1: config 6 interface 189 has no altsetting 0
[  225.724355][ T5764] usb 4-1: USB disconnect, device number 18
[  225.733039][ T5802] usb 2-1: New USB device found, idVendor=eb1a, idProduct=2883, bcdDevice=3e.b5
[  225.768771][ T5802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.777083][ T9571] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1201'.
[  225.787443][ T5802] usb 2-1: Product: syz
[  225.816980][ T5802] usb 2-1: Manufacturer: syz
[  225.825894][ T5802] usb 2-1: SerialNumber: syz
[  225.848853][ T5802] usb 2-1: Interface #91 referenced by multiple IADs
[  226.111719][ T9428] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.113564][ T5802] usb 2-1: USB disconnect, device number 16
[  226.681073][ T9428] veth0_vlan: entered promiscuous mode
[  226.720579][ T9428] veth1_vlan: entered promiscuous mode
[  226.800489][ T9428] veth0_macvtap: entered promiscuous mode
[  226.827329][ T9428] veth1_macvtap: entered promiscuous mode
[  226.870787][   T27] audit: type=1326 audit(1777464510.388:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  226.901698][   T27] audit: type=1326 audit(1777464510.388:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  226.924624][   T27] audit: type=1326 audit(1777464510.418:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  226.935902][ T9428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  226.969848][   T27] audit: type=1326 audit(1777464510.418:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  226.998957][ T9428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.004199][   T27] audit: type=1326 audit(1777464510.418:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.014728][ T9428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.041837][ T5771] Bluetooth: hci0: command tx timeout
[  227.049888][   T27] audit: type=1326 audit(1777464510.468:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.051946][ T9428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.082705][   T27] audit: type=1326 audit(1777464510.468:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.090327][ T9428] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.111084][   T27] audit: type=1326 audit(1777464510.468:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.139381][ T9428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.150472][ T9428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.160416][ T9428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.171188][   T27] audit: type=1326 audit(1777464510.468:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.171194][ T9428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.171228][   T27] audit: type=1326 audit(1777464510.468:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9605 comm="syz.1.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d21d9cdd9 code=0x7ffc0000
[  227.194928][ T9428] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.277449][ T9428] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.287831][ T9428] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.297216][ T9428] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.306973][ T9428] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.573950][ T6107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.604556][ T6107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.692672][ T6101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.720005][ T6101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.231046][ T9644] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.240872][ T9644] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.252587][ T9644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.265904][ T9644] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.276417][ T9644] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.291079][ T9644] netlink: 'syz.2.1216': attribute type 5 has an invalid length.
[  228.299027][ T5764] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  228.301511][ T9644] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1216'.
[  228.318717][   T42] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  228.338911][  T786] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  228.510339][ T5764] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  228.535342][ T5764] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.541179][  T786] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  228.554663][ T5764] usb 2-1: Product: syz
[  228.563975][   T42] usb 6-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  228.565073][ T5764] usb 2-1: Manufacturer: syz
[  228.574397][   T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.583206][ T5764] usb 2-1: SerialNumber: syz
[  228.592338][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.605642][   T42] usb 6-1: Product: syz
[  228.616649][  T786] usb 4-1: Product: syz
[  228.621615][   T42] usb 6-1: Manufacturer: syz
[  228.624918][ T5764] usb 2-1: config 0 descriptor??
[  228.626223][   T42] usb 6-1: SerialNumber: syz
[  228.642341][  T786] usb 4-1: Manufacturer: syz
[  228.647001][  T786] usb 4-1: SerialNumber: syz
[  228.657633][   T42] usb 6-1: config 0 descriptor??
[  228.672446][  T786] usb 4-1: config 0 descriptor??
[  228.697026][  T786] hub 4-1:0.0: bad descriptor, ignoring hub
[  228.714157][  T786] hub: probe of 4-1:0.0 failed with error -5
[  228.877778][ T5764] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  228.903887][  T786] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  228.922680][  T786] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  228.943269][  T786] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  228.958773][  T786] usb 4-1: media controller created
[  228.996913][  T786] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  229.076158][  T786] DVB: Unable to find symbol dib7000p_attach()
[  229.085033][  T786] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  229.128224][ T9635] dib0700: tx buffer length is larger than 4. Not supported.
[  229.239053][  T786] rc_core: IR keymap rc-dib0700-rc5 not found
[  229.248254][  T786] Registered IR keymap rc-empty
[  229.275226][  T786] dvb-usb: could not initialize remote control.
[  229.291886][  T786] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  229.333857][  T786] usb 4-1: USB disconnect, device number 19
[  229.472958][  T786] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  229.918031][ T5764] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[  229.960723][ T5764] usb 2-1: USB disconnect, device number 17
[  230.115219][   T42] usb 6-1: f81604_read: reg: 200f failed: -EPROTO
[  230.158038][   T42] usb 6-1: USB disconnect, device number 2
[  230.182193][   T42] usb 6-1: f81604_read: reg: 100f failed: -ENODEV
[  230.246925][   T42] usb 6-1: f81604_read: reg: 200f failed: -ENODEV
[  230.531382][ T9689] kvm: kvm [9688]: vcpu2, guest rIP: 0x9135 Unhandled WRMSR(0x11e) = 0x0
[  231.166322][ T9707] netlink: 'syz.5.1229': attribute type 1 has an invalid length.
[  231.209715][ T9707] netlink: 'syz.5.1229': attribute type 4 has an invalid length.
[  231.239601][ T9707] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.1229'.
[  231.415562][ T9719] loop3: detected capacity change from 0 to 128
[  232.452508][ T9750] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  232.962778][ T9779] fuse: Bad value for 'fd'
[  233.167213][ T9786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1255'.
[  233.194301][ T9786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1255'.
[  233.235666][ T9786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1255'.
[  233.267788][ T9786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1255'.
[  233.277715][ T9794] fuse: Bad value for 'fd'
[  233.758786][   T42] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  233.959035][   T42] usb 6-1: Using ep0 maxpacket: 16
[  233.971365][   T42] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.990706][   T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  234.022145][   T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  234.042692][   T42] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  234.081803][ T5770] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  234.094875][   T42] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  234.129500][   T42] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  234.152908][ T5770] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  234.168681][   T42] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  234.197302][   T42] usb 6-1: Manufacturer: syz
[  234.221576][ T9797] loop3: detected capacity change from 0 to 40427
[  234.228497][   T42] usb 6-1: config 0 descriptor??
[  234.231966][ T9797] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  234.279965][ T9797] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  234.317285][ T9797] F2FS-fs (loop3): invalid crc value
[  234.554742][ T9797] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  234.563186][ T9797] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  234.588810][   T42] rc_core: IR keymap rc-hauppauge not found
[  234.594811][   T42] Registered IR keymap rc-empty
[  234.620212][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.658966][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.705749][   T42] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  234.746587][   T42] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input16
[  234.771318][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.802385][ T5762] syz-executor: attempt to access beyond end of device
[  234.802385][ T5762] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.829123][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.836901][ T5762] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  234.873974][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.919927][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  234.958791][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.016687][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.049565][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.090594][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.128999][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.183178][   T42] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  235.223175][   T42] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  235.252029][   T42] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  235.278117][   T42] usb 6-1: USB disconnect, device number 3
[  236.786079][ T9858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  237.184750][ T9858] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.195108][ T9858] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.206440][ T9858] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.215841][ T9858] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.770273][ T5752] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  237.961783][ T5752] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.983481][ T5752] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  238.011198][ T5752] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  238.020577][ T5752] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.029233][ T5752] usb 4-1: Product: syz
[  238.033523][ T5752] usb 4-1: Manufacturer: syz
[  238.036173][ T9930] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1306'.
[  238.038129][ T5752] usb 4-1: SerialNumber: syz
[  238.070294][   T42] libceph: connect (1)[c::]:6789 error -101
[  238.077382][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  238.096104][ T9926] ceph: No mds server is up or the cluster is laggy
[  238.289265][ T9905] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  238.343235][ T9939] overlayfs: failed to clone upperpath
[  238.568979][ T5771] Bluetooth: hci2: unexpected event for opcode 0x1001
[  238.911198][ T9905] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  239.137444][ T5752] cdc_ncm 4-1:1.0: failed to get mac address
[  239.235986][ T9974] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1316'.
[  239.341016][ T5752] cdc_ncm 4-1:1.0: bind() failure
[  239.360099][ T5752] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  239.366992][ T5752] cdc_ncm 4-1:1.1: bind() failure
[  239.576745][ T5770] usb 4-1: USB disconnect, device number 20
[  239.721178][ T9992] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1323'.
[  240.068895][ T5752] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  240.248878][ T5752] usb 6-1: Using ep0 maxpacket: 32
[  240.258205][ T5752] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  240.273128][ T5752] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.281325][ T5752] usb 6-1: Product: syz
[  240.285957][ T5752] usb 6-1: Manufacturer: syz
[  240.292226][ T5752] usb 6-1: SerialNumber: syz
[  240.302921][ T5752] usb 6-1: config 0 descriptor??
[  240.312469][ T5752] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  240.519060][ T5752] gspca_ov534_9: reg_w failed -71
[  240.946896][T10020] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check.
[  241.039316][ T5752] gspca_ov534_9: Unknown sensor 0000
[  241.039407][ T5752] ov534_9: probe of 6-1:0.0 failed with error -22
[  241.058088][ T5752] usb 6-1: USB disconnect, device number 4
[  241.419883][ T5752] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  241.609540][ T5752] usb 6-1: Using ep0 maxpacket: 32
[  241.622227][ T5771] Bluetooth: hci2: unexpected event for opcode 0x1002
[  241.625393][ T5752] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  241.638904][ T5752] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.646931][ T5752] usb 6-1: Product: syz
[  241.673937][ T5752] usb 6-1: Manufacturer: syz
[  241.697418][ T5752] usb 6-1: SerialNumber: syz
[  241.727928][ T5752] usb 6-1: config 0 descriptor??
[  241.750325][ T5752] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  242.684098][   T27] kauditd_printk_skb: 817 callbacks suppressed
[  242.684113][   T27] audit: type=1326 audit(2000000001.830:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  242.808763][   T27] audit: type=1326 audit(2000000001.870:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f117293e159 code=0x7ffc0000
[  242.847864][ T5752] gspca_ov534_9: reg_w failed -71
[  242.865905][   T27] audit: type=1326 audit(2000000001.870:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  242.928775][   T27] audit: type=1326 audit(2000000001.870:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f117293e159 code=0x7ffc0000
[  242.976660][   T27] audit: type=1326 audit(2000000001.870:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  243.039838][   T27] audit: type=1326 audit(2000000001.870:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f117293e159 code=0x7ffc0000
[  243.113389][   T27] audit: type=1326 audit(2000000001.870:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  243.173465][   T27] audit: type=1326 audit(2000000001.870:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  243.268762][   T27] audit: type=1326 audit(2000000001.870:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f117293e159 code=0x7ffc0000
[  243.291323][ T5752] gspca_ov534_9: Unknown sensor 0000
[  243.291386][ T5752] ov534_9: probe of 6-1:0.0 failed with error -22
[  243.345767][ T5752] usb 6-1: USB disconnect, device number 5
[  243.376768][   T27] audit: type=1326 audit(2000000001.870:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.2.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f117293e159 code=0x7ffc0000
[  243.672761][T10082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1355'.
[  243.708925][T10082] netlink: 'syz.1.1355': attribute type 25 has an invalid length.
[  243.716915][T10082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1355'.
[  244.400158][T10119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1366'.
[  245.253900][T10154] loop3: detected capacity change from 0 to 1024
[  245.262677][T10157] fuse: Bad value for 'fd'
[  245.317579][T10154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  245.389752][T10154] ext4 filesystem being mounted at /354/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.410860][T10164] fuse: Bad value for 'fd'
[  245.550232][T10154] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1374: bg 0: block 112: padding at end of block bitmap is not set
[  245.669067][T10154] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  245.696067][T10154] EXT4-fs (loop3): This should not happen!! Data will be lost
[  245.696067][T10154] 
[  245.706665][T10154] EXT4-fs (loop3): Total free blocks count 0
[  245.713716][T10154] EXT4-fs (loop3): Free/Dirty block details
[  245.721054][T10154] EXT4-fs (loop3): free_blocks=0
[  245.726172][T10154] EXT4-fs (loop3): dirty_blocks=80
[  245.731999][T10154] EXT4-fs (loop3): Block reservation details
[  245.738132][T10154] EXT4-fs (loop3): i_reserved_data_blocks=5
[  245.801284][ T3478] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[  247.978726][ T5770] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  248.168722][ T5770] usb 2-1: Using ep0 maxpacket: 8
[  248.179958][ T5770] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[  248.198398][ T5770] usb 2-1: config 2 has no interface number 0
[  248.209036][ T5770] usb 2-1: config 2 interface 31 has no altsetting 0
[  248.228105][ T5770] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  248.247815][ T5770] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.258688][ T5770] usb 2-1: Product: syz
[  248.262915][ T5770] usb 2-1: Manufacturer: syz
[  248.278004][ T5770] usb 2-1: SerialNumber: syz
[  248.928563][ T5770] ch9200: probe of 2-1:2.31 failed with error -22
[  248.953438][ T5770] usb 2-1: USB disconnect, device number 18
[  250.634416][T10294] loop3: detected capacity change from 0 to 40427
[  250.655430][T10294] F2FS-fs (loop3): Fix alignment : internally, start(4096) end(16896) block(12288)
[  250.679926][T10294] F2FS-fs (loop3): invalid crc value
[  250.695405][T10294] F2FS-fs (loop3): Found nat_bits in checkpoint
[  250.776434][T10294] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  250.814341][T10294] F2FS-fs (loop3): Try to recover all the superblocks, ret: 0
[  251.530892][  T786] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  251.735029][  T786] usb 4-1: config 10 has an invalid interface number: 32 but max is 0
[  251.747777][  T786] usb 4-1: config 10 has no interface number 0
[  251.765349][  T786] usb 4-1: config 10 interface 32 has no altsetting 0
[  251.782063][  T786] usb 4-1: New USB device found, idVendor=0ccd, idProduct=005e, bcdDevice=f1.a8
[  251.807014][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.826651][  T786] usb 4-1: Product: syz
[  251.838750][  T786] usb 4-1: Manufacturer: syz
[  251.843403][  T786] usb 4-1: SerialNumber: syz
[  252.058706][ T5764] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  252.077804][  T786] usb-storage 4-1:10.32: USB Mass Storage device detected
[  252.193975][  T786] usb 4-1: USB disconnect, device number 21
[  252.241291][ T5764] usb 2-1: config 0 has no interfaces?
[  252.250493][ T5764] usb 2-1: New USB device found, idVendor=1b5c, idProduct=0105, bcdDevice= 1.f1
[  252.264355][ T5764] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.288817][ T5764] usb 2-1: Product: syz
[  252.293063][ T5764] usb 2-1: Manufacturer: syz
[  252.312285][ T5764] usb 2-1: SerialNumber: syz
[  252.320938][ T5764] usb 2-1: config 0 descriptor??
[  252.473675][T10333] loop5: detected capacity change from 0 to 32768
[  252.548701][T10333]  loop5: p1 p3 < >
[  252.555040][  T786] usb 2-1: USB disconnect, device number 19
[  253.007826][T10354] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1420'.
[  253.057642][ T5777] udevd[5777]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  253.063059][ T5975] udevd[5975]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  253.547008][T10375] loop5: detected capacity change from 0 to 512
[  253.554777][T10377] netlink: 'syz.2.1432': attribute type 1 has an invalid length.
[  253.615883][T10375] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.654383][T10377] 8021q: adding VLAN 0 to HW filter on device bond1
[  253.702954][ T9428] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.732780][T10382] bond1: (slave syz_tun): Enslaving as a backup interface with an up link
[  253.995342][T10393] all: renamed from bridge_slave_1 (while UP)
[  254.007141][T10394] overlayfs: failed to clone upperpath
[  254.429142][T10398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1439'.
[  254.462359][T10398] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1439'.
[  254.858915][  T786] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  255.017719][T10424] loop1: detected capacity change from 0 to 1024
[  255.043668][T10424] EXT4-fs: quotafile must be on filesystem root
[  255.068783][  T786] usb 4-1: Using ep0 maxpacket: 32
[  255.089723][  T786] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  255.105215][  T786] usb 4-1: config 0 has no interface number 0
[  255.127781][  T786] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  255.145423][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.172657][  T786] usb 4-1: Product: syz
[  255.181456][  T786] usb 4-1: Manufacturer: syz
[  255.194435][  T786] usb 4-1: SerialNumber: syz
[  255.220069][  T786] usb 4-1: config 0 descriptor??
[  255.238969][  T786] smsc95xx v2.0.0
[  255.641765][  T786] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  255.658828][    T8] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  255.660923][  T786] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  255.858758][    T8] usb 2-1: Using ep0 maxpacket: 32
[  255.876125][    T8] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  255.885555][    T8] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  255.908197][    T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  255.917357][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  255.936101][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  255.948688][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  255.976579][    T8] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  255.998686][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.020245][    T8] usb 2-1: config 0 descriptor??
[  256.047127][T10457] loop5: detected capacity change from 0 to 256
[  256.062737][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  256.069259][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  256.087255][T10457] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  256.250118][    T8] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  256.281781][    T8] usb 2-1: USB disconnect, device number 20
[  256.292467][    T8] usblp0: removed
[  256.493043][  T786] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  256.513370][  T786] smsc95xx: probe of 4-1:0.67 failed with error -71
[  256.527244][  T786] usb 4-1: USB disconnect, device number 22
[  256.808911][    T8] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  256.931873][T10465] loop5: detected capacity change from 0 to 128
[  256.976143][T10465] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  256.998827][    T8] usb 2-1: Using ep0 maxpacket: 32
[  257.006446][T10465] ext4 filesystem being mounted at /57/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  257.058581][    T8] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  257.073168][    T8] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  257.119807][    T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  257.173981][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  257.201004][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  257.214773][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  257.237107][T10465] syz.5.1464 (pid 10465) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  257.247153][    T8] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  257.267530][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.287838][    T8] usb 2-1: config 0 descriptor??
[  257.347468][ T9428] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  257.474513][T10475] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  257.483056][T10475] overlayfs: failed to set xattr on upper
[  257.491352][T10475] overlayfs: ...falling back to redirect_dir=nofollow.
[  257.504017][    T8] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  257.528593][T10475] overlayfs: ...falling back to index=off.
[  257.548781][T10475] overlayfs: ...falling back to uuid=null.
[  257.554653][T10475] overlayfs: ...falling back to xino=off.
[  258.308819][    T8] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  258.539698][    T8] usb 6-1: Using ep0 maxpacket: 8
[  258.557217][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  258.587806][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  258.608138][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  258.628677][    T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  258.658739][    T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  258.684856][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.932586][ T5752] usb 2-1: USB disconnect, device number 21
[  258.941553][ T5752] usblp0: removed
[  258.954915][    T8] usb 6-1: GET_CAPABILITIES returned 0
[  258.984529][    T8] usbtmc 6-1:16.0: can't read capabilities
[  259.215819][ T5802] usb 6-1: USB disconnect, device number 6
[  259.351790][T10509] 9pnet_fd: Insufficient options for proto=fd
[  259.643782][T10517] netlink: 'syz.1.1484': attribute type 39 has an invalid length.
[  259.807418][T10524] overlayfs: failed to clone upperpath
[  259.983434][T10526] serio: Serial port ttyprintk
[  261.096133][T10568] 9pnet: p9_errstr2errno: server reported unknown error �1 %�;Z������Ey?�n�f`H�	�lڙ�L5Gj?�ѧT?��BN�xݞ
[  261.281701][T10576] loop3: detected capacity change from 0 to 16
[  261.311290][T10576] erofs: (device loop3): mounted with root inode @ nid 36.
[  262.043040][T10579] loop3: detected capacity change from 0 to 32768
[  262.109467][T10579] Dev loop3 SGI disklabel: csum bad, label corrupted
[  262.159044][    T8] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  262.225007][   T27] kauditd_printk_skb: 143 callbacks suppressed
[  262.225022][   T27] audit: type=1326 audit(2000000021.370:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10592 comm="syz.3.1510" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f94e559cdd9 code=0x0
[  262.362360][    T8] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  262.372463][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.383038][    T8] usb 6-1: config 0 descriptor??
[  263.314708][T10540] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  263.750141][T10608] loop1: detected capacity change from 0 to 2048
[  263.791662][T10608] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  263.810205][    T8] usb 6-1: Cannot set autoneg
[  263.837078][    T8] MOSCHIP usb-ethernet driver: probe of 6-1:0.0 failed with error -71
[  263.854736][   T27] audit: type=1800 audit(2000000023.000:1074): pid=10608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1515" name="file1" dev="loop1" ino=1415 res=0 errno=0
[  263.854757][    T8] usb 6-1: USB disconnect, device number 7
[  263.929245][   T27] audit: type=1800 audit(2000000023.040:1075): pid=10608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1515" name="file1" dev="loop1" ino=1415 res=0 errno=0
[  264.833460][T10642] loop5: detected capacity change from 0 to 2048
[  264.897152][T10642] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  264.997562][   T27] audit: type=1800 audit(2000000024.140:1076): pid=10642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1528" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  265.095337][   T27] audit: type=1800 audit(2000000024.140:1077): pid=10642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1528" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  265.297859][T10659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1534'.
[  265.321337][T10659] hsr_slave_0: left promiscuous mode
[  265.327810][T10659] hsr_slave_1: left promiscuous mode
[  266.182585][T10690] loop1: detected capacity change from 0 to 8192
[  266.225720][T10690] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  266.276817][T10690] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  266.313301][T10690] REISERFS (device loop1): using ordered data mode
[  266.321394][T10690] reiserfs: using flush barriers
[  266.330542][T10690] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  266.347960][T10690] REISERFS (device loop1): checking transaction log (loop1)
[  266.393811][T10690] REISERFS (device loop1): Using r5 hash to sort names
[  266.413856][T10690] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  266.509523][   T27] audit: type=1804 audit(2000000025.650:1078): pid=10690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1547" name="/newroot/386/file0/bus" dev="loop1" ino=2 res=1 errno=0
[  267.135120][T10711] loop5: detected capacity change from 0 to 1024
[  267.619950][T10731] loop1: detected capacity change from 0 to 128
[  267.707978][T10731] syz.1.1565: attempt to access beyond end of device
[  267.707978][T10731] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128
[  267.795807][T10731] syz.1.1565: attempt to access beyond end of device
[  267.795807][T10731] loop1: rw=2049, sector=138, nr_sectors = 2 limit=128
[  268.095234][T10749] loop5: detected capacity change from 0 to 1024
[  268.149243][T10753] netlink: 'syz.2.1574': attribute type 12 has an invalid length.
[  268.173725][T10753] netlink: 'syz.2.1574': attribute type 29 has an invalid length.
[  268.204956][T10753] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1574'.
[  268.220030][T10753] netlink: 'syz.2.1574': attribute type 2 has an invalid length.
[  268.228124][T10753] netlink: 'syz.2.1574': attribute type 3 has an invalid length.
[  268.236784][T10753] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1574'.
[  268.385399][   T27] audit: type=1800 audit(2000000027.530:1079): pid=10749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1572" name="bus" dev="loop5" ino=26 res=0 errno=0
[  268.491794][T10749] syz.5.1572: attempt to access beyond end of device
[  268.491794][T10749] loop5: rw=34817, sector=1028, nr_sectors = 8 limit=1024
[  268.685541][ T6204] hfsplus: b-tree write err: -5, ino 25
[  268.692663][ T6204] hfsplus: b-tree write err: -5, ino 4
[  268.698264][ T6204] hfsplus: b-tree write err: -5, ino 2
[  268.705049][ T6204] hfsplus: b-tree write err: -5, ino 26
[  268.716052][ T6204] hfsplus: b-tree write err: -5, ino 27
[  268.930168][  T786] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  269.128722][  T786] usb 4-1: Using ep0 maxpacket: 8
[  269.147356][  T786] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  269.176925][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.188694][  T786] usb 4-1: Product: syz
[  269.192915][  T786] usb 4-1: Manufacturer: syz
[  269.207736][  T786] usb 4-1: SerialNumber: syz
[  269.233250][  T786] usb 4-1: config 0 descriptor??
[  269.460858][T10790] loop1: detected capacity change from 0 to 512
[  269.467751][  T786] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  269.706504][  T786] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  269.733134][  T786] usb 4-1: USB disconnect, device number 23
[  269.904267][T10801] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1591'.
[  269.916309][T10798] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1591'.
[  270.249583][    T8] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  270.440458][    T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  270.450801][    T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  270.461658][    T8] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  270.470852][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  270.479115][    T8] usb 2-1: SerialNumber: syz
[  270.528899][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  270.696997][    T8] usb 2-1: 0:2 : does not exist
[  270.709260][    T9] usb 4-1: Using ep0 maxpacket: 8
[  270.719398][    T8] usb 2-1: USB disconnect, device number 22
[  270.732598][    T9] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  270.741466][    T9] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  270.762959][    T9] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  270.781427][    T9] usb 4-1: config 250 has no interface number 0
[  270.787842][    T9] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  270.803409][    T9] usb 4-1: config 250 interface 228 has no altsetting 0
[  270.816026][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  270.825478][    T9] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  270.836793][    T9] usb 4-1: Product: syz
[  270.841041][    T9] usb 4-1: SerialNumber: syz
[  270.851888][    T9] hub 4-1:250.228: bad descriptor, ignoring hub
[  270.858188][    T9] hub: probe of 4-1:250.228 failed with error -5
[  271.067928][    T9] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 24 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  271.480257][T10821] loop5: detected capacity change from 0 to 2048
[  271.505046][T10821] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  271.676012][ T9428] UDF-fs: error (device loop5): udf_read_inode: (ino 1345) failed !bh
[  271.695725][ T9428] UDF-fs: error (device loop5): udf_read_inode: (ino 1345) failed !bh
[  271.766794][T10805] usb 4-1: reset high-speed USB device number 24 using dummy_hcd
[  271.905861][T10831] fuse: Bad value for 'fd'
[  272.162189][ T6108] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.225869][    C1] usblp0: nonzero read bulk status received: -71
[  272.294018][ T6108] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.406429][ T6108] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.464258][ T5802] usb 4-1: USB disconnect, device number 24
[  272.476956][ T5802] usblp0: removed
[  272.554947][ T6108] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.753764][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  272.769583][ T5082] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  272.782566][ T5082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  272.799255][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  272.817155][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  272.827515][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  273.108039][T10857] io-wq is not configured for unbound workers
[  274.207593][T10847] chnl_net:caif_netlink_parms(): no params data found
[  274.712022][T10925] loop3: detected capacity change from 0 to 8192
[  274.777578][T10925] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  274.807859][T10847] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.833315][T10925] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  274.843490][T10847] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.852858][T10847] bridge_slave_0: entered allmulticast mode
[  274.860156][T10847] bridge_slave_0: entered promiscuous mode
[  274.872237][T10925] REISERFS (device loop3): using ordered data mode
[  274.891327][T10847] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.911665][T10925] reiserfs: using flush barriers
[  274.918561][T10925] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  274.924090][T10847] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.935739][ T5082] Bluetooth: hci0: command tx timeout
[  274.947343][T10847] bridge_slave_1: entered allmulticast mode
[  274.956078][T10925] REISERFS (device loop3): checking transaction log (loop3)
[  274.966455][T10847] bridge_slave_1: entered promiscuous mode
[  274.968869][T10925] REISERFS (device loop3): Using r5 hash to sort names
[  274.991782][T10925] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  275.055330][T10847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  275.085259][T10847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  275.129721][ T6108] hsr_slave_0: left promiscuous mode
[  275.136427][ T6108] hsr_slave_1: left promiscuous mode
[  275.144996][ T6108] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.152887][   T27] audit: type=1804 audit(2000000034.300:1080): pid=10925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1624" name="/newroot/404/file0/bus" dev="loop3" ino=2 res=1 errno=0
[  275.173926][    C1] vkms_vblank_simulate: vblank timer overrun
[  275.182321][ T6108] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.191552][ T6108] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.199883][ T6108] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.207571][ T6108] bridge_slave_1: left allmulticast mode
[  275.214529][ T6108] bridge_slave_1: left promiscuous mode
[  275.222937][ T6108] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.236753][ T6108] bridge_slave_0: left allmulticast mode
[  275.244917][ T6108] bridge_slave_0: left promiscuous mode
[  275.253739][ T6108] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.309293][ T6108] veth1_macvtap: left promiscuous mode
[  275.314861][ T6108] veth0_macvtap: left promiscuous mode
[  275.326264][ T6108] veth1_vlan: left promiscuous mode
[  275.345764][ T6108] veth0_vlan: left promiscuous mode
[  275.493431][T10938] fuse: Bad value for 'fd'
[  275.902859][ T5770] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  276.102019][ T5770] usb 4-1: Using ep0 maxpacket: 8
[  276.135262][ T5770] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  276.145598][ T5770] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  276.154608][ T5770] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  276.165898][ T5770] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  276.189973][ T5770] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  276.204769][ T5770] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.222911][ T5770] hub 4-1:1.0: bad descriptor, ignoring hub
[  276.245309][ T5770] hub: probe of 4-1:1.0 failed with error -5
[  276.254745][ T5770] cdc_wdm 4-1:1.0: skipping garbage
[  276.260217][ T5770] cdc_wdm 4-1:1.0: skipping garbage
[  276.281725][ T5770] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  276.289691][ T5770] cdc_wdm 4-1:1.0: Unknown control protocol
[  276.461535][ T6108] team0 (unregistering): Port device team_slave_1 removed
[  276.542753][ T6108] team0 (unregistering): Port device team_slave_0 removed
[  276.608183][ T6108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  276.671929][ T6108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  276.837488][T10944] usb 4-1: reset high-speed USB device number 25 using dummy_hcd
[  277.017762][ T5082] Bluetooth: hci0: command tx timeout
[  277.122016][ T6108] bond0 (unregistering): Released all slaves
[  277.263287][T10847] team0: Port device team_slave_0 added
[  277.291104][T10847] team0: Port device team_slave_1 added
[  277.326545][T10847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.351807][T10847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.377744][    C1] vkms_vblank_simulate: vblank timer overrun
[  277.388162][T10847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.424657][  T786] usb 4-1: USB disconnect, device number 25
[  277.456691][T10954] netlink: 'syz.2.1636': attribute type 1 has an invalid length.
[  277.522406][T10954] 8021q: adding VLAN 0 to HW filter on device bond2
[  277.541495][T10847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.548576][T10847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.575439][T10847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.637707][T10957] ip_vti0: entered promiscuous mode
[  277.679210][T10847] hsr_slave_0: entered promiscuous mode
[  277.700325][T10847] hsr_slave_1: entered promiscuous mode
[  278.174168][T10847] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  278.218710][T10847] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  278.254832][T10847] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  278.276733][T10847] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  278.524575][T10847] 8021q: adding VLAN 0 to HW filter on device bond0
[  278.567069][T10847] 8021q: adding VLAN 0 to HW filter on device team0
[  278.610470][ T6101] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.617626][ T6101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.657079][ T6101] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.664454][ T6101] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.887693][T11001] ip6erspan0: entered allmulticast mode
[  279.090680][ T5082] Bluetooth: hci0: command tx timeout
[  279.154865][T10847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.572358][T10847] veth0_vlan: entered promiscuous mode
[  279.621464][T10847] veth1_vlan: entered promiscuous mode
[  279.720635][T10847] veth0_macvtap: entered promiscuous mode
[  279.741316][T10847] veth1_macvtap: entered promiscuous mode
[  279.772514][T10847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  279.783539][T10847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.794993][T10847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  279.828917][T10847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.850370][T10847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  279.871226][T10847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  279.904366][T10847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.940081][T10847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  279.976141][T10847] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  280.003431][T10847] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  280.022021][T10847] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  280.050936][T10847] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  280.422970][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.449675][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.542786][ T6107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.564527][ T6107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.786883][T11053] fuse: Bad value for 'fd'
[  280.940143][T11058] IPv4: Oversized IP packet from 172.20.20.24
[  280.947994][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  280.954892][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  281.168910][ T5082] Bluetooth: hci0: command tx timeout
[  281.242317][T11070] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1658'.
[  281.650197][T11086] loop6: detected capacity change from 0 to 128
[  281.756993][T11086] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  281.774141][T11088] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1664'.
[  281.797999][T11086] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  281.814808][T11088] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1664'.
[  281.848793][T11086] fscrypt: key with descriptor e8dab99234bb312e is too short (got 16 bytes, need 32+ bytes)
[  281.859785][T11086] fscrypt: key with descriptor e8dab99234bb312e is too short (got 16 bytes, need 32+ bytes)
[  281.925090][T10847] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  283.889622][T11184] netlink: 'syz.6.1687': attribute type 10 has an invalid length.
[  283.954710][T11184] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  284.367074][T11199] netlink: 372 bytes leftover after parsing attributes in process `syz.2.1693'.
[  284.876824][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1698'.
[  284.945603][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1698'.
[  285.906147][T11247] netlink: 'syz.1.1710': attribute type 10 has an invalid length.
[  285.967780][T11247] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  286.219969][T11263] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1716'.
[  286.295265][T11265] loop1: detected capacity change from 0 to 8192
[  286.351443][T11265]  loop1: p1 p2 p3 p4
[  286.352351][T11270] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1719'.
[  286.355495][T11265] loop1: partition table partially beyond EOD, 
[  286.373390][T11270] gretap0: entered promiscuous mode
[  286.387472][T11265] truncated
[  286.400627][T11265] loop1: p1 start 16777216 is beyond EOD, truncated
[  286.406597][T11270] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1719'.
[  286.407255][T11265] loop1: p2 start 268435456 is beyond EOD, 
[  286.430344][T11270] 0��{X��: renamed from gretap0
[  286.448228][T11265] truncated
[  286.462885][T11265] loop1: p4 size 33554432 extends beyond EOD, truncated
[  286.477680][T11270] 0��{X��: left promiscuous mode
[  286.486488][T11270] 0��{X��: entered allmulticast mode
[  286.496993][T11270] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  286.768899][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  286.811017][ T5975] udevd[5975]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  286.829885][ T5755] udevd[5755]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  286.894781][T11288] batadv0: entered promiscuous mode
[  286.910052][T11288] dummy0: entered promiscuous mode
[  286.916018][T11288] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  286.925419][T11288] Cannot create hsr debugfs directory
[  286.931993][T11288] hsr1: entered promiscuous mode
[  286.937052][T11288] hsr1: entered allmulticast mode
[  286.942610][T11288] batadv0: entered allmulticast mode
[  286.948975][T11288] dummy0: entered allmulticast mode
[  286.969781][T11291] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1728'.
[  286.978393][T11289] loop6: detected capacity change from 0 to 2048
[  287.000906][T11289] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  287.200310][T11295] netlink: 'syz.6.1730': attribute type 1 has an invalid length.
[  287.233007][T11297] fuse: Bad value for 'fd'
[  287.335810][T11299] fuse: Bad value for 'fd'
[  288.592112][T11333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1746'.
[  288.609057][T11333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1746'.
[  288.630243][T11333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1746'.
[  288.648853][T11333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1746'.
[  288.794474][T11342] tipc: Failed to remove unknown binding: 66,1,1/0:445465742/445465744
[  288.806019][T11342] tipc: Failed to remove unknown binding: 66,1,1/0:445465742/445465744
[  290.880388][T11400] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.899536][T11400] bridge_slave_1: left allmulticast mode
[  290.916981][T11400] bridge_slave_1: left promiscuous mode
[  290.924570][T11400] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.961001][T11400] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  291.261899][T11410] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1771'.
[  291.312402][T11410] gretap0: entered promiscuous mode
[  291.373276][T11410] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1771'.
[  291.409107][T11410] 0��{X��: renamed from gretap0
[  291.435171][T11410] 0��{X��: left promiscuous mode
[  291.449093][T11410] 0��{X��: entered allmulticast mode
[  291.462671][T11410] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  291.575472][T11377] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1760'.
[  293.170631][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  293.360759][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  293.386624][    T9] usb 2-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40
[  293.397057][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.408272][    T9] usb 2-1: Product: syz
[  293.413027][    T9] usb 2-1: Manufacturer: syz
[  293.417642][    T9] usb 2-1: SerialNumber: syz
[  294.151091][T11493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1804'.
[  294.635376][    T9] usb 2-1: current rate 56204 is different from the runtime rate 48000
[  294.871163][    T9] usb 2-1: USB disconnect, device number 23
[  295.491788][T11529] 9pnet: p9_errstr2errno: server reported unknown error lt trusted:syz 00000000000000003724
[  295.566419][T11531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1815'.
[  297.162666][T11590] FAULT_FLAG_ALLOW_RETRY missing 801
[  297.208799][T11590] CPU: 1 PID: 11590 Comm: syz.1.1831 Not tainted syzkaller #0
[  297.216335][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  297.226433][T11590] Call Trace:
[  297.229752][T11590]  <TASK>
[  297.232703][T11590]  dump_stack_lvl+0x18c/0x250
[  297.237420][T11590]  ? show_regs_print_info+0x20/0x20
[  297.242658][T11590]  ? load_image+0x420/0x420
[  297.247207][T11590]  ? assert_fault_locked+0x17f/0x3a0
[  297.252546][T11590]  handle_userfault+0x1139/0x1300
[  297.257688][T11590]  ? userfaultfd_wp_unpopulated+0xa0/0xa0
[  297.263537][T11590]  ? do_raw_spin_unlock+0x121/0x230
[  297.268790][T11590]  ? free_unref_page+0x190/0x2e0
[  297.273774][T11590]  handle_mm_fault+0x3ef2/0x4c00
[  297.278747][T11590]  ? handle_mm_fault+0xe7/0x4c00
[  297.283727][T11590]  ? numa_migrate_prep+0x350/0x350
[  297.288863][T11590]  ? follow_page_pte+0x6dd/0x1ac0
[  297.293928][T11590]  ? pmd_lock+0x60/0x60
[  297.298128][T11590]  __get_user_pages+0x5d0/0x1380
[  297.303103][T11590]  ? khugepaged_enter_vma+0x114/0x120
[  297.308529][T11590]  ? populate_vma_page_range+0x380/0x380
[  297.314220][T11590]  populate_vma_page_range+0x2c1/0x380
[  297.319721][T11590]  ? fixup_user_fault+0x700/0x700
[  297.324780][T11590]  ? vma_set_page_prot+0x12e/0x3e0
[  297.329937][T11590]  mprotect_fixup+0x981/0xca0
[  297.334657][T11590]  ? change_protection+0x3200/0x3200
[  297.339978][T11590]  ? apparmor_file_mprotect+0xfe/0x120
[  297.345476][T11590]  ? bpf_lsm_file_mprotect+0x9/0x10
[  297.350716][T11590]  do_mprotect_pkey+0x7c2/0xcb0
[  297.355616][T11590]  ? prot_none_test+0x10/0x10
[  297.360348][T11590]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  297.366380][T11590]  __x64_sys_mprotect+0x80/0x90
[  297.371273][T11590]  do_syscall_64+0x55/0xa0
[  297.375719][T11590]  ? clear_bhb_loop+0x40/0x90
[  297.380428][T11590]  ? clear_bhb_loop+0x40/0x90
[  297.385145][T11590]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  297.391071][T11590] RIP: 0033:0x7f3d21d9cdd9
[  297.395528][T11590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  297.415163][T11590] RSP: 002b:00007f3d22d12028 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  297.423613][T11590] RAX: ffffffffffffffda RBX: 00007f3d22015fa0 RCX: 00007f3d21d9cdd9
[  297.431631][T11590] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000
[  297.439687][T11590] RBP: 00007f3d21e32d69 R08: 0000000000000000 R09: 0000000000000000
[  297.447692][T11590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  297.455698][T11590] R13: 00007f3d22016038 R14: 00007f3d22015fa0 R15: 00007fff77040cb8
[  297.463732][T11590]  </TASK>
[  298.783755][T11635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1841'.
[  299.030950][T11645] fuse: Bad value for 'fd'
[  299.243015][T11649] geneve3: entered promiscuous mode
[  300.678772][ T5764] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  300.876467][ T5764] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  300.916269][ T5764] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.958728][ T5764] usb 2-1: Product: syz
[  300.969010][ T5764] usb 2-1: Manufacturer: syz
[  300.978073][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1861'.
[  300.987366][ T5764] usb 2-1: SerialNumber: syz
[  301.028744][ T5764] usb 2-1: config 0 descriptor??
[  301.034769][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1861'.
[  301.049960][ T5764] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  301.319391][T11705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1862'.
[  301.434957][T11705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1862'.
[  301.901914][T11719] netlink: 'syz.6.1865': attribute type 1 has an invalid length.
[  302.059859][T11721] bond1: (slave bridge1): making interface the new active one
[  302.101907][T11721] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  302.448673][ T5764] gspca_sunplus: reg_w_riv err -71
[  302.454176][ T5764] sunplus: probe of 2-1:0.0 failed with error -71
[  302.483700][ T5764] usb 2-1: USB disconnect, device number 24
[  302.907769][   T27] audit: type=1326 audit(2000000062.050:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  302.933570][   T27] audit: type=1326 audit(2000000062.050:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.022666][   T27] audit: type=1326 audit(2000000062.090:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.117756][   T27] audit: type=1326 audit(2000000062.090:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.172043][   T27] audit: type=1326 audit(2000000062.110:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.241621][   T27] audit: type=1326 audit(2000000062.110:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.271603][T11760] netlink: 'syz.1.1875': attribute type 1 has an invalid length.
[  303.292050][T11760] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1875'.
[  303.312223][   T27] audit: type=1326 audit(2000000062.110:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.337629][T11763] FAULT_FLAG_ALLOW_RETRY missing 801
[  303.350116][T11760] netlink: 'syz.1.1875': attribute type 1 has an invalid length.
[  303.360643][T11763] CPU: 1 PID: 11763 Comm: syz.6.1878 Not tainted syzkaller #0
[  303.368179][T11763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  303.378281][T11763] Call Trace:
[  303.381583][T11763]  <TASK>
[  303.384543][T11763]  dump_stack_lvl+0x18c/0x250
[  303.389264][T11763]  ? show_regs_print_info+0x20/0x20
[  303.393115][   T27] audit: type=1326 audit(2000000062.110:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.394477][T11763]  ? load_image+0x420/0x420
[  303.421501][T11763]  ? assert_fault_locked+0x17f/0x3a0
[  303.426822][T11763]  handle_userfault+0x1139/0x1300
[  303.431889][T11763]  ? userfaultfd_wp_unpopulated+0xa0/0xa0
[  303.437798][T11763]  ? do_raw_spin_unlock+0x121/0x230
[  303.443003][T11763]  ? free_unref_page+0x190/0x2e0
[  303.447952][T11763]  handle_mm_fault+0x3ef2/0x4c00
[  303.452898][T11763]  ? handle_mm_fault+0xe7/0x4c00
[  303.457840][T11763]  ? numa_migrate_prep+0x350/0x350
[  303.462944][T11763]  ? follow_page_pte+0x6dd/0x1ac0
[  303.467974][T11763]  ? pmd_lock+0x60/0x60
[  303.472133][T11763]  __get_user_pages+0x5d0/0x1380
[  303.477069][T11763]  ? khugepaged_enter_vma+0x114/0x120
[  303.482455][T11763]  ? populate_vma_page_range+0x380/0x380
[  303.488095][T11763]  populate_vma_page_range+0x2c1/0x380
[  303.493554][T11763]  ? fixup_user_fault+0x700/0x700
[  303.498581][T11763]  ? vma_set_page_prot+0x12e/0x3e0
[  303.503697][T11763]  mprotect_fixup+0x981/0xca0
[  303.508380][T11763]  ? change_protection+0x3200/0x3200
[  303.513676][T11763]  ? apparmor_file_mprotect+0xfe/0x120
[  303.519137][T11763]  ? bpf_lsm_file_mprotect+0x9/0x10
[  303.524334][T11763]  do_mprotect_pkey+0x7c2/0xcb0
[  303.529203][T11763]  ? prot_none_test+0x10/0x10
[  303.533886][T11763]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  303.539878][T11763]  __x64_sys_mprotect+0x80/0x90
[  303.544734][T11763]  do_syscall_64+0x55/0xa0
[  303.549146][T11763]  ? clear_bhb_loop+0x40/0x90
[  303.553839][T11763]  ? clear_bhb_loop+0x40/0x90
[  303.558516][T11763]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  303.564402][T11763] RIP: 0033:0x7f9e6919cdd9
[  303.568812][T11763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  303.588423][T11763] RSP: 002b:00007f9e69ff0028 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  303.597013][T11763] RAX: ffffffffffffffda RBX: 00007f9e69415fa0 RCX: 00007f9e6919cdd9
[  303.604977][T11763] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000
[  303.612948][T11763] RBP: 00007f9e69232d69 R08: 0000000000000000 R09: 0000000000000000
[  303.620939][T11763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  303.628903][T11763] R13: 00007f9e69416038 R14: 00007f9e69415fa0 R15: 00007ffc32cfa168
[  303.636886][T11763]  </TASK>
[  303.649259][T11760] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1875'.
[  303.692577][   T27] audit: type=1326 audit(2000000062.110:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11748 comm="syz.2.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x7ffc0000
[  303.807295][T11773] fuse: Bad value for 'fd'
[  306.162266][T11869] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1908'.
[  306.828794][ T5752] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  307.060224][ T5752] usb 2-1: Using ep0 maxpacket: 32
[  307.077266][ T5752] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  307.100688][ T5752] usb 2-1: config 0 has no interface number 0
[  307.119301][ T5752] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  307.161993][ T5752] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  307.189262][ T5752] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.197867][ T5752] usb 2-1: Product: syz
[  307.218777][ T5752] usb 2-1: Manufacturer: syz
[  307.228753][ T5752] usb 2-1: SerialNumber: syz
[  307.239927][ T5752] usb 2-1: config 0 descriptor??
[  307.247234][T11880] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  307.505066][T11880] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  307.893923][T11922] loop6: detected capacity change from 0 to 256
[  308.749363][ T5752] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  308.773309][ T5752] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  308.803865][   T27] kauditd_printk_skb: 24 callbacks suppressed
[  308.803880][   T27] audit: type=1326 audit(2000000067.950:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  308.838915][ T5752] asix: probe of 2-1:0.188 failed with error -71
[  308.864299][ T5752] usb 2-1: USB disconnect, device number 25
[  308.873849][   T27] audit: type=1326 audit(2000000067.990:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  308.963792][   T27] audit: type=1326 audit(2000000067.990:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.029199][   T27] audit: type=1326 audit(2000000067.990:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.072968][   T27] audit: type=1326 audit(2000000067.990:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.095422][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.130382][   T27] audit: type=1326 audit(2000000068.010:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.164507][   T27] audit: type=1326 audit(2000000068.010:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.220669][   T27] audit: type=1326 audit(2000000068.010:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.243157][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.253558][   T27] audit: type=1326 audit(2000000068.010:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  309.275860][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.283293][   T27] audit: type=1326 audit(2000000068.010:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7ffc0000
[  310.646718][T12010] loop6: detected capacity change from 0 to 1024
[  310.668643][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880261eb000: rx timeout, send abort
[  310.677277][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880261eb000: 0x20000: (3) A timeout occurred and this is the connection abort to close the session.
[  310.696234][T12010] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.800042][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.566255][T12047] netlink: 'syz.3.1982': attribute type 11 has an invalid length.
[  311.694678][T12055] netlink: 'syz.3.1985': attribute type 10 has an invalid length.
[  311.705359][T12055] netlink: 'syz.3.1985': attribute type 10 has an invalid length.
[  312.284401][T12082] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1997'.
[  312.461200][T12090] loop6: detected capacity change from 0 to 512
[  312.664497][T12098] loop1: detected capacity change from 0 to 128
[  312.677126][T12098] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  312.690378][T12090] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.742923][T12098] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  312.792486][T12090] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.840080][T12098] ext2 filesystem being mounted at /471/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.960764][T12090] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  313.127151][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.174231][ T5763] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  313.870535][T12122] loop1: detected capacity change from 0 to 512
[  313.884154][T12122] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  313.962736][T12122] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.2010: Unimplemented hash flags: 0x0001
[  314.013612][T12122] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2010: Corrupt directory, running e2fsck is recommended
[  314.082163][T12122] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.2010: Unimplemented hash flags: 0x0001
[  314.112063][T12122] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2010: Corrupt directory, running e2fsck is recommended
[  314.130410][T12122] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.2010: Unimplemented hash flags: 0x0001
[  314.158193][T12122] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2010: Corrupt directory, running e2fsck is recommended
[  314.188880][T12122] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.2010: Unimplemented hash flags: 0x0001
[  314.213507][T12122] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2010: Corrupt directory, running e2fsck is recommended
[  314.240154][T12129] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.2010: Unimplemented hash flags: 0x0001
[  314.257275][T12129] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2010: Corrupt directory, running e2fsck is recommended
[  314.320336][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.748790][   T42] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  314.928829][   T27] kauditd_printk_skb: 10 callbacks suppressed
[  314.928843][   T27] audit: type=1326 audit(2000000074.070:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.2027" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x0
[  314.969992][   T42] usb 2-1: unable to get BOS descriptor or descriptor too short
[  314.985962][   T42] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  314.996853][   T42] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  315.011514][   T42] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30
[  315.024916][   T42] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188
[  315.042970][   T42] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  315.053979][   T42] usb 2-1: config 1 interface 1 has no altsetting 0
[  315.068453][   T42] usb 2-1: string descriptor 0 read error: -22
[  315.075891][   T42] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40
[  315.097323][   T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.354658][ T5764] usb 2-1: USB disconnect, device number 26
[  316.698194][T12189] fuse: Bad value for 'fd'
[  317.038264][T12195] netlink: 3 bytes leftover after parsing attributes in process `syz.6.2037'.
[  317.345887][T12207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2044'.
[  317.368858][T12207] bridge_slave_1: left allmulticast mode
[  317.374562][T12207] bridge_slave_1: left promiscuous mode
[  317.385682][T12207] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.400362][T12207] bridge_slave_0: left allmulticast mode
[  317.406175][T12207] bridge_slave_0: left promiscuous mode
[  317.421181][T12207] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.497525][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  317.505622][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  318.197913][T12240] 9pnet: p9_errstr2errno: server reported unknown error ��n$�[
[  318.197913][T12240] �8�S?R��7�)�̇
[  318.761447][T12253] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2061'.
[  320.671013][ T5752] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  320.749644][T12338] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  320.889684][ T5752] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  320.908949][ T5752] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.917943][ T5752] usb 2-1: Product: syz
[  320.927738][ T5752] usb 2-1: Manufacturer: syz
[  320.933362][ T5752] usb 2-1: SerialNumber: syz
[  321.151907][ T5752] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  321.174195][ T5752] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  321.192812][ T6204] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x25
[  321.924966][T12343] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  322.018744][ T5752] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -71
[  322.039274][ T5752] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  322.061248][ T5752] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  322.083594][ T5752] lan78xx: probe of 2-1:1.0 failed with error -71
[  322.110662][ T5752] usb 2-1: USB disconnect, device number 27
[  322.406251][T12369] fuse: Bad value for 'fd'
[  322.924143][T12391] loop6: detected capacity change from 0 to 16
[  322.949953][T12391] erofs: (device loop6): mounted with root inode @ nid 36.
[  323.004807][T12393] overlayfs: failed to clone upperpath
[  323.055401][T12391] erofs: (device loop6): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46
[  323.067548][T12391] erofs: (device loop6): erofs_readdir: fail to readdir of logical block 4294967295 of nid 46
[  323.186424][T12400] overlayfs: failed to clone upperpath
[  323.194443][T12400] overlayfs: failed to clone upperpath
[  323.599782][   T27] audit: type=1326 audit(2000000082.750:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.3.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7fc00000
[  323.623649][T12381] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  323.639283][   T27] audit: type=1326 audit(2000000082.750:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.3.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f94e559cdd9 code=0x7fc00000
[  323.684308][   T27] audit: type=1326 audit(2000000082.750:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.3.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94e559cdd9 code=0x7fc00000
[  324.031046][T12434] fuse: Bad value for 'fd'
[  325.200869][   T42] IPVS: starting estimator thread 0...
[  325.308876][T12467] IPVS: using max 20 ests per chain, 48000 per kthread
[  326.048342][T12482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2141'.
[  326.063264][T12482] bridge_slave_1: left allmulticast mode
[  326.069165][T12482] bridge_slave_1: left promiscuous mode
[  326.075099][T12482] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.090942][T12482] bridge_slave_0: left allmulticast mode
[  326.096681][T12482] bridge_slave_0: left promiscuous mode
[  326.106858][T12482] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.579363][T12534] loop1: detected capacity change from 0 to 32768
[  327.591313][T12534] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.2162 (12534)
[  327.607586][T12534] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  327.620180][T12534] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  327.629351][T12534] BTRFS info (device loop1): using free space tree
[  327.684306][T12534] BTRFS info (device loop1): enabling ssd optimizations
[  327.694206][T12534] BTRFS info (device loop1): auto enabling async discard
[  327.753743][ T5763] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  328.008473][ T5975] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop1 scanned by udevd (5975)
[  328.306220][T12472] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  328.464740][T12559] loop1: detected capacity change from 0 to 512
[  328.632537][T12559] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2165: invalid indirect mapped block 256 (level 2)
[  328.666508][T12559] EXT4-fs (loop1): 2 truncates cleaned up
[  328.678217][T12559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.816238][T12567] loop6: detected capacity change from 0 to 8192
[  328.937700][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.132412][T12581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2170'.
[  329.154173][T12581] bridge_slave_1: left allmulticast mode
[  329.168059][T12581] bridge_slave_1: left promiscuous mode
[  329.186050][T12581] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.221240][T12581] bridge_slave_0: left allmulticast mode
[  329.227071][T12581] bridge_slave_0: left promiscuous mode
[  329.244369][T12581] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.989696][T12598] loop1: detected capacity change from 0 to 2048
[  331.066449][T12598] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  331.084869][T12598] ext4 filesystem being mounted at /508/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.255478][ T5763] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /508/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[  331.309985][ T5763] EXT4-fs (loop1): Remounting filesystem read-only
[  331.432753][ T7336] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.502303][   T27] audit: type=1804 audit(2000000090.620:1138): pid=12620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2188" name="/newroot/562/file0/file1" dev="overlay" ino=3002 res=1 errno=0
[  331.607687][T12622] loop6: detected capacity change from 0 to 4096
[  331.629800][T12622] EXT4-fs: inline encryption not supported
[  331.668574][T12622] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103]
[  331.688956][T12622] System zones: 0-5
[  331.701574][T12622] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  331.973384][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.499587][ T6107] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  332.515222][ T6107] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.763428][ T6107] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  332.801638][ T6107] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.940175][ T6107] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  332.960748][ T6107] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.191062][ T6107] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  333.215153][ T6107] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.490921][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  333.505169][ T5771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  333.515384][ T5771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  333.548265][ T5771] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  333.565815][ T5771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  333.576493][ T5771] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  334.651408][T12699] fuse: Bad value for 'fd'
[  334.781129][T12659] chnl_net:caif_netlink_parms(): no params data found
[  334.814117][T12706] fuse: Bad value for 'fd'
[  335.403309][T12659] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.421735][T12659] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.431339][T12659] bridge_slave_0: entered allmulticast mode
[  335.453600][T12659] bridge_slave_0: entered promiscuous mode
[  335.534887][ T6107] bond0: (slave wlan1): Releasing backup interface
[  335.581540][T12659] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.596339][T12659] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.607810][T12659] bridge_slave_1: entered allmulticast mode
[  335.617970][T12659] bridge_slave_1: entered promiscuous mode
[  335.650575][ T5771] Bluetooth: hci3: command tx timeout
[  335.897696][T12659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  335.931966][T12659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  335.976072][ T6107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  335.997669][ T6107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  336.035125][ T6107] veth1_macvtap: left promiscuous mode
[  336.041039][ T6107] veth0_macvtap: left promiscuous mode
[  336.046636][ T6107] veth1_vlan: left promiscuous mode
[  336.052757][ T6107] veth0_vlan: left promiscuous mode
[  336.345913][ T6107] bond4 (unregistering): (slave vlan0): Releasing active interface
[  336.355454][ T6107] bond4 (unregistering): Released all slaves
[  336.633303][ T6107] bond3 (unregistering): Released all slaves
[  336.968301][ T6107] bond2 (unregistering): Released all slaves
[  337.021517][ T6107] bond1 (unregistering): (slave lo): Releasing backup interface
[  337.035389][ T6107] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  337.047094][ T6107] bond1 (unregistering): Released all slaves
[  337.728903][ T5771] Bluetooth: hci3: command tx timeout
[  337.861913][ T6107] team0 (unregistering): Port device team_slave_1 removed
[  337.924592][ T6107] team0 (unregistering): Port device team_slave_0 removed
[  337.991620][ T6107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.052591][ T6107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.485157][ T6107] bond0 (unregistering): Released all slaves
[  338.534152][T12747] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2228'.
[  338.592905][T12749] gre1: entered promiscuous mode
[  338.767480][T12659] team0: Port device team_slave_0 added
[  338.847498][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2237'.
[  338.901670][T12775] loop6: detected capacity change from 0 to 128
[  338.968240][T12768] team1: entered promiscuous mode
[  338.974475][T12768] team1: entered allmulticast mode
[  338.995817][T12768] 8021q: adding VLAN 0 to HW filter on device team1
[  339.047302][T12769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2237'.
[  339.167801][T12769] team2: entered promiscuous mode
[  339.188715][T12769] team2: entered allmulticast mode
[  339.203445][T12769] 8021q: adding VLAN 0 to HW filter on device team2
[  339.226798][T12659] team0: Port device team_slave_1 added
[  339.315479][T12659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  339.334455][T12659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  339.393597][T12659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  339.423932][T12659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  339.441277][T12659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  339.486654][T12659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  339.533899][T12659] hsr_slave_0: entered promiscuous mode
[  339.549717][T12659] hsr_slave_1: entered promiscuous mode
[  339.556395][T12659] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  339.577109][T12659] Cannot create hsr debugfs directory
[  339.808780][ T5771] Bluetooth: hci3: command tx timeout
[  340.099836][T12800] Bluetooth: MGMT ver 1.22
[  340.463855][T12659] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  340.518221][T12659] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  340.557900][T12659] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  340.571381][T12659] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  340.812893][T12659] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.873176][T12659] 8021q: adding VLAN 0 to HW filter on device team0
[  340.952984][ T6107] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.960180][ T6107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  340.987111][ T6107] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.994347][ T6107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  341.181127][   T27] audit: type=1326 audit(2000000100.330:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12837 comm="syz.6.2257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f9e69196b57 code=0x0
[  341.823912][T12659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  341.899471][ T5771] Bluetooth: hci3: command tx timeout
[  342.470209][T12874] Bluetooth: (null): Too short H5 packet
[  342.698357][T12659] veth0_vlan: entered promiscuous mode
[  342.744323][T12659] veth1_vlan: entered promiscuous mode
[  342.843071][T12659] veth0_macvtap: entered promiscuous mode
[  342.879522][T12659] veth1_macvtap: entered promiscuous mode
[  342.936557][T12887] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  343.000047][T12659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.033233][T12659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.053587][T12659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.077523][T12659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.114697][T12659] batman_adv: batadv0: Interface activated: batadv_slave_0
[  343.165776][T12659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.204249][T12659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.222637][T12659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.261736][T12659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.295187][T12659] batman_adv: batadv0: Interface activated: batadv_slave_1
[  343.330898][T12659] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  343.357532][T12659] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  343.376439][T12659] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  343.404832][T12659] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  343.734816][ T3478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.776728][ T3478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.890262][ T6101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.916246][ T6101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.871787][T12942] netlink: 'syz.2.2278': attribute type 3 has an invalid length.
[  344.911021][T12942] netlink: 'syz.2.2278': attribute type 3 has an invalid length.
[  345.292122][T12953] loop6: detected capacity change from 0 to 4096
[  345.315543][T12953] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  345.435821][T12953] ntfs: volume version 3.1.
[  345.633348][T12953] ntfs: (device loop6): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  345.695375][T12953] ntfs: (device loop6): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  345.738279][T12953] ntfs: (device loop6): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28.
[  346.001840][ T6100] ntfs: (device loop6): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry.
[  346.377570][T12989] gre2: entered promiscuous mode
[  346.491955][   T27] audit: type=1326 audit(2000000105.640:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.6.2291" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e6919cdd9 code=0x0
[  346.699912][T12972] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  347.359359][T13012] netlink: 'syz.3.2296': attribute type 6 has an invalid length.
[  347.738813][   T42] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  347.973042][   T42] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  347.999017][   T42] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  348.017232][T13048] overlayfs: failed to resolve './file0': -2
[  348.028361][   T42] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  348.053791][   T42] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.076690][T13051] netlink: 136 bytes leftover after parsing attributes in process `syz.7.2307'.
[  348.125648][T13051] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  348.300227][   T42] usb 7-1: usb_control_msg returned -32
[  348.305874][   T42] usbtmc 7-1:16.0: can't read capabilities
[  348.882490][   T42] usb 7-1: USB disconnect, device number 2
[  351.684881][T13076] netlink: 'syz.3.2317': attribute type 1 has an invalid length.
[  351.762357][T13076] 8021q: adding VLAN 0 to HW filter on device bond3
[  351.816932][T13077] bond3: (slave gretap1): making interface the new active one
[  351.854066][T13077] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  352.059490][T13097] tmpfs: Unknown parameter '�����������	Z*��� m�.Dc�8�'�@��C9G�9���?�9�S�{�1��J���լ��5æ�Ԍ�����qq���Y�糔����'
[  352.923279][   T27] audit: type=1326 audit(2000000112.070:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13098 comm="syz.2.2321" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f117299cdd9 code=0x0
[  353.716138][T13131] ceph: No mds server is up or the cluster is laggy
[  354.470285][T13164] 9pnet: p9_errstr2errno: server reported unknown error adapte
[  354.735895][T13159] loop6: detected capacity change from 0 to 32768
[  354.783102][T13159] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  354.945725][T13159] XFS (loop6): Ending clean mount
[  354.972476][T13159] XFS (loop6): Quotacheck needed: Please wait.
[  355.114037][T13159] XFS (loop6): Quotacheck: Done.
[  355.372447][   T27] audit: type=1804 audit(2000000114.510:1142): pid=13159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2339" name="/newroot/168/file0/bus" dev="loop6" ino=9291 res=1 errno=0
[  355.538234][T10847] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  355.934910][T13216] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  356.099392][T13219] loop7: detected capacity change from 0 to 4096
[  356.135351][T13219] ntfs: (device loop7): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  356.277587][T13219] ntfs: volume version 3.1.
[  356.447242][T13225] loop6: detected capacity change from 0 to 512
[  356.510898][T13219] ntfs: (device loop7): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  356.564248][T13219] ntfs: (device loop7): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  356.604398][T13225] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.613262][T13219] ntfs: (device loop7): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28.
[  356.686865][T13225] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  356.804788][ T3478] ntfs: (device loop7): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry.
[  356.985362][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.689975][    T8] libceph: connect (1)[c::]:6789 error -22
[  358.695904][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  358.779358][T13315] ceph: No mds server is up or the cluster is laggy
[  358.831242][ T5764] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  358.861934][ T5752] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  358.916474][T13322] fuse: Bad value for 'fd'
[  359.018741][ T5764] usb 7-1: Using ep0 maxpacket: 8
[  359.025930][ T5764] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  359.034877][ T5764] usb 7-1: config 179 has no interface number 0
[  359.041647][ T5764] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  359.053177][ T5764] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  359.065034][ T5764] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  359.078886][ T5764] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  359.091966][ T5764] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  359.107657][ T5752] usb 8-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  359.117412][ T5752] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.125870][ T5764] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  359.135414][ T5752] usb 8-1: Product: syz
[  359.140095][ T5752] usb 8-1: Manufacturer: syz
[  359.144728][ T5752] usb 8-1: SerialNumber: syz
[  359.149685][ T5764] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.165787][T13305] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  359.481598][ T5764] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input17
[  359.527679][ T5752] usb 8-1: USB disconnect, device number 2
[  359.716756][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  359.725118][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  359.735001][T13332] IPVS: rr: FWM 3 0x00000003 - no destination available
[  359.736293][ T5764] usb 7-1: USB disconnect, device number 3
[  359.749990][ T5764] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  359.762771][ T5975] udevd[5975]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  360.197556][   T42] libceph: connect (1)[c::]:6789 error -22
[  360.204886][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  360.495207][   T42] libceph: connect (1)[c::]:6789 error -22
[  360.501200][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  361.002103][T13344] ceph: No mds server is up or the cluster is laggy
[  361.009483][   T42] libceph: connect (1)[c::]:6789 error -22
[  361.015473][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  361.578711][ T5764] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  361.749659][T13381] loop7: detected capacity change from 0 to 32768
[  361.773148][ T5764] usb 7-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  361.784997][ T5764] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.791860][T13381]  loop7: p1 p3 < >
[  361.797204][ T5764] usb 7-1: Product: syz
[  361.812118][ T5764] usb 7-1: Manufacturer: syz
[  361.828359][ T5764] usb 7-1: SerialNumber: syz
[  362.105728][T13403] overlayfs: failed to clone upperpath
[  362.139290][ T5764] usb 7-1: USB disconnect, device number 4
[  362.220673][ T5777] udevd[5777]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  362.374551][T13411] udevd[13411]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[  362.398453][ T5975] udevd[5975]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  363.232212][   T27] audit: type=1326 audit(2000000122.370:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.7.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1cbf9cdd9 code=0x7ffc0000
[  363.318836][   T27] audit: type=1326 audit(2000000122.370:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.7.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fb1cbf9cdd9 code=0x7ffc0000
[  363.374173][   T27] audit: type=1326 audit(2000000122.410:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.7.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1cbf9cdd9 code=0x7ffc0000
[  363.403038][T13455] loop7: detected capacity change from 0 to 512
[  363.451870][   T27] audit: type=1326 audit(2000000122.410:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.7.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7fb1cbf9cdd9 code=0x7ffc0000
[  363.512033][T13455] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  363.553712][   T27] audit: type=1326 audit(2000000122.410:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.7.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1cbf9cdd9 code=0x7ffc0000
[  363.687796][T12659] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.838727][  T786] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  365.063919][  T786] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  365.084936][  T786] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  365.110216][  T786] usb 8-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce
[  365.130840][  T786] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.151116][  T786] usb 8-1: Product: syz
[  365.155763][  T786] usb 8-1: Manufacturer: syz
[  365.181466][  T786] usb 8-1: SerialNumber: syz
[  365.221660][  T786] usb 8-1: config 0 descriptor??
[  365.531508][ T5770] usb 8-1: USB disconnect, device number 3
[  366.139860][T13551] loop6: detected capacity change from 0 to 16
[  366.164903][T13551] erofs: (device loop6): mounted with root inode @ nid 36.
[  366.167996][T13553] loop7: detected capacity change from 0 to 256
[  366.223034][T13553] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x395e47cf, utbl_chksum : 0xe619d30d)
[  366.294500][T13551] erofs: (device loop6): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535
[  366.329625][T13551] erofs: (device loop6): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535
[  366.348824][T13551] erofs: (device loop6): z_erofs_read_folio: read error -117 @ 72 of nid 36
[  366.493986][T13559] loop2: detected capacity change from 0 to 7
[  366.514354][T13559] Dev loop2: unable to read RDB block 7
[  366.539113][T13559]  loop2: unable to read partition table
[  366.555324][T13559] loop2: partition table beyond EOD, truncated
[  366.599240][T13559] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  366.660049][ T5137] Dev loop2: unable to read RDB block 7
[  366.666037][ T5137]  loop2: unable to read partition table
[  366.673771][ T5137] loop2: partition table beyond EOD, truncated
[  366.766673][T13570] fuse: Bad value for 'fd'
[  368.348902][ T5752] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  368.538750][ T5752] usb 8-1: Using ep0 maxpacket: 32
[  368.558322][ T5752] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.575327][ T5752] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.585477][ T5752] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  368.595585][ T5752] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.608361][ T5752] usb 8-1: config 0 descriptor??
[  368.649563][ T5752] hub 8-1:0.0: USB hub found
[  368.839515][ T5752] hub 8-1:0.0: 1 port detected
[  369.449452][T13686] netlink: 'syz.2.2490': attribute type 2 has an invalid length.
[  369.452683][ T5764] hub 8-1:0.0: activate --> -90
[  369.568567][T13691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2493'.
[  369.596295][T13691] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2493'.
[  369.672933][T13693] Bluetooth: hci0: invalid len left 7, exp >= 108
[  369.864720][ T5752] usb 8-1: USB disconnect, device number 4
[  370.041104][T13700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  370.504213][T13714] loop7: detected capacity change from 0 to 4096
[  370.517620][T13714] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  370.554661][T13714] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.724624][T12659] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.349533][T13729] overlayfs: failed to clone upperpath
[  371.534300][T13735] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  371.557688][T13735] overlayfs: failed to set uuid (655/file1, err=-1); falling back to uuid=null.
[  371.746641][T13745] overlayfs: failed to resolve './file0': -2
[  372.851642][  T786] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  373.058726][  T786] usb 8-1: Using ep0 maxpacket: 32
[  373.077157][  T786] usb 8-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  373.088670][  T786] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.118865][  T786] usb 8-1: config 0 descriptor??
[  373.140004][  T786] gspca_main: sunplus-2.14.0 probing 041e:400b
[  373.891151][T13815] netlink: 'syz.3.2541': attribute type 1 has an invalid length.
[  373.899207][T13815] netlink: 'syz.3.2541': attribute type 4 has an invalid length.
[  373.906987][T13815] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2541'.
[  373.986165][T13821] netlink: 'syz.3.2544': attribute type 12 has an invalid length.
[  374.570868][  T786] gspca_sunplus: reg_w_riv err -71
[  374.576916][  T786] sunplus: probe of 8-1:0.0 failed with error -71
[  374.595731][  T786] usb 8-1: USB disconnect, device number 5
[  374.660249][T13851] overlayfs: failed to resolve './file0': -2
[  374.846728][T13859] 9pnet: p9_errstr2errno: server reported unknown error 01777777
[  375.015521][T13868] fuse: Bad value for 'fd'
[  375.376300][T13884] batadv_slave_1: entered promiscuous mode
[  375.399433][T13883] batadv_slave_1: left promiscuous mode
[  375.583828][T13892] loop6: detected capacity change from 0 to 512
[  375.662670][T13892] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  375.971917][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.447554][T13919] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2583'.
[  376.591099][   T27] audit: type=1326 audit(2000000135.740:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13904 comm="syz.3.2577" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f94e559cdd9 code=0x0
[  376.939800][  T786] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  377.138696][  T786] usb 8-1: Using ep0 maxpacket: 8
[  377.148542][  T786] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  377.164076][  T786] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  377.186100][  T786] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.226601][  T786] usb 8-1: config 0 descriptor??
[  377.467217][  T786] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  377.935393][T13935] loop6: detected capacity change from 0 to 32768
[  378.033003][ T5752] usb 8-1: USB disconnect, device number 6
[  378.398171][T13948] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2601'.
[  378.751022][T13954] loop6: detected capacity change from 0 to 4096
[  378.801688][T13954] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  378.836682][T13954] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.934681][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  378.942222][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  378.971936][T13964] overlayfs: failed to clone upperpath
[  379.129788][T10847] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.331608][T13979] loop7: detected capacity change from 0 to 128
[  380.394963][T13979] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  380.417820][T13979] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  380.625487][T12659] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  382.117102][T13985] syz.7.2607 (13985): drop_caches: 2
[  382.454523][T14007] 
[  382.456898][T14007] =====================================================
[  382.463842][T14007] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  382.471321][T14007] syzkaller #0 Not tainted
[  382.475744][T14007] -----------------------------------------------------
[  382.482686][T14007] syz.3.2619/14007 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  382.490423][T14007] ffffffff8ce0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xf0/0x3c0
[  382.499091][T14007] 
[  382.499091][T14007] and this task is already holding:
[  382.506469][T14007] ffff88807f53f298 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0
[  382.515377][T14007] which would create a new lock dependency:
[  382.521277][T14007]  (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
[  382.529028][T14007] 
[  382.529028][T14007] but this new dependency connects a HARDIRQ-irq-safe lock:
[  382.538493][T14007]  (&dev->event_lock#2){-.-.}-{2:2}
[  382.538525][T14007] 
[  382.538525][T14007] ... which became HARDIRQ-irq-safe at:
[  382.551415][T14007]   lock_acquire+0x19e/0x420
[  382.556010][T14007]   _raw_spin_lock_irqsave+0xb4/0x100
[  382.561387][T14007]   input_event+0x7a/0xc0
[  382.565715][T14007]   psmouse_report_standard_packet+0x53/0x200
[  382.571776][T14007]   psmouse_process_byte+0x478/0x670
[  382.577060][T14007]   psmouse_handle_byte+0x43/0x490
[  382.582165][T14007]   ps2_interrupt+0x164/0x980
[  382.586835][T14007]   serio_interrupt+0x8b/0x130
[  382.591589][T14007]   i8042_interrupt+0x385/0x710
[  382.596433][T14007]   __handle_irq_event_percpu+0x271/0x940
[  382.602151][T14007]   handle_irq_event+0x8b/0x1e0
[  382.607001][T14007]   handle_edge_irq+0x247/0xb30
[  382.611855][T14007]   __common_interrupt+0x13b/0x230
[  382.617014][T14007]   common_interrupt+0xb4/0xd0
[  382.621787][T14007]   asm_common_interrupt+0x26/0x40
[  382.626899][T14007]   _raw_spin_unlock_irqrestore+0xc0/0x120
[  382.632880][T14007]   i8042_aux_write+0x109/0x170
[  382.637722][T14007]   ps2_do_sendbyte+0x1fd/0x6f0
[  382.642565][T14007]   ps2_sendbyte+0x5f/0x120
[  382.647117][T14007]   cypress_send_ext_cmd+0x244/0x930
[  382.652406][T14007]   cypress_detect+0x93/0x1a0
[  382.657080][T14007]   psmouse_extensions+0x471/0xc00
[  382.662184][T14007]   psmouse_switch_protocol+0xc8/0x5f0
[  382.667643][T14007]   psmouse_connect+0x8d8/0x14c0
[  382.672571][T14007]   serio_driver_probe+0x7a/0xa0
[  382.677499][T14007]   really_probe+0x25b/0xb20
[  382.682074][T14007]   __driver_probe_device+0x18c/0x330
[  382.687436][T14007]   driver_probe_device+0x4f/0x420
[  382.692544][T14007]   __driver_attach+0x44e/0x6e0
[  382.697393][T14007]   bus_for_each_dev+0x235/0x2b0
[  382.702332][T14007]   serio_handle_event+0x1a2/0x860
[  382.707446][T14007]   process_scheduled_works+0xa5d/0x15d0
[  382.713091][T14007]   worker_thread+0xa55/0xfc0
[  382.717769][T14007]   kthread+0x2fa/0x390
[  382.721926][T14007]   ret_from_fork+0x48/0x80
[  382.726418][T14007]   ret_from_fork_asm+0x11/0x20
[  382.731261][T14007] 
[  382.731261][T14007] to a HARDIRQ-irq-unsafe lock:
[  382.738276][T14007]  (tasklist_lock){.+.+}-{2:2}
[  382.738299][T14007] 
[  382.738299][T14007] ... which became HARDIRQ-irq-unsafe at:
[  382.750914][T14007] ...
[  382.750923][T14007]   lock_acquire+0x19e/0x420
[  382.758170][T14007]   _raw_read_lock+0x36/0x50
[  382.762763][T14007]   do_wait+0x294/0xae0
[  382.766929][T14007]   kernel_wait+0xd7/0x1c0
[  382.771348][T14007]   call_usermodehelper_exec_work+0xb9/0x220
[  382.777320][T14007]   process_scheduled_works+0xa5d/0x15d0
[  382.782949][T14007]   worker_thread+0xa55/0xfc0
[  382.787625][T14007]   kthread+0x2fa/0x390
[  382.791779][T14007]   ret_from_fork+0x48/0x80
[  382.796279][T14007]   ret_from_fork_asm+0x11/0x20
[  382.801125][T14007] 
[  382.801125][T14007] other info that might help us debug this:
[  382.801125][T14007] 
[  382.811345][T14007] Chain exists of:
[  382.811345][T14007]   &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock
[  382.811345][T14007] 
[  382.824813][T14007]  Possible interrupt unsafe locking scenario:
[  382.824813][T14007] 
[  382.833120][T14007]        CPU0                    CPU1
[  382.838469][T14007]        ----                    ----
[  382.843817][T14007]   lock(tasklist_lock);
[  382.848048][T14007]                                local_irq_disable();
[  382.854785][T14007]                                lock(&dev->event_lock#2);
[  382.862149][T14007]                                lock(&f->f_owner.lock);
[  382.869163][T14007]   <Interrupt>
[  382.872606][T14007]     lock(&dev->event_lock#2);
[  382.877451][T14007] 
[  382.877451][T14007]  *** DEADLOCK ***
[  382.877451][T14007] 
[  382.885583][T14007] 2 locks held by syz.3.2619/14007:
[  382.890861][T14007]  #0: ffff88807787ce80 (&u->lock){+.+.}-{2:2}, at: queue_oob+0x1e2/0x4f0
[  382.899385][T14007]  #1: ffff88807f53f298 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0
[  382.908687][T14007] 
[  382.908687][T14007] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  382.919081][T14007]    -> (&dev->event_lock#2){-.-.}-{2:2} {
[  382.924905][T14007]       IN-HARDIRQ-W at:
[  382.929311][T14007]                           lock_acquire+0x19e/0x420
[  382.935987][T14007]                           _raw_spin_lock_irqsave+0xb4/0x100
[  382.943437][T14007]                           input_event+0x7a/0xc0
[  382.949849][T14007]                           psmouse_report_standard_packet+0x53/0x200
[  382.957997][T14007]                           psmouse_process_byte+0x478/0x670
[  382.965370][T14007]                           psmouse_handle_byte+0x43/0x490
[  382.972559][T14007]                           ps2_interrupt+0x164/0x980
[  382.979314][T14007]                           serio_interrupt+0x8b/0x130
[  382.986248][T14007]                           i8042_interrupt+0x385/0x710
[  382.993173][T14007]                           __handle_irq_event_percpu+0x271/0x940
[  383.001065][T14007]                           handle_irq_event+0x8b/0x1e0
[  383.008024][T14007]                           handle_edge_irq+0x247/0xb30
[  383.014954][T14007]                           __common_interrupt+0x13b/0x230
[  383.022149][T14007]                           common_interrupt+0xb4/0xd0
[  383.029003][T14007]                           asm_common_interrupt+0x26/0x40
[  383.036196][T14007]                           _raw_spin_unlock_irqrestore+0xc0/0x120
[  383.044123][T14007]                           i8042_aux_write+0x109/0x170
[  383.051056][T14007]                           ps2_do_sendbyte+0x1fd/0x6f0
[  383.057988][T14007]                           ps2_sendbyte+0x5f/0x120
[  383.064567][T14007]                           cypress_send_ext_cmd+0x244/0x930
[  383.071926][T14007]                           cypress_detect+0x93/0x1a0
[  383.078684][T14007]                           psmouse_extensions+0x471/0xc00
[  383.085875][T14007]                           psmouse_switch_protocol+0xc8/0x5f0
[  383.093439][T14007]                           psmouse_connect+0x8d8/0x14c0
[  383.100455][T14007]                           serio_driver_probe+0x7a/0xa0
[  383.107465][T14007]                           really_probe+0x25b/0xb20
[  383.114132][T14007]                           __driver_probe_device+0x18c/0x330
[  383.121671][T14007]                           driver_probe_device+0x4f/0x420
[  383.128859][T14007]                           __driver_attach+0x44e/0x6e0
[  383.135783][T14007]                           bus_for_each_dev+0x235/0x2b0
[  383.142802][T14007]                           serio_handle_event+0x1a2/0x860
[  383.149992][T14007]                           process_scheduled_works+0xa5d/0x15d0
[  383.157705][T14007]                           worker_thread+0xa55/0xfc0
[  383.164583][T14007]                           kthread+0x2fa/0x390
[  383.170828][T14007]                           ret_from_fork+0x48/0x80
[  383.177417][T14007]                           ret_from_fork_asm+0x11/0x20
[  383.184348][T14007]       IN-SOFTIRQ-W at:
[  383.188582][T14007]                           lock_acquire+0x19e/0x420
[  383.195257][T14007]                           _raw_spin_lock_irqsave+0xb4/0x100
[  383.202707][T14007]                           input_event+0x7a/0xc0
[  383.209121][T14007]                           hidinput_report_event+0xa1/0xf0
[  383.216400][T14007]                           hid_report_raw_event+0x151d/0x1750
[  383.223938][T14007]                           hid_input_report+0x434/0x510
[  383.230951][T14007]                           hid_ctrl+0x1e9/0x560
[  383.237267][T14007]                           __usb_hcd_giveback_urb+0x35f/0x520
[  383.244915][T14007]                           dummy_timer+0x8de/0x3320
[  383.251591][T14007]                           __hrtimer_run_queues+0x520/0xc40
[  383.258959][T14007]                           hrtimer_run_softirq+0x187/0x2b0
[  383.266234][T14007]                           handle_softirqs+0x280/0x820
[  383.273159][T14007]                           __irq_exit_rcu+0xd3/0x190
[  383.279919][T14007]                           irq_exit_rcu+0x9/0x20
[  383.286340][T14007]                           sysvec_apic_timer_interrupt+0xa4/0xc0
[  383.294152][T14007]                           asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  383.302303][T14007]                           finish_task_switch+0x26a/0x8f0
[  383.309495][T14007]                           __schedule+0x155b/0x45a0
[  383.316171][T14007]                           preempt_schedule_common+0x82/0xc0
[  383.323619][T14007]                           preempt_schedule+0xc0/0xd0
[  383.330458][T14007]                           preempt_schedule_thunk+0x1a/0x30
[  383.337819][T14007]                           _raw_spin_unlock_irqrestore+0x111/0x120
[  383.345843][T14007]                           usbhid_init_reports+0x83/0x270
[  383.353032][T14007]                           hiddev_ioctl+0x8e9/0x1650
[  383.359785][T14007]                           __se_sys_ioctl+0xfd/0x170
[  383.366543][T14007]                           do_syscall_64+0x55/0xa0
[  383.373123][T14007]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.381189][T14007]       INITIAL USE at:
[  383.385338][T14007]                          lock_acquire+0x19e/0x420
[  383.391919][T14007]                          _raw_spin_lock_irqsave+0xb4/0x100
[  383.399281][T14007]                          input_inject_event+0xab/0x320
[  383.406296][T14007]                          led_trigger_event+0x133/0x210
[  383.413315][T14007]                          kbd_led_trigger_activate+0xbd/0x100
[  383.420872][T14007]                          led_trigger_set+0x52c/0x950
[  383.427730][T14007]                          led_trigger_set_default+0x1a0/0x1e0
[  383.435268][T14007]                          led_classdev_register_ext+0x733/0x9b0
[  383.442983][T14007]                          input_leds_connect+0x4eb/0x6b0
[  383.450080][T14007]                          input_register_device+0xcdc/0x1070
[  383.457532][T14007]                          atkbd_connect+0x70a/0x9b0
[  383.464198][T14007]                          serio_driver_probe+0x7a/0xa0
[  383.471120][T14007]                          really_probe+0x25b/0xb20
[  383.477695][T14007]                          __driver_probe_device+0x18c/0x330
[  383.485064][T14007]                          driver_probe_device+0x4f/0x420
[  383.492169][T14007]                          __driver_attach+0x44e/0x6e0
[  383.499014][T14007]                          bus_for_each_dev+0x235/0x2b0
[  383.505946][T14007]                          serio_handle_event+0x1a2/0x860
[  383.513054][T14007]                          process_scheduled_works+0xa5d/0x15d0
[  383.520689][T14007]                          worker_thread+0xa55/0xfc0
[  383.527359][T14007]                          kthread+0x2fa/0x390
[  383.533505][T14007]                          ret_from_fork+0x48/0x80
[  383.539999][T14007]                          ret_from_fork_asm+0x11/0x20
[  383.546846][T14007]     }
[  383.549594][T14007]     ... key      at: [<ffffffff97631ac0>] input_allocate_device.__key.5+0x0/0x20
[  383.558871][T14007]   -> (&client->buffer_lock){....}-{2:2} {
[  383.564769][T14007]      INITIAL USE at:
[  383.568823][T14007]                        lock_acquire+0x19e/0x420
[  383.575229][T14007]                        _raw_spin_lock+0x2e/0x40
[  383.581638][T14007]                        evdev_pass_values+0xcb/0xab0
[  383.588393][T14007]                        evdev_events+0x19e/0x330
[  383.594801][T14007]                        input_pass_values+0xb88/0x12f0
[  383.601729][T14007]                        input_event_dispose+0x346/0x6c0
[  383.608742][T14007]                        input_inject_event+0x1f9/0x320
[  383.615668][T14007]                        evdev_write+0x35f/0x490
[  383.621984][T14007]                        vfs_write+0x296/0x990
[  383.628135][T14007]                        ksys_write+0x150/0x260
[  383.634367][T14007]                        do_syscall_64+0x55/0xa0
[  383.640682][T14007]                        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.648482][T14007]    }
[  383.651142][T14007]    ... key      at: [<ffffffff97631d60>] evdev_open.__key.28+0x0/0x20
[  383.659464][T14007]    ... acquired at:
[  383.663426][T14007]    _raw_spin_lock+0x2e/0x40
[  383.668115][T14007]    evdev_pass_values+0xcb/0xab0
[  383.673125][T14007]    evdev_events+0x19e/0x330
[  383.677788][T14007]    input_pass_values+0xb88/0x12f0
[  383.682977][T14007]    input_event_dispose+0x346/0x6c0
[  383.688342][T14007]    input_inject_event+0x1f9/0x320
[  383.693529][T14007]    evdev_write+0x35f/0x490
[  383.698108][T14007]    vfs_write+0x296/0x990
[  383.702554][T14007]    ksys_write+0x150/0x260
[  383.707053][T14007]    do_syscall_64+0x55/0xa0
[  383.711631][T14007]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.717690][T14007] 
[  383.720018][T14007]  -> (&new->fa_lock){...-}-{2:2} {
[  383.725225][T14007]     IN-SOFTIRQ-R at:
[  383.729284][T14007]                       lock_acquire+0x19e/0x420
[  383.735603][T14007]                       _raw_read_lock_irqsave+0xbc/0x100
[  383.742700][T14007]                       kill_fasync+0x192/0x4b0
[  383.748928][T14007]                       sock_wake_async+0x137/0x160
[  383.755510][T14007]                       sk_wake_async+0x184/0x280
[  383.761917][T14007]                       sock_def_readable+0x22d/0x420
[  383.768675][T14007]                       tcp_data_queue+0x221d/0x5ad0
[  383.775340][T14007]                       tcp_rcv_established+0xa3f/0x1d20
[  383.782436][T14007]                       tcp_v4_do_rcv+0x4ed/0xb80
[  383.788845][T14007]                       tcp_v4_rcv+0x23bf/0x2af0
[  383.795169][T14007]                       ip_protocol_deliver_rcu+0x20e/0x3f0
[  383.802452][T14007]                       ip_local_deliver_finish+0x2ca/0x510
[  383.809728][T14007]                       NF_HOOK+0x32d/0x3b0
[  383.815617][T14007]                       NF_HOOK+0x32d/0x3b0
[  383.821507][T14007]                       __netif_receive_skb+0xcc/0x290
[  383.828347][T14007]                       process_backlog+0x391/0x6f0
[  383.834933][T14007]                       __napi_poll+0xc0/0x460
[  383.841080][T14007]                       net_rx_action+0x616/0xc40
[  383.847537][T14007]                       handle_softirqs+0x280/0x820
[  383.854115][T14007]                       do_softirq+0xfa/0x1a0
[  383.860170][T14007]                       __local_bh_enable_ip+0x184/0x1c0
[  383.867180][T14007]                       sk_stream_wait_memory+0x6e3/0xee0
[  383.874284][T14007]                       tcp_sendmsg_locked+0x15cd/0x4bd0
[  383.881300][T14007]                       tcp_sendmsg+0x2f/0x50
[  383.887358][T14007]                       __sys_sendto+0x4a9/0x6b0
[  383.893675][T14007]                       __x64_sys_sendto+0xde/0xf0
[  383.900180][T14007]                       do_syscall_64+0x55/0xa0
[  383.906406][T14007]                       entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.914115][T14007]     INITIAL USE at:
[  383.918097][T14007]                      lock_acquire+0x19e/0x420
[  383.924327][T14007]                      _raw_write_lock_irq+0xaf/0xf0
[  383.930998][T14007]                      fasync_remove_entry+0xf4/0x1c0
[  383.937758][T14007]                      lease_modify+0x1a6/0x390
[  383.943988][T14007]                      locks_remove_file+0x548/0xee0
[  383.950655][T14007]                      __fput+0x18f/0x970
[  383.956359][T14007]                      task_work_run+0x1d4/0x260
[  383.962680][T14007]                      exit_to_user_mode_loop+0xe6/0x110
[  383.969695][T14007]                      exit_to_user_mode_prepare+0xee/0x180
[  383.977229][T14007]                      syscall_exit_to_user_mode+0x1a/0x50
[  383.984414][T14007]                      do_syscall_64+0x61/0xa0
[  383.990560][T14007]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.998184][T14007]     INITIAL READ USE at:
[  384.002596][T14007]                           lock_acquire+0x19e/0x420
[  384.009263][T14007]                           _raw_read_lock_irqsave+0xbc/0x100
[  384.016796][T14007]                           kill_fasync+0x192/0x4b0
[  384.023388][T14007]                           sock_wake_async+0x137/0x160
[  384.030318][T14007]                           sk_wake_async+0x184/0x280
[  384.037069][T14007]                           tcp_rcv_state_process+0x21c9/0x4280
[  384.044831][T14007]                           tcp_v4_do_rcv+0x7b3/0xb80
[  384.051673][T14007]                           __release_sock+0x1e5/0x460
[  384.058520][T14007]                           release_sock+0x5f/0x1c0
[  384.065097][T14007]                           __inet_stream_connect+0x845/0xdc0
[  384.072548][T14007]                           tcp_sendmsg_fastopen+0x3a7/0x5d0
[  384.079912][T14007]                           tcp_sendmsg_locked+0x4621/0x4bd0
[  384.087277][T14007]                           tcp_sendmsg+0x2f/0x50
[  384.093686][T14007]                           __sys_sendto+0x4a9/0x6b0
[  384.100352][T14007]                           __x64_sys_sendto+0xde/0xf0
[  384.107189][T14007]                           do_syscall_64+0x55/0xa0
[  384.113764][T14007]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.121836][T14007]   }
[  384.124425][T14007]   ... key      at: [<ffffffff97338b20>] fasync_insert_entry.__key+0x0/0x20
[  384.133192][T14007]   ... acquired at:
[  384.137074][T14007]    _raw_read_lock_irqsave+0xbc/0x100
[  384.142535][T14007]    kill_fasync+0x192/0x4b0
[  384.147122][T14007]    evdev_pass_values+0x54b/0xab0
[  384.152229][T14007]    evdev_events+0x1d8/0x330
[  384.156899][T14007]    input_pass_values+0x905/0x12f0
[  384.162091][T14007]    input_event_dispose+0x346/0x6c0
[  384.167369][T14007]    input_inject_event+0x1f9/0x320
[  384.172561][T14007]    evdev_write+0x35f/0x490
[  384.177139][T14007]    vfs_write+0x296/0x990
[  384.181554][T14007]    ksys_write+0x150/0x260
[  384.186055][T14007]    do_syscall_64+0x55/0xa0
[  384.190652][T14007]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.196735][T14007] 
[  384.199057][T14007] -> (&f->f_owner.lock){...-}-{2:2} {
[  384.204442][T14007]    IN-SOFTIRQ-R at:
[  384.208412][T14007]                     lock_acquire+0x19e/0x420
[  384.214576][T14007]                     _raw_read_lock_irqsave+0xbc/0x100
[  384.221535][T14007]                     send_sigurg+0x29/0x3c0
[  384.227525][T14007]                     sk_send_sigurg+0x6f/0xc0
[  384.233695][T14007]                     tcp_check_urg+0x200/0x750
[  384.239939][T14007]                     tcp_urg+0x164/0x410
[  384.245840][T14007]                     tcp_rcv_established+0xa34/0x1d20
[  384.252697][T14007]                     tcp_v4_do_rcv+0x4ed/0xb80
[  384.258945][T14007]                     tcp_v4_rcv+0x23bf/0x2af0
[  384.265117][T14007]                     ip_protocol_deliver_rcu+0x20e/0x3f0
[  384.272248][T14007]                     ip_local_deliver_finish+0x2ca/0x510
[  384.279355][T14007]                     NF_HOOK+0x32d/0x3b0
[  384.285069][T14007]                     NF_HOOK+0x32d/0x3b0
[  384.290785][T14007]                     __netif_receive_skb+0xcc/0x290
[  384.297450][T14007]                     process_backlog+0x391/0x6f0
[  384.303853][T14007]                     __napi_poll+0xc0/0x460
[  384.309843][T14007]                     net_rx_action+0x616/0xc40
[  384.316092][T14007]                     handle_softirqs+0x280/0x820
[  384.322509][T14007]                     do_softirq+0xfa/0x1a0
[  384.328395][T14007]                     __local_bh_enable_ip+0x184/0x1c0
[  384.335252][T14007]                     sk_stream_wait_memory+0x6e3/0xee0
[  384.342197][T14007]                     tcp_sendmsg_locked+0x15cd/0x4bd0
[  384.349051][T14007]                     tcp_sendmsg+0x2f/0x50
[  384.354940][T14007]                     __sys_sendto+0x4a9/0x6b0
[  384.361082][T14007]                     __x64_sys_sendto+0xde/0xf0
[  384.367395][T14007]                     do_syscall_64+0x55/0xa0
[  384.373458][T14007]                     entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.380997][T14007]    INITIAL USE at:
[  384.384881][T14007]                    lock_acquire+0x19e/0x420
[  384.390949][T14007]                    _raw_write_lock_irq+0xaf/0xf0
[  384.397445][T14007]                    __f_setown+0x3b/0x330
[  384.403241][T14007]                    do_fcntl+0x11fd/0x1490
[  384.409128][T14007]                    __se_sys_fcntl+0xc9/0x1a0
[  384.415274][T14007]                    do_syscall_64+0x55/0xa0
[  384.421242][T14007]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.428688][T14007]    INITIAL READ USE at:
[  384.433005][T14007]                         lock_acquire+0x19e/0x420
[  384.439499][T14007]                         _raw_read_lock_irqsave+0xbc/0x100
[  384.446781][T14007]                         send_sigurg+0x29/0x3c0
[  384.453100][T14007]                         sk_send_sigurg+0x6f/0xc0
[  384.459594][T14007]                         tcp_check_urg+0x200/0x750
[  384.466171][T14007]                         tcp_urg+0x164/0x410
[  384.472229][T14007]                         tcp_rcv_established+0xa34/0x1d20
[  384.479410][T14007]                         tcp_v4_do_rcv+0x4ed/0xb80
[  384.485991][T14007]                         __release_sock+0x1e5/0x460
[  384.492658][T14007]                         release_sock+0x5f/0x1c0
[  384.499066][T14007]                         sk_stream_wait_memory+0x6e3/0xee0
[  384.506340][T14007]                         tcp_sendmsg_locked+0x15cd/0x4bd0
[  384.513532][T14007]                         tcp_sendmsg+0x2f/0x50
[  384.519769][T14007]                         __sys_sendto+0x4a9/0x6b0
[  384.526269][T14007]                         __x64_sys_sendto+0xde/0xf0
[  384.532937][T14007]                         do_syscall_64+0x55/0xa0
[  384.539348][T14007]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.547266][T14007]  }
[  384.549754][T14007]  ... key      at: [<ffffffff97337ea0>] init_file.__key+0x0/0x20
[  384.557551][T14007]  ... acquired at:
[  384.561349][T14007]    _raw_read_lock_irqsave+0xbc/0x100
[  384.566797][T14007]    send_sigio+0x33/0x360
[  384.571293][T14007]    kill_fasync+0x228/0x4b0
[  384.575872][T14007]    sock_wake_async+0x137/0x160
[  384.580802][T14007]    sk_wake_async+0x184/0x280
[  384.585556][T14007]    tcp_rcv_state_process+0x21c9/0x4280
[  384.591174][T14007]    tcp_v4_do_rcv+0x7b3/0xb80
[  384.595932][T14007]    __release_sock+0x1e5/0x460
[  384.600776][T14007]    release_sock+0x5f/0x1c0
[  384.605357][T14007]    __inet_stream_connect+0x845/0xdc0
[  384.610807][T14007]    tcp_sendmsg_fastopen+0x3a7/0x5d0
[  384.616174][T14007]    tcp_sendmsg_locked+0x4621/0x4bd0
[  384.621539][T14007]    tcp_sendmsg+0x2f/0x50
[  384.625953][T14007]    __sys_sendto+0x4a9/0x6b0
[  384.630682][T14007]    __x64_sys_sendto+0xde/0xf0
[  384.635522][T14007]    do_syscall_64+0x55/0xa0
[  384.640098][T14007]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  384.646156][T14007] 
[  384.648469][T14007] 
[  384.648469][T14007] the dependencies between the lock to be acquired
[  384.648476][T14007]  and HARDIRQ-irq-unsafe lock:
[  384.661966][T14007] -> (tasklist_lock){.+.+}-{2:2} {
[  384.667093][T14007]    HARDIRQ-ON-R at:
[  384.671060][T14007]                     lock_acquire+0x19e/0x420
[  384.677207][T14007]                     _raw_read_lock+0x36/0x50
[  384.683354][T14007]                     do_wait+0x294/0xae0
[  384.689071][T14007]                     kernel_wait+0xd7/0x1c0
[  384.695045][T14007]                     call_usermodehelper_exec_work+0xb9/0x220
[  384.702576][T14007]                     process_scheduled_works+0xa5d/0x15d0
[  384.709767][T14007]                     worker_thread+0xa55/0xfc0
[  384.716083][T14007]                     kthread+0x2fa/0x390
[  384.721791][T14007]                     ret_from_fork+0x48/0x80
[  384.727852][T14007]                     ret_from_fork_asm+0x11/0x20
[  384.734266][T14007]    SOFTIRQ-ON-R at:
[  384.738240][T14007]                     lock_acquire+0x19e/0x420
[  384.744395][T14007]                     _raw_read_lock+0x36/0x50
[  384.750558][T14007]                     do_wait+0x294/0xae0
[  384.756273][T14007]                     kernel_wait+0xd7/0x1c0
[  384.762260][T14007]                     call_usermodehelper_exec_work+0xb9/0x220
[  384.769792][T14007]                     process_scheduled_works+0xa5d/0x15d0
[  384.776982][T14007]                     worker_thread+0xa55/0xfc0
[  384.783223][T14007]                     kthread+0x2fa/0x390
[  384.788935][T14007]                     ret_from_fork+0x48/0x80
[  384.794993][T14007]                     ret_from_fork_asm+0x11/0x20
[  384.801400][T14007]    INITIAL USE at:
[  384.805286][T14007]                    lock_acquire+0x19e/0x420
[  384.811341][T14007]                    _raw_write_lock_irq+0xaf/0xf0
[  384.817836][T14007]                    copy_process+0x2275/0x3d80
[  384.824064][T14007]                    kernel_clone+0x24b/0x8a0
[  384.830118][T14007]                    user_mode_thread+0x111/0x180
[  384.836552][T14007]                    rest_init+0x27/0x300
[  384.842262][T14007]                    arch_call_rest_init+0xe/0x10
[  384.848676][T14007]                    start_kernel+0x459/0x4e0
[  384.854742][T14007]                    x86_64_start_reservations+0x2a/0x30
[  384.861753][T14007]                    copy_bootdata+0x0/0xe0
[  384.867718][T14007]                    secondary_startup_64_no_verify+0x179/0x17b
[  384.875338][T14007]    INITIAL READ USE at:
[  384.879655][T14007]                         lock_acquire+0x19e/0x420
[  384.886145][T14007]                         _raw_read_lock+0x36/0x50
[  384.892635][T14007]                         do_wait+0x294/0xae0
[  384.898696][T14007]                         kernel_wait+0xd7/0x1c0
[  384.905100][T14007]                         call_usermodehelper_exec_work+0xb9/0x220
[  384.912976][T14007]                         process_scheduled_works+0xa5d/0x15d0
[  384.920512][T14007]                         worker_thread+0xa55/0xfc0
[  384.927093][T14007]                         kthread+0x2fa/0x390
[  384.933148][T14007]                         ret_from_fork+0x48/0x80
[  384.939558][T14007]                         ret_from_fork_asm+0x11/0x20
[  384.946309][T14007]  }
[  384.948791][T14007]  ... key      at: [<ffffffff8ce0a058>] tasklist_lock+0x18/0x40
[  384.956525][T14007]  ... acquired at:
[  384.960310][T14007]    _raw_read_lock+0x36/0x50
[  384.964978][T14007]    send_sigurg+0xf0/0x3c0
[  384.969469][T14007]    sk_send_sigurg+0x6f/0xc0
[  384.974138][T14007]    queue_oob+0x3f1/0x4f0
[  384.978538][T14007]    unix_stream_sendmsg+0xaf3/0xbf0
[  384.983810][T14007]    ____sys_sendmsg+0x5ba/0x960
[  384.988821][T14007]    ___sys_sendmsg+0x2a6/0x360
[  384.993700][T14007]    __sys_sendmmsg+0x2ca/0x510
[  384.998536][T14007]    __x64_sys_sendmmsg+0xa0/0xb0
[  385.003547][T14007]    do_syscall_64+0x55/0xa0
[  385.008123][T14007]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  385.014178][T14007] 
[  385.016488][T14007] 
[  385.016488][T14007] stack backtrace:
[  385.022360][T14007] CPU: 1 PID: 14007 Comm: syz.3.2619 Not tainted syzkaller #0
[  385.029800][T14007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  385.039855][T14007] Call Trace:
[  385.043130][T14007]  <TASK>
[  385.046051][T14007]  dump_stack_lvl+0x18c/0x250
[  385.050729][T14007]  ? load_image+0x420/0x420
[  385.055225][T14007]  ? show_regs_print_info+0x20/0x20
[  385.060415][T14007]  ? load_image+0x420/0x420
[  385.064909][T14007]  ? print_shortest_lock_dependencies+0xf4/0x160
[  385.071228][T14007]  __lock_acquire+0x6851/0x7d40
[  385.076087][T14007]  ? verify_lock_unused+0x140/0x140
[  385.081294][T14007]  ? verify_lock_unused+0x140/0x140
[  385.086506][T14007]  lock_acquire+0x19e/0x420
[  385.091018][T14007]  ? send_sigurg+0xf0/0x3c0
[  385.095533][T14007]  ? read_lock_is_recursive+0x20/0x20
[  385.100903][T14007]  ? do_raw_read_lock+0x3d/0x90
[  385.105743][T14007]  ? _raw_read_lock_irqsave+0xc8/0x100
[  385.111202][T14007]  ? _raw_read_lock+0x50/0x50
[  385.115874][T14007]  ? __lock_acquire+0x7d40/0x7d40
[  385.120903][T14007]  ? do_raw_spin_lock+0x11f/0x2c0
[  385.125924][T14007]  _raw_read_lock+0x36/0x50
[  385.130424][T14007]  ? send_sigurg+0xf0/0x3c0
[  385.134922][T14007]  send_sigurg+0xf0/0x3c0
[  385.139250][T14007]  sk_send_sigurg+0x6f/0xc0
[  385.143800][T14007]  queue_oob+0x3f1/0x4f0
[  385.148058][T14007]  ? scm_stat_add+0xc0/0xc0
[  385.152738][T14007]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x10
[  385.158809][T14007]  ? security_socket_getpeersec_dgram+0x83/0xa0
[  385.165048][T14007]  unix_stream_sendmsg+0xaf3/0xbf0
[  385.170153][T14007]  ? aa_sk_perm+0x83c/0x970
[  385.174670][T14007]  ? unix_show_fdinfo+0x270/0x270
[  385.179685][T14007]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  385.186111][T14007]  ? aa_sock_msg_perm+0x94/0x150
[  385.191058][T14007]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  385.196351][T14007]  ? security_socket_sendmsg+0x80/0xa0
[  385.201804][T14007]  ? unix_show_fdinfo+0x270/0x270
[  385.206845][T14007]  ____sys_sendmsg+0x5ba/0x960
[  385.211631][T14007]  ? __asan_memset+0x22/0x40
[  385.216230][T14007]  ? __sys_sendmsg_sock+0x30/0x30
[  385.221251][T14007]  ? __import_iovec+0x5f2/0x850
[  385.226098][T14007]  ? import_iovec+0x73/0xa0
[  385.230609][T14007]  ___sys_sendmsg+0x2a6/0x360
[  385.235290][T14007]  ? __sys_sendmsg+0x2a0/0x2a0
[  385.240067][T14007]  __sys_sendmmsg+0x2ca/0x510
[  385.244739][T14007]  ? __ia32_sys_sendmsg+0x90/0x90
[  385.249759][T14007]  ? __ia32_sys_get_robust_list+0x110/0x110
[  385.255650][T14007]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  385.261638][T14007]  ? lock_chain_count+0x20/0x20
[  385.266568][T14007]  __x64_sys_sendmmsg+0xa0/0xb0
[  385.271414][T14007]  do_syscall_64+0x55/0xa0
[  385.275827][T14007]  ? clear_bhb_loop+0x40/0x90
[  385.280526][T14007]  ? clear_bhb_loop+0x40/0x90
[  385.285222][T14007]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  385.291118][T14007] RIP: 0033:0x7f94e559cdd9
[  385.295529][T14007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  385.315144][T14007] RSP: 002b:00007f94e652e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  385.323555][T14007] RAX: ffffffffffffffda RBX: 00007f94e5815fa0 RCX: 00007f94e559cdd9
[  385.331524][T14007] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003
[  385.339510][T14007] RBP: 00007f94e5632d69 R08: 0000000000000000 R09: 0000000000000000
[  385.347480][T14007] R10: 0000000004040011 R11: 0000000000000246 R12: 0000000000000000
[  385.355442][T14007] R13: 00007f94e5816038 R14: 00007f94e5815fa0 R15: 00007ffff4e47328
[  385.363414][T14007]  </TASK>
[  385.428360][T14013] overlayfs: failed to clone upperpath