last executing test programs:

40.760991986s ago: executing program 0 (id=234):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG")
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_open_procfs(0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

39.497413885s ago: executing program 0 (id=239):
creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000200), 0x129082, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000000c0)=0x20)
write$binfmt_elf32(r3, 0x0, 0x4cd)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000100)=0x4)
write$dsp(r3, &(0x7f0000000240)="755a5398d512d39077459e67ee110daaf0413bc3deef85b89f2141d512b2c14020e625b0d98e6f09000000ac3c22dbfdebb1ab51524cf9df6f80884a8ab6c1165db5a2034aff8a1bce0b5e3928d4aa605c76fe83be50a4b0ba64896d0020fe6d7b0100000058b323da6238f784a6243e9e97f0f00fee7a3dffffffffffffffffa944c98d62397cf81a19b53f", 0x8c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x40000017)
ppoll(&(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000200)=[{&(0x7f0000000080)="580000001400192340834b00000d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c10000000010000000000", 0x58}], 0x1)

36.820109869s ago: executing program 0 (id=249):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r4, &(0x7f0000000280)="e1fe062bdab9ac728d88ec2db1e86a6eee9ee91df6ae561f41cfa2eb9f78636980f0f6b4ca78ab59e9794c758b600df5db79876070328b0acc1863a3a48fff432f479181554fc969097f02ce90392b29cca5eb2ae86db5f2f5e986463a444dea1e6f44bf66c51bcc2a96934d300c2d8976e092675ac4726a3e9fee4441ace546049f8575e275adeceaedb574a1586d89366039f77fa59de83026737259eab884a29f41733a5be7af1e18c4d58e8972483b8267a7f1", 0xb5, 0x4001, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000001380)="2e2b0812635ff32dcfd350deceeb7133524ecd9e8dce2e592df1f0fa8d47671266665509974bf2585b626b7b7871367c72631c33a2846ed7c5a5cf0c69eda6dc95c3554e277a658f40b37983ddb52f96785c83c5f862476bc5c7e05eb504b80d99fb55b309485006a7f47a7bc833c9e5729943a877be6682b3948ae0e201e3a7e2af197e4b87503db3b605fd9daaffced10565cbbffce2441053fb6d2dd747d917c28352", 0xa4, 0x4000, &(0x7f0000001440)={0x2, 0x0, @private=0xa010100}, 0x10)
fstat(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setuid(r5)
r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r7 = request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)=',$:@^@,\x00', r6)
r8 = add_key$user(&(0x7f0000000240), &(0x7f00000006c0)={'syz', 0x1}, &(0x7f0000000500)="3fd8", 0x2, r6)
r9 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000040)='9', 0x1, 0xfffffffffffffffc)
keyctl$chown(0x4, r9, 0xee00, 0xffffffffffffffff)
keyctl$setperm(0x5, r9, 0x0)
keyctl$chown(0x4, r9, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000300)={r9, r7, r8}, &(0x7f0000000340)=""/197, 0xc5, &(0x7f0000000680)={&(0x7f0000000440)={'sha256-avx\x00'}, &(0x7f0000000580)="707adafc6dc1f5848de9d72dbe8157eb7c42c3aee040a104df25956930f29c2f190f11ad989240b0037578d6d8c49edddba7587e470cde580fae8d43d326e8a542dbb7a0d29c5d21ff8f440f3ec5f9ef0ea890563e1dadb0280e40e162405a813060f4a4b9240427a56491d4499c0e70c312eab3f0fe537169677a3849e48e47f10ec56ae9c52b9cdff38498e564a9f668fd4ae53a1a40f1f503bf542c4900383c00830ba4a1a27baaac9c90807764151738687bda8d3c2c8843a0063d48bd7c3b4b5391ac369d89c4675621cf354d0e11c2edcba3c18de1a654f4f056ba94", 0xdf})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)

8.782348419s ago: executing program 1 (id=318):
pipe2(&(0x7f0000000300), 0x0)
syz_emit_ethernet(0x36, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_pidfd_open(0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fanotify_init(0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x7, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffb0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x271, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x2f}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d, 0x0, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x8, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x38}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000b00)={{0x12, 0x1, 0x0, 0xa5, 0xaf, 0x5f, 0x20, 0xe8d, 0x23, 0x3aab, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x56, 0x0, 0x0, 0xa}}]}}]}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000080000000148a3045e2d59b2f835be5ea0e158eca154cbab5354fbf743f5fc122403262404ab03d579ff00ae8803b1d4b880ed1f02b5aa5b0c2883f9126da4a26a5f382ff54dd48e667192affe59dc40ee4fc3ec1030a0850e9281e119ab2de5ada1393ab9069", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001100028005000100030000000500150000000000"], 0x44}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000080))
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_io_uring_setup(0x1fbf, &(0x7f0000000040)={0x0, 0x0, 0x140}, &(0x7f00000000c0), &(0x7f0000000100))

8.387737229s ago: executing program 4 (id=319):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x2200050, &(0x7f00000000c0)=ANY=[], 0xee, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=")
r0 = socket$unix(0x1, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
dup3(r1, r0, 0x0)
r5 = open$dir(&(0x7f0000000140)='.\x00', 0x0, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x18)
renameat2(r5, &(0x7f0000000000)='./file1\x00', r6, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}]})

7.22481001s ago: executing program 4 (id=320):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffff)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x5)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)

7.068916367s ago: executing program 2 (id=321):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
socket$tipc(0x1e, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4)
listen(0xffffffffffffffff, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
poll(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)

6.759926531s ago: executing program 2 (id=323):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x40, 0xb, 0x98, {0x98, 0x0, "3af10391f6f64d17989e8e77365dd9e3c699519c102ea670235159903a1433175198e2287a75a7286192d04d6826dcc308414de3c59f29eca893370da51e7e65186f550275303923df2dda85c60b8f9d7294fea2887b61d229f853fe3ec9e5c845fb8bf83d86f16c67661aa36afd947fc98979664a3ef7338ae97a43574b23adcff2ca0e22c10dd08dc3739420e6e996cca9d5e3d837"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x422}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000f12000000050f1200020a10030204009509910003100b8d0a88f35b51c31c94a3818a007bb20372ab711aefe86ab0bf16f2d1690a505e0e0b4ba0966f50756b679ce7e725acda21263f19533990e24e2ec8992bf105b48b7199423006f56f676c47b5d67514d907c3aaa97482a9ac5634797658dd7f8530a8ec00ccbf5217881ab2d2262da8988d3ae3e68a76de894d0e9fa5f4388427c8c9f6d111a609520e2df120430c757450c7ef06063d1bde5c89d0883d5b18f9b9642691816045f744d0c4b6fac13749bafc593d57d22d1b49cdf06a"], &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfb, 0x18, 0x0, 0x3c, "ca915279", "a9622aa7"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x0, 0x0, 0x8, 0xc0, 0x6, 0x1800}}}, &(0x7f0000000780)={0x84, &(0x7f0000000280)={0x40, 0x11, 0xf0, "678b54649b4d66e7901397ff69dc7d57b8ae72c82f3e135b48e2a2628f9da42adbb0ee4263ee19e55aded1e45fe187701d7a228b130b0085295304f5979a852be596bd715bbdc24be536c99ec3662915f3430401f69d8eda76abe3db80d02727e39963233f049e030d448ad9dea5d8c81482fd5370bf01833d2fb06380bc9c033f5a387563032c6fa85bddaa43417671518c62d77f7b2eab6e8d4eb0315c518648a9b77f9865a5aeac8a8533099cb4414e4f42b05ca1fb9b3101ebf1d6026d750507bc25444e32743228445a549a37929c1838a3e0f0f932f8ab3399a40cd46ea676fc635beadf49afb1642a6f128827"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x49c412e0632bd5c4}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x140, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x5}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, 'p,'}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, 0x0, &(0x7f0000000600)={0x40, 0x19, 0x2, "2a10"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x2}})
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="81feffecff000000"], 0x0, 0x0}, 0x0)

6.383240568s ago: executing program 3 (id=324):
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

6.149917739s ago: executing program 4 (id=325):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04228e03c80000001900000000087153747f969e99df4ce46e32770322ecb729d355601ae95054505636932cc0e259ba2b5419ab8c9f86e4"], 0x14)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r2, 0x4, 0x0)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000140)={@map=0x1, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
getdents(r2, 0x0, 0x48)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79})
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
listen(r4, 0x80080400)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x160, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x160, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
connect$inet(0xffffffffffffffff, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
r6 = socket(0x1, 0x2, 0x0)
syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000000)=""/135, 0x87}], 0x300)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}})
syz_emit_vhci(0x0, 0xffffffffffffffc7)

5.978743463s ago: executing program 1 (id=326):
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000300), 0x4)
write$binfmt_elf64(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x100000530)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)

5.896048295s ago: executing program 3 (id=327):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG")
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_open_procfs(0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.170648367s ago: executing program 4 (id=328):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$kcm(0x10, 0x2, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
syz_emit_vhci(0x0, 0x5a)
bind$netlink(r2, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = dup(r1)
getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
syz_usb_connect$uac1(0x5, 0xf7, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe5, 0x3, 0x1, 0xd, 0xa0, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x4}, [@mixer_unit={0x9, 0x24, 0x4, 0x2, 0xdc, "7118ce1a"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x203, 0x5, 0x8d, 0x6, 0x80, 0x9}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0xfe, 0x4, 0x49, 0x95, 0x5, 0x3}, @feature_unit={0x11, 0x24, 0x6, 0x1, 0x3, 0x5, [0x3, 0x6, 0x6, 0x2, 0x5], 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x6, 0x3, 0x9, 0x5, "3511c396221085c831"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xb924, 0x9, 0x1, "9f4c3277"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xf691, 0xd50, 0x6}, @as_header={0x7, 0x24, 0x1, 0x6, 0x14}]}, {{0x9, 0x5, 0x1, 0x9, 0x800, 0x4, 0x2, 0x3, {0x7, 0x25, 0x1, 0x2, 0x5, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x7}, @as_header={0x7, 0x24, 0x1, 0x5, 0xf2, 0x5}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x1, 0x10, 0x7, "80", "8b"}, @as_header={0x7, 0x24, 0x1, 0x7, 0x33, 0x2}, @as_header={0x7, 0x24, 0x1, 0xe4, 0xc7, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x49, 0x7, 0x4, {0x7, 0x25, 0x1, 0x0, 0x5, 0x4}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x2, 0x0, 0x7, 0x40, 0x4}, 0x46, &(0x7f0000000240)={0x5, 0xf, 0x46, 0x5, [@ssp_cap={0x1c, 0x10, 0xa, 0x20, 0x4, 0xa, 0x0, 0xa9, [0x3fcf, 0xffc017, 0xff3fcf, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "8819c7ac774913570bcd00cdfa173cae"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x2, 0x3, 0xbc2d}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x2, 0x2}, @ptm_cap={0x3}]}, 0x3, [{0x68, &(0x7f0000000440)=ANY=[@ANYBLOB="680343f171bb752d4410e936e13cde6ddf5679bd404328ea815224326565a3cdfee2dec3d497f5620e6d64cfc442cbb2ee4101c07c6c9056a7201ce4b01f43b69938c984cc664eb87afb74881a207c8cdf1bd5ea373e5210a97f51eb786616ff8b37f1078dbfdcfa"]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x444}}, {0xa, &(0x7f0000000500)=@string={0xa, 0x3, "7fc448d21d0a7bc4"}}]})

4.990107498s ago: executing program 1 (id=329):
r0 = socket$inet(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth0_to_team\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}}, 0x0)

4.906518456s ago: executing program 3 (id=330):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x2200050, &(0x7f00000000c0)=ANY=[], 0xee, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=")
r0 = socket$unix(0x1, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
dup3(r1, r0, 0x0)
r5 = open$dir(&(0x7f0000000140)='.\x00', 0x0, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x18)
renameat2(r5, &(0x7f0000000000)='./file1\x00', r6, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000002240)='./file0\x00', 0x0, 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}]})

4.256399625s ago: executing program 1 (id=331):
syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="000037ab7d818c7880beaf956770407d7a05c1bb0aa6aebef6bd46f82853825b67c84a908adca22e7266dfd4f239a3abbb98f982f6e8d45852b4cc9d5fdab730a45584d799dfdd019bf9611c91a31edc45c2f064bf78d886991b3c7941edf04673356b94520592b962a1dab9fa4c3c9d49d87496c1ce44b6dec02025820fb3ed45c925fe051befbf13f0e7026dc95bd3fc0a8e63f7da4659261c70f15ede8a630c105f515b104972c655bab6adc2b7b2d07967b2d2250748d0c4ead793be8df6000000000000000000000000155c8ff98b9b99aec7ca377070cae0adee5c07ae8ceb858c2a9d2e6976b510e64a19254bf2686cde54aeca904df99159ba522010aba8c420a9a1acf0176b46b1802f5b28cfab8c9004777dde3fcb98de01819c0dc84e"], 0x22)
syz_emit_vhci(&(0x7f0000000800)=ANY=[], 0x22)
syz_emit_vhci(&(0x7f00000004c0)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0604ea00000000000054679202"], 0xd)
syz_emit_vhci(0x0, 0x14)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="03c90058cd294fbcedc17ccfa4025a1e5777b4814b0663f4852deb97559d7624bd505e611ef8a55937ffffffffffffff7f293408287051702a79e7442da8de9e11bf6e9357e6edea2d50e82f055f6f923cd4e59e223193d487cfa619"], 0x5c)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b)
openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x4)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000340)=""/121, 0x79})
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="030f0404000000000000001620"], 0x7)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x1608d87, 0x4, 0x10001, 0x4, 0x8000, 0x0, 0x5, 0x7, 0x7b7, 0x0, 0x414, 0x4, 0x10001, 0xfffffffffffff924, 0xffffffff7fffffff], 0x10000, 0x286381})
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000400), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r0, 0x80984120, &(0x7f0000000080))
mlock(&(0x7f0000001000/0x1000)=nil, 0x1000)
mlock2(&(0x7f0000ab9000/0x1000)=nil, 0x1000, 0x1)
syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYRESDEC=r0], 0xb)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
msync(&(0x7f0000377000/0x4000)=nil, 0x4000, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="044206000000000000"], 0x9)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10)
bind$llc(r1, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="040504a5c80068"], 0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))

3.949482321s ago: executing program 2 (id=332):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
socket$tipc(0x1e, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4)
listen(0xffffffffffffffff, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
poll(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)

3.842393512s ago: executing program 3 (id=333):
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x800000, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, 0x0, 0x0, 0x0)
r3 = socket(0xf, 0x3, 0x0)
write(r3, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
recvmmsg(r3, &(0x7f0000000200), 0x0, 0x0, &(0x7f00000001c0)={0x77359400})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x20440)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x1274, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/rpc\x00')
renameat2(r0, &(0x7f0000000100)='./file0\x00', r5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0)
pread64(r6, &(0x7f0000000280)=""/169, 0xa9, 0x25)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
unshare(0x20000480)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001680)=@mangle={'mangle\x00', 0x44, 0x6, 0xc28, 0x98, 0x98, 0x0, 0x228, 0x98, 0xb90, 0xb90, 0xb90, 0xb90, 0xb90, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xac8}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0xe}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'veth0\x00', 'bond0\x00'}, 0x0, 0x878, 0x8a0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@u32={{0x7e0}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xc88)

3.74732812s ago: executing program 2 (id=334):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007300)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003180), 0x0, 0x0, 0x50}}], 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.567865983s ago: executing program 3 (id=335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r5}, 0x10)
bpf$ITER_CREATE(0x22, &(0x7f0000000040)={r6}, 0x8)
bpf$LINK_DETACH(0xf, &(0x7f0000000080)=r6, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.510419202s ago: executing program 3 (id=336):
pipe2(&(0x7f0000000300), 0x0)
syz_emit_ethernet(0x36, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_pidfd_open(0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fanotify_init(0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x7, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffb0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x271, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x2f}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d, 0x0, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x8, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x38}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000b00)={{0x12, 0x1, 0x0, 0xa5, 0xaf, 0x5f, 0x20, 0xe8d, 0x23, 0x3aab, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x56, 0x0, 0x0, 0xa}}]}}]}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000080000000148a3045e2d59b2f835be5ea0e158eca154cbab5354fbf743f5fc122403262404ab03d579ff00ae8803b1d4b880ed1f02b5aa5b0c2883f9126da4a26a5f382ff54dd48e667192affe59dc40ee4fc3ec1030a0850e9281e119ab2de5ada1393ab9069", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001100028005000100030000000500150000000000"], 0x44}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000080))
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_io_uring_setup(0x1fbf, &(0x7f0000000040)={0x0, 0x0, 0x140}, &(0x7f00000000c0), &(0x7f0000000100))

2.209942465s ago: executing program 2 (id=337):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04228e03c80000001900000000087153747f969e99df4ce46e32770322ecb729d355601ae95054505636932cc0e259ba2b5419ab8c9f86e4"], 0x14)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r2, 0x4, 0x0)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000140)={@map=0x1, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
getdents(r2, 0x0, 0x48)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79})
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
listen(r4, 0x80080400)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x160, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x160, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
connect$inet(0xffffffffffffffff, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
r6 = socket(0x1, 0x2, 0x0)
syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000000)=""/135, 0x87}], 0x300)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}})
syz_emit_vhci(0x0, 0xffffffffffffffc7)

1.877926203s ago: executing program 4 (id=338):
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000300), 0x4)
write$binfmt_elf64(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x100000530)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)

1.741279475s ago: executing program 1 (id=339):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG")
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_open_procfs(0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.518588965s ago: executing program 0 (id=274):
syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4)
r1 = memfd_create(0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x10001)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r0, &(0x7f0000000340)='\b', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25)

1.197497361s ago: executing program 2 (id=340):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={<r1=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
pselect6(0x40, &(0x7f0000000380)={0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r0, 0x5437, 0x0)

464.54749ms ago: executing program 1 (id=341):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x40, 0xb, 0x98, {0x98, 0x0, "3af10391f6f64d17989e8e77365dd9e3c699519c102ea670235159903a1433175198e2287a75a7286192d04d6826dcc308414de3c59f29eca893370da51e7e65186f550275303923df2dda85c60b8f9d7294fea2887b61d229f853fe3ec9e5c845fb8bf83d86f16c67661aa36afd947fc98979664a3ef7338ae97a43574b23adcff2ca0e22c10dd08dc3739420e6e996cca9d5e3d837"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x422}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000f12000000050f1200020a10030204009509910003100b8d0a88f35b51c31c94a3818a007bb20372ab711aefe86ab0bf16f2d1690a505e0e0b4ba0966f50756b679ce7e725acda21263f19533990e24e2ec8992bf105b48b7199423006f56f676c47b5d67514d907c3aaa97482a9ac5634797658dd7f8530a8ec00ccbf5217881ab2d2262da8988d3ae3e68a76de894d0e9fa5f4388427c8c9f6d111a609520e2df120430c757450c7ef06063d1bde5c89d0883d5b18f9b9642691816045f744d0c4b6fac13749bafc593d57d22d1b49cdf06a"], &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfb, 0x18, 0x0, 0x3c, "ca915279", "a9622aa7"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x0, 0x0, 0x8, 0xc0, 0x6, 0x1800}}}, &(0x7f0000000780)={0x84, &(0x7f0000000280)={0x40, 0x11, 0xf0, "678b54649b4d66e7901397ff69dc7d57b8ae72c82f3e135b48e2a2628f9da42adbb0ee4263ee19e55aded1e45fe187701d7a228b130b0085295304f5979a852be596bd715bbdc24be536c99ec3662915f3430401f69d8eda76abe3db80d02727e39963233f049e030d448ad9dea5d8c81482fd5370bf01833d2fb06380bc9c033f5a387563032c6fa85bddaa43417671518c62d77f7b2eab6e8d4eb0315c518648a9b77f9865a5aeac8a8533099cb4414e4f42b05ca1fb9b3101ebf1d6026d750507bc25444e32743228445a549a37929c1838a3e0f0f932f8ab3399a40cd46ea676fc635beadf49afb1642a6f128827"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x49c412e0632bd5c4}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x140, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x5}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, 'p,'}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @multicast}, 0x0, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x2}})
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="81feffecff000000"], 0x0, 0x0}, 0x0)

463.820118ms ago: executing program 4 (id=342):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
r2 = epoll_create(0x47f)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000540))
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4})
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640), 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000060c0)="970b180393e57da0084004606e0f7eb55b4379b678ec58dd5832867fc4741e325499108ee901f5ade42a10a2a5ca59b706328aca067422dcda816a63687f6b445fdf7c8c4c158921aab593be18f8f3e3a72a3c634c089c468f2afa55a47fcb36c8ec931a3b8e995ca8f9da378136eee8d00878a33e262e3718e8829586fb5a3bdd2143ea5a880a6322892369f494dd40593794a88b4f0e69dfc3d573117dc27d511cb0b7e7d1c13dac381d4472cb9eba0637c9611565d496c7a6936582144f524085bf34af3a90ac0a0db2f79a423fa8b797909b65b72ee23068ebf92a9ae53fdeca4a47ec6838e363039c63988cf6f4f393f907cff08e13520751cfa3bfeb452f120d8a5f462b040f8537f7add203eb2b2f5784376b4e0d85c027c4e0d5817ce1db986581a147a5c7e820212907992afff07f13a43b2a2c23e6f61d7bdafdea1d396e0fa1e79afd07195dfdab53cbe75d4b96971caef941b69525b87d59fcb99bfb348a12236968f9dacbfbdc4d9b0b01df755ba3b6c320a29e5bc23bd6b20f3b27dc3d63d2d2ef11865347c5ca1504ded5d549e17e1194d717c79bc330ebfc3929d079152f51f3ab9701a3241c7df4130027ca1a6d0e6b5f2f2c3b659cbea4cef19728b45f1325e04151af66111cabddafa17b90f193c52d1c4fb646f99fd42d77a3f16c05a491a775962a2a4ee9f9f6c1a5eaa68305a88add9d6f35815f37cadae92293a0db1613662f145991ba5fd632c4a170588f8265e11b3e1a4ff2b17f3664b98d9c6f54a356f19a9b72175e7eb46ff4330812993886cd7b42ffdc3767a4ac16dd21d76417b70cfe97ad6ad0ddea7284d0e3ecf0c6c6b57833f65963f3764e297c994e0181bbf693c8fc0e57fc15b2ad776a00c19a805a906ffa80efa4116d5f5c9863a74bb340008d958db841c5f1e3b286afac717ceabcc7310e75e45b61215f6ba0bb496bd5e094b6139326758c1d81b176e11da5eda522f05346e1a71a6358b4c9b7653a66ae7153858fac4695d64fe2962b0d62d6d8aac14cf9cd2199fb039b54b64f5085434b2339f90bc11f2e407a6e84557de9a7a7edcc3b15a7798cbc68c1b1e1a822103bd43b656e933bfe886736a2bda6ccb228a8e4fae5956673db0105999017d8b68159f7a9480fd2ca70bb7e9fbc8f4f1c3581b1f528c8fb5b5d6beb769dd5e9650739f3cfcb61ab7b066c342a6c6886b0bd83f399e3eb74d2cafce7fc76febe624a37e185924afa8695caa7d3c1a97fd6684979ef33957a334fbf10c7a9bba18397082580df2425129a87c4868d41d1bcda8a7faaf1afd492cb4c83b7c5ce7a950f92186cc07bf27dcf58ac56506f2453399070ae8e5b009e40eb1970bbe8a1c9f3befb54255602bd191bd46c56c0fda2842462c0b68884f9a922d2a8b161aa9ca2c0c52bcfa26b7b7a152f2ccd16ec4974361f7322dc3b345e926e1a1b56200dc425e2e03c3d7194f9cbd321e10de387adf9790a5706bcf05d9b8c16e40e5633c44553c2aa8611f7656fc732b5dfce1eaf212d2521eb013fcf154d251553ba7a6a1f7ba8b7ceb3a1df621376543a451fe76671beaab4833f1be28247919c7cdf4177e2c9cca78ce52b5a7e4dde913dd8b13ce861bbf7048822041f4b29b3441b4880a8f7a4a289ad3c6258494e7736e48373408d248c3b033372ebdb3d9a406869445b5d956434a576b83d4a7e7b47ae8c69f50be20ea56f171e592e114602ed4f47e86dc34008770940adb4f0167811c474ada06693b55f567cc3201f97c08a3711dca486a86c367f59ce44259c1d71cdb135aa8630c4cae61ad07998a2f781ff87c946e8aef9bde6d4738bc009fc43fd176bc38756a0ca48c382395b48bc55da32892551ecdd0bd3f4c69a79bbe600f4103f21e443821492b92516833b231942e91a39e7401a42ba3e99a3a2fefa6167365b9050305b6f09a013f41e764a80f422cce051e5b30ba6528540ee5d4ea5872572c85f321b68e730f40f64b648be31a9e530718ec17443a1a4dcdb79cf799cfa75d0bfa0fde71828d8f51e38dc3d1d77430ceed007426f689d5843c34afdec5dde3e480a36ffa25db4b3483cde91e56eee8756dd953a3abff11bd7901d6b37c8371b023d7457361908576f92990f19e9f48dc58ca550e61a035161f1539b14b7bcce535b3a3783021094129f312c03e51df62579ae9423927021e8bcf530116f3658a1e94d39a800452f7461d2f001f86b911a8a14b9e61c2fd8f959ea40793df240aed5e5862ea59d78fb235788c1ba3c0ec44fbefc29c2e6f22d70849750625c3c15227579d42858b5fac30bbe86491697cec1c4543addc1f50202fdf77a6d2d23e70ed611a63368694e459012ebdbe71c4f702980d7ae63aaee33d5f8df5fce071c73cd918991c6ba2f95f33a9917a22c9e7342dd492c9e2c2f6457c3a48f35edc1720f2224f2af2ef4c0a38b75ce27aae5d5ef615920ab9245851590cdcdcfaa7e5a66b73f5a0a1bcf1bab66ecdfc0dcbd8cebb1b98f6256cea6761c835a761819018fd9c3d2f541eba25abde06f1551328800b1efc04d8e10594dbe95f9f10005cae8c5b27cc18268ebaa4578f9dcfa99aa61567a55b43545ec729764af99d224cfea6a36a93d4f70bae3225256e179e81a0c64dffce9c2141994253af664c33f881aa417fa3b7e9424f1841f1aa845ea0fe05c4e47b318bef60709d6f20c9eee6e8c0c18bd161d3dbe57d82903937e10c41aa9066dcee124354584232afdcb60d185bc39fcc5e7e5124d17e2f998b64836b587cf233469b92af65a70f4a8f35df9e24c7d5d21bda27ae44ce6706f86d3747db675aa329e8b43652bb1e89687dd003dd7924d300f498d444639b3fd413840cfa958e436e5959e95486161af807cbb7304d99284818eabe39493c66664e92143ff41602a3805369f461abeae5e5b6987a20fa47495cbeeeb322c848147dd9a052384a49898138557e10eb015df370d01977083ad24c7defc8c80583d5f5eca20d0853afb9f41c356f8da0e2435d423528f67f091fc614645980a57ed893ded1c3d37881b243b8a5503f45672492f3849895c9377277a91e7090241832629032872294896107628ffd1151c444153f54b484fa3e5ca057cbe073e6039c11b1eceaf7e20eef2576aa99e7a3f36aed9beb089af28d82e2dc5e97da4878b76b5224e1d293f5223c09f715fba13945695a98624eade1381e31c5651069805e6f707811586f5f81e431e8624a608ba1ab405d2593b1f9f667b89d82e60048e4ef3be98bd3078beb4e5e66e8823c8b427d6f84468f1f18f1ff8a8c11515426993334bcbe0c3ba37b91be07eb800fb2e00a24351457d8fc067b4bfec43c0ce8cd26b23bfbb27d3da7bca3efb7fe6f7715760eda4e3a27a7be7419b803667ef6057bdd5d44250b47fa156af04db91fc57f25425b3cfbaf90a840fe5cfcefcd1500cf4908ec4df10c8bc14ec284bb99b13a8f6136e5e1c669806cb5a4a5227f7952c5b605a2b443866fae399a1f8fea323784935c3e5a9ba9e831749efc9b8228421bdb91afed16341962535cebf6fb02679e5412f67db405c90e218789b634d92a41aaf528c92b8bf38b629a1797c036465b77dc3bb124bdddd309136681d3fbe0251698da27c6f89589171e4492209f7eb48d50a161a5135602fca3355f8934f879c54afb91224901b635ed372fdacc9469471225d2ef3c980466027b86cfe3d664071edaa29b47455064a074da56f4e098ddf27984dac546826aed38e464d5c5a79a3ece544cdb3801de0e29bf5164dbcc14578e3e6c44a4a9041e2315f1243358c5949377352911e0a67c6de7e11b0881af528fe478c34909a1178a8a4f7fb727317e4f3981706d9c9215224604c2d6a4faeefc21bd635c8412931ac4feb2c60666672fb6dc5deda0d6c4ce31f2b6cb45907427691488abb280c3fd001f3d7507c0db358af7151d3b8e2e98eb8a78ee69966f7a1307882c5b57530e0dab5c57f84852c42db013e3448da2fb0a754ed97c001f33cca549eb71d7aef88d1ae7fac0d96f334556d75f600a029ed698ce9e4302279999726a57337b9afda0b0292c14d1687a85326120d9fcd84cdc02718f26c12ca28cac81af0dede79685233be41c7269c57100c603a4f9536f757fa753353bd0cded7d4edab29dff6f7dd5faa81078c263c9d1d7e662a0ffae22d8d12e679de9ec6c634ba46ddf6aa86ac0be41cabd9b14fd12107ffce96915fa0154f5b6017fa866d14ff47754a58ba14c1a3eb3f23f040779a788b774604c3a8a7dd818619352cf47849eebfdd3b49b56f376044e7cb218759059fa85057f96c159ccd63ea6cd0bf47781c2d023411854dd3ea46f4913cda9672655e566d2e83fe2e0eb5476bd6fd7a84557e37a4e8d32c75ab51dbffc59f0cebc3edeb395f38f82765ed3cfdce75b2fd570e783c8c3afb31049383af0b51575e5c9dd9332bde6f684a3e11d199f43004439ed535a20c7f2a695cf9b547985421ac62c2289c71491f0617d23cb7a9466c8f0482eb2e8aa782118702761e0267ef500afc52f4a3a7a53ef22aea542f679dc5c751c766e06af453576689c87b3b89c091e5444ff6fb1472fbd271fffb268a2eada125d7acfc70c8ff4cfd3f5421941c2857e54ed0617d6430b806d605c2e508cd5a7764d6ecdc69dbd050a97f8696535585bbb95b66f751566ce612aebce9a0b021f9fbf067870fe447dd05e8c521413e7f27955db3b8239836b6ad120f5fb48e9003bd19b05f94752743d89bdc5492c2ca1bc3133fe0ceb29451900e2ac713cf2cbc3a531048a473a195ad40c685b539f806f434c9e2cb6a8a25df84d41c13d1ceb90de1a3efecd06a53ac9a32654d1ece86dcf6fa17ea6a4f367f9b360b3e26514bf94af1f52d9c0b0691241e3c6c302e7054bb738cb234019c0e45a7db270ab9d75df73568f25579d33e7b42743c924b1f888df85c6166228f5391962b689f0a4d9683b43ddc98982a820b5c60d9c4e3997cd2212fc3850b2bd41342ccbefc1e4ec2ad7ae285f156f4a4f383281018c73ca4f2e9d255487a9717dd39cd744a000c68c53f82a22a08bcb734b5bbb8364180991140c2e727dfce4b19e70c968c97393b56019ef84688772d488b9bd6fa9354ab64f731e6adab543851e5ca1470fd13d0334ba025b57db5d9ea13c970642726284fefddab8fdf7155f5b8e3b3b86d098c4207b428bffcc7ff76f6397b6a3efc3c0b0fb2a4343b4051271f87e384c2b659086ba668c66a15d68b87faf82a60b184f27256e36a9ada7c4422754be56dbbab50ed781f36e40ded65a30378003de5b5cd5f80a6042613c76e80851312c7ed2c07b762b85a1b6928a7b2428d2bc7a6bfdfa2ba55aed54fd3c878ec655caf1223245433b7c6fc2a2d3b0393d7ba4e12f26a53b9d5afdbab230b9148f061df2e1c0fe73c2abcd142125367fa5e598e500263d9b27e759c08b7debee4695a5b192d968108c134241f236cae0434ed71e5099cd466cfb04d5f7cef2e94683172f82a9841610cb6fe55d4bfe73920992bb76f362b9cf7919c906495d4b37a915d23168fd7ffc2f36de55a1b17fa2232df03663ffa2a4c5e76aad90fd5abc80b6dfc16ec6aa328cc7714dc2d7bb14aae9f86c999e93a59fd18fb2300539bca25e69b04943a16c985ff481a42c9d8af43eb61ef7432b8e3aa5bc391c181b7d546b94ac659bc4b501157d3adf9d4cda4e298a4e4271fa2cd08919b055eb3f168df76c1f0b0d5cf5760b56774f105e51c93cc03ce97b00768b9620a6fd5162b9d9191ac0928d2460e4e821a276680cedb3b8167bc156b48a34d4c24d4a87fd09968a725d4b6a1b54b169f1e14143e97a84cf3d8eb4ec5458dcd5ff93365396c00533c3493847f595725a4f15300183eac306d16ea136b97a9864d16330d8c5b8321a6947caeb9cdc7ff4e53c419518ce9bc11f7355651be27a2c2b9ff4127ad86b96c1b5967def371d5d6a3f365abaca55c5f19600d1d5051d320b065c2f78f2147c170b9153a0eefd7b3f1e637cac3fff14b0eeaf472e6a6a9f7553ed3267c911d4d77a4f7285b77df725b3a88fbfd221343f656d60b61808b52a8facc81b8516698f2ac50cd8769371e67278c59ab1cc890fab36206b939f23b31ab976651ca8a4e7754bb10d03d4cc6506f13d98f2bda76477a69a8794a34614a88a7ec94e1a229ad6f747724a3bfb674cc87ea0dfb610f66057671f664206672e78c00a3f4585f17fc40827d0c8af88d3437f811274f662e9ee73d550833d0c8fde449089f8b5e8a25d25096537ac960699a07ebb51271a8f8556037436307063282febae745d53f8db65f13f24cc2e525ae465c9bf79f76b82dceada3bf34529321f913dd18548ab2a26f2a065028f46f4dfb18294dff30a7e5b131a08c671787baea45545d15629ec2f435d9138e517055cd48af7120b3b79f2275baed8a4b6a0f33c30890105ae2c07a332df79f2fd6767ecc66f1ed628c968a2685813342677a2823d10263958eee79d03e393a557475701694b5ec3dec8773f37b980f5812f1cbaed6e5253da037b5f88ba2070f445d74907679460dd48e16442d345abbd37f7853ec7123ff16db46c8571987db63ed711d36c05c2dafac47ea366f9467624b6296a2b9fb7056702d4ba38b4df72e7db3244421f31aa0911af3e3a09f9e08e96aa1545c37465f990bab4ee2821b1a701aa707db1dc18d52fcede15245f54a5f1a47b0d82c33fa378625d247b08753ac5fa5444b2e3f9d1d3918b154665b02fba87e39d0e27bdf60b27930eee02c31d847d40166544ab9ef801bd79bcc8d93980354021b8c7a1b9592934a90917db115bcd92068a970680011cb074da705f1cd06a0142862a777c6a47afd38721979323e27151c114e8901d41f79358e78289af10134e22d903415e2ebd2edf34ae10eefeec219db7b13ac983583dd4b02dcc615c6f70e6cf35ea216807c4b9c81482c2b941c7d6cd6621d9480ba924a3372ca3e3ca78438b0e9bf7c8436fcc0047b3bdb8d70190076d9feea778005d5d69f1b1194c76dce628e17b6beb299146b25f3f6660263c23dbcd08f70ccb45569a81a140eff66f2190110cf0977d9df7a2c437042961606ca1a378c8f59a310ad6c9cb4ff30a2d55411eeb38d927bb4d0f60ae75d90ab78dad14097f6dd38f512af2f932e1ad6a5e201180373689981f23bd9f59e4ca29244a8ea4236527fe2249eaa299af174f25b13d72b181c2f421652ece630ee1358098c29f84506654ffad3647792852a7faf107e36ae330886ffcef6e3a1725495e430568a9cd85d385e5a15d2f77ed274be3c8edfc52c230d21785b927bb8e470f989e8c89b01af8d04fc7050fc978013fbc5dcedd2baf5e8bfa8e2e1d3f193c224375db2f71d4655d2f647e9b1739657a0ad8ef6751a88151a3413ab870e0d7ba3f0a55ce3f30d55e8eb9e47e3d82563d9180399e7895490b8561a374acf5c94a1c648fa06780c4141c58ed913fb92865d3b4883301ba69b3f2b20c1f82024bd75e62ce2972d3219bdb961ab3bbac8f1d873ddece6d85f540f82c9d79b0937973335fe05e5c6ad8fcc525620a57678d58c7c2f0f157e03073d01fe4f6de520b390794cefdc6c828b4512fb6b2000d08e38693fa22834e69180d31b3978f9da75389f919a0d49ff961997d14ae6bdffcfb179c2ead52c69dae97416eef2602843dcbe4e5ae613d429feef7ffba6a31a8be8bf2e62c6d374c807363a986519a8cf9dfc99fc6607486e10599ae415b51e23f639194885e5119036e0e535accb4f126b4c45c47a53658af1e049daa2967b01d9450625d92f8f8e9d151633646044fcc5f6ad835479d48702839456decf070c7e6143cd31033810bd7da01c4a2cfb08605b25c00336f17d3b5a3db48866ef864b8d9cea9530429d3fb1afc7ae9e7d06aea9034db89b2ec8fc2a96d8d701fc51994305077dbea527bc0fc398b6bb7d42f0c408be69b98eb173d285fd8010ba75c57f2dd982582153814ff959fccc78aa5f7901357f6129f840af6649534f9ebc7750a20502a7cbf2d2f28c6f97884f43779bbbf93c550f8e79949db0e066538456b4e966761656eb7bebd5afe9b9fc241711b874682b226e9c6baecc1e909858e01b32472f6f8d483c073d3b576a4b03534dc4b620e21e6feb4bb2ddb37e3f0d4ff92c0af19e6087034c72c5928707748bc10ea22788bd938a0e6512cae4733fc1a2e47f3d4961932fe564684872922b44db143bea77580b0704675290e0839cb5ee529ada8b4c0bb14f05c5c396e29376f1ea80dea2852a88ddf8929fd402571fb242ead60d2be61f1662e1a833969e18e23e0b808900e7ed4be9d6944942da7d384739da1055cddc94937e1ea4cd305bf161c407b471df0ce3fb3413c5bd511d3c65e70edeb5397b0a8701538be7d2f1765688cbb0379744281231e60f5edcbfa6abd177405c455f77e30b95011ae4fda2a3c6d3f9a29bfe7656f6afba48358d57b4e1a84ebca241b7a427c6f806d1f771b540912f05a6df0d5223f85639fd7c163799e28abd08e4013aa43ddbc11ccc9d53131ec5c75f7682481968ad13ef34ba23d4759b51c4cac5a7ca2c73b3103c5b9e4b8686b872edcaca791d669589655e239920fc088eeced3a131ddff2eee9fab3cced40163eebfb29a85b3e97bbd97d17c3b06d3123409f115cf3e3d1c74dcc359664ab942e6ab36c41b1af4015ff5baf700eb99abd658e6833039051a235a2f84b70cb8d90271a481ce40e2a18bef8dcf7f54952b090bbaaaad391cb6cfa218a1e823ca7b16311e35e0350dd8016f67ed34771d7f3a607c1c9ed63524ea0c865148b05f1d017e475641b5076df632b7c261ef54c23eaf7cf52c22864a8ae8f8c3442d147fd52a801f87665b47e229a77b8e85c21d7996c7de9ac4899b098380f74eff119369c81b21b0b916017d0b604ca2a74b1424a4c3132d265d12a01ec2e8cff9809ed2f7891c55bc5cb932c6ea3cdba14cef47a2a0521e36869e9d62914447c3e6cf3da9ecaed915dec41e81605a46a4ec71a8b5ec0bc2f62b3237de7203e4b6d01bc32a5b2dc416623936a324b73e0c63ec414ce1bb4b344db85f014979ae866c4a2c2cce0f814862c0691883dd2d7bcd63fdf2ddf0cb2c6a1a10aa878ba997b74db8e894e4a7ed5e8ea1e3c0b602bae23c6c8c5f38b919aeef5625501fe5d4759c43e90de56122f3ecf87e8023f25e0d3ce64ab629409e881d2d1c5f083da90d45907e62ce3177f7982e514779a13f70bc207d9aa55835e37a5f4782242681ff46600ac9e63f90a245957440987b54b3678ae808c481d25755dba747cd7c3cc0fafb9a142e1ec1a9a5f81b5cdd6dbbc3a4ba5d49f58be6196c305e2af35fdbfbbae02cc4efe771d65e6000ec3f6cf394650f5144308c95279b9df3b29236a32ad3e9cd377296a4252e7dda1bb95d99c32cb81d970de4ff47760ee087dd2fa98392c8ede48391b49cd40e314adb896f0f5b08ffcdffdd70775160144552b13edfac23a09d53a4a4a827a1f216b2827cb9fb47a9fe6412d509d35b754d3700cc0dc8d7a3406a53bd1b0ee5112c50fb8f805be52a6c4e1e664d174727f33720bb371fbe9adc747a234013fcaadbce5cd2d416414b1900074e3ec73a36f32f9d7baa96ed4ea37aea560df4d9c724c69b440139a6dc1758bc74b59c521bc59958da71c4e5c23e4a8999305d989369a9bcd10f0faa789f4040950c349ef0ee910a822ba8df4a6cc16bd72dfb85d7c9a97911e96541a7fb6fb4711cdfe1e1083b2e8e870e2d2a7304f99296a496fe30553971b75f78ace054a8e3c6d54d40b2dbb2ee38a6244139fcba31b88a3ce91d637e7c88db35794002ca28533a46af85929f603e4cf4f5aea715ac4495d2c07e8bf79da078521fac5059dfe6dff61405fb6962987d15a2c7b27a851e3076803c7b4374a85f05b96e9bae91656a003e9acad767c9ac88b339fd868136b63fcb0520a2ee2f25128c8b97a0d43d60be7436756614108cfee63fb0fd65cce0bb0afcf5ea7fa817134c876c949945642a29d71aab10d05522b4b1788bb051ae1ad23fc7e75607580f9bfb7ed901a66d69e79ba742ba169f7e0d36d0c8482d3a85d66a9fc08b3e4c1669ffb4f74f418d4317fbf03b785859601b9e3af056b6a2543289738fe1e601e635ff04d750f8724bdebbbc920a7ca2f99cdaff265299bef09a2e20878682f2f37e46b5d2d3ade8d857ec6d3f7a2779080a5927749086b33b22def28633d53dae49362b4c4d47d2899562a52f22618a45998233048f0e54ba01dd53953c9f508abcb0acb1c1fb1d110e5d6c14d707713cea4cf0403b7573ab5b0a1439e6b2d29c46a3077e0dd296ca751db66f829a42c5afe0304c48fbef52c526c8f2100f6826fd4a5295f7492855f841fdb1f8487fba63b6db19af983a75468ad29a2b6cc58f9ef2dfeec8d798d60e1950731e65c5e2ec1065a22915a30845a5f87a26c067ea870d4e1ef71f67617906080b7b122b8ac9e4da1b05442b5477ee97343cb20f2587744abfa5f318ce29cbd24df1a6dbd42470789e17ae8115a588788d910a171b88dd1b94228728bfef3b28b2b32f523d603fa28d00cf23b0a201658f28ef7920f36a0da8917068a4435e0d710d320258114e2fcde2e1dec0c9faac26d671ea3735ee2b26cb644ba56ced9031cdd2b391c4b96aee7a4c38063e61dbd8ada24cea7ced0728a365bc2320eda9746823b7d83afdc8b3b293b56739011554000aec6272004a002328f20368c0902b8a8d251afebfb4d7b427cfa8927385626a474e3918ff557c8f19a8691011523a63c7e578b98c8951157f0763db3ebc4ea24388527e83b149ef89d4173ebb1c0c9aa3cf4e1a47faa3ebe7ca625e7ef077b38235781236797360696e552b9289a80491d4c3e70ff00b01540deb0de1b3385549b667cfa3598a34751868a14ccb22a420781452699563b16d0d0f1a7f0ba3f0ff45cc2d2536f1de9e024bbc923cede7725f84bf3e6a645f43c4ab3db6ddff671f283857262570b6652dbd8c869ca6a3896b870235047db08a54e5c39d7516c4b0d621d87a9c3e8c53249ff2ab9145f026ba4743a46197af56a0df022363ed59a5c2011e664a05fb952d5ad9ee2037c59a4075e4b504d91e87d303e0bc55cccaeb17e1cbab6176d2d148ce05fe986c79eb843886194f80e202c4f373244b38fd46643c1bc0fa8723ac498c71919e4ed8e5092832aec00a35ceeca94df7bd2c0c02dabc886cedf1fd044db2b45c30f8c0334c992eed40290baaeeb4d00e2cb504ca1173b6b6eec8d2aa3a1bf46e64c1ae1b3ca2882545729fe78d5e1e99c6f1f31c0b0f2190889c7318ce7605128a86c62c8a1fa107304c4609e28a2a43c6799ff6a7d70909ee10676801ee670004cf9632e34cb8cfb43d2f477ad335f5142da0baa4f4542dc93704e93a3420ec50284626fe36618b079d0db013d691583aba257947bdb1514d0318180ae43d0f94712f5c0de35f3e342ce7da65f755761506b9bfd186641fdbd03d5a2d4fe170fe23af8", 0x2000, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000610000005400000000000000950000c1810000000000b4a8b154120610000000c79077fa15ba36eca61299de67cf77c9062430bc068829afff36b31fa7e35ce95d04"], &(0x7f0000000280)='syzkaller\x00', 0x1}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe40, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd00000000000000008100f5df86dd", 0x0, 0x15d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
preadv(r7, &(0x7f00000002c0)=[{&(0x7f0000000580)=""/4078, 0xfffffffffffffccc}, {&(0x7f00000000c0)=""/46}], 0x10000000000000aa, 0xc6, 0x3)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="290200000000000000000300000008000400000000005db792c29c3c6ae2fbde8919ab6d7504be4877881440f6b64849046921312c789a07b87852463a219d2a9c3f"], 0x1c}}, 0x0)
syz_usb_connect(0x5, 0xe4, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d200010000400009046a00067af4190009050f102000050801060c8b631b7507250102020700090501", @ANYRES32], 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))

237.801258ms ago: executing program 0 (id=343):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
socket$tipc(0x1e, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4)
listen(0xffffffffffffffff, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
poll(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)

0s ago: executing program 0 (id=344):
r0 = open(&(0x7f0000000100)='./bus\x00', 0x400145042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r1, 0x81fd)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x1670e68)
write$tun(r0, &(0x7f0000000340)={@void, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @remote, @rand_addr, @link_local, @local}}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x145842, 0x0)
fallocate(r3, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

-0000-000000000000.
[  130.603926][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  130.634096][ T5751] loop2: detected capacity change from 0 to 512
[  130.641351][ T5751] EXT4-fs: Ignoring removed bh option
[  130.650307][ T5727] loop0: detected capacity change from 0 to 32768
[  130.667842][ T5727] XFS: ikeep mount option is deprecated.
[  130.673857][ T5727] XFS: ikeep mount option is deprecated.
[  130.690815][ T5751] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  130.754959][ T5727] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  130.812899][    T9] usb 5-1: Using ep0 maxpacket: 32
[  130.837981][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.858294][ T5751] EXT4-fs (loop2): 1 truncate cleaned up
[  130.864416][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.881245][ T5751] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.911394][    T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  130.923316][    T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  130.933655][    T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  130.943887][    T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  130.963468][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  130.972289][ T5751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.989539][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.001151][    T9] usb 5-1: Product: syz
[  131.007113][    T9] usb 5-1: Manufacturer: syz
[  131.011965][    T9] usb 5-1: SerialNumber: syz
[  131.115799][ T5727] XFS (loop0): Ending clean mount
[  131.199428][ T5097] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  131.371885][ T5751] overlayfs: missing 'lowerdir'
[  131.423081][ T5145] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  131.574502][ T5767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.609903][ T5767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.724365][ T5145] usb 4-1: config 0 has an invalid interface number: 106 but max is 0
[  131.759784][ T5145] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.782962][ T5145] usb 4-1: config 0 has no interface number 0
[  131.789501][ T5145] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11
[  131.817593][ T5145] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024
[  131.837943][ T5145] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  131.880166][ T5145] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  131.895397][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.946102][ T5144] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  131.947185][ T5145] usb 4-1: config 0 descriptor??
[  131.979909][ T5758] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  132.080477][ T5145] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  132.219406][ T5144] usb 3-1: Using ep0 maxpacket: 32
[  132.269693][ T5144] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.290621][ T5770] loop0: detected capacity change from 0 to 4096
[  132.299661][ T5144] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.325934][ T5770] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  132.365947][ T5144] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  132.422737][ T5144] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  132.449281][ T5144] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  132.521015][ T5144] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  132.542094][ T5145] usb 4-1: USB disconnect, device number 7
[  132.548102][ T1051] usb 4-1: Failed to submit usb control message: -71
[  132.548200][ T1051] usb 4-1: unable to send the bmi data to the device: -71
[  132.548220][ T1051] usb 4-1: unable to get target info from device
[  132.548235][ T1051] usb 4-1: could not get target info (-71)
[  132.585779][ T1051] usb 4-1: could not probe fw (-71)
[  132.606010][ T5144] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  132.621213][ T5144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.640430][ T5144] usb 3-1: Product: syz
[  132.645094][ T5144] usb 3-1: Manufacturer: syz
[  132.649713][ T5144] usb 3-1: SerialNumber: syz
[  132.665258][ T1040] team0 (unregistering): Port device team_slave_1 removed
[  132.679108][ T5770] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  132.861025][ T1040] team0 (unregistering): Port device team_slave_0 removed
[  133.103965][ T5775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.139873][ T5775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.373974][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  133.381782][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  134.312885][    C1] DEBUG: holding rtnl_mutex for 508 jiffies.
[  134.319611][    C1] task:kworker/u8:6    state:R  running task     stack:22672 pid:1040  tgid:1040  ppid:2      flags:0x00004000
[  134.331763][    C1] Workqueue: netns cleanup_net
[  134.336911][    C1] Call Trace:
[  134.340346][    C1]  <TASK>
[  134.344306][    C1]  __schedule+0x1800/0x4a60
[  134.350339][    C1]  ? __pfx___schedule+0x10/0x10
[  134.355777][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  134.362161][    C1]  ? preempt_schedule+0xe1/0xf0
[  134.367251][    C1]  preempt_schedule_common+0x84/0xd0
[  134.372934][    C1]  preempt_schedule+0xe1/0xf0
[  134.377705][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  134.383165][    C1]  preempt_schedule_thunk+0x1a/0x30
[  134.388428][    C1]  _raw_spin_unlock_irqrestore+0x130/0x140
[  134.394420][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.400964][    C1]  debug_object_activate+0x3e4/0x510
[  134.406467][    C1]  ? __pfx_debug_object_activate+0x10/0x10
[  134.412375][    C1]  ? __pfx_kernfs_free_rcu+0x10/0x10
[  134.417786][    C1]  call_rcu+0x97/0xa70
[  134.422442][    C1]  ? kernfs_put+0x1c6/0x370
[  134.427126][    C1]  ? __pfx_lock_release+0x10/0x10
[  134.432274][    C1]  ? __pfx_call_rcu+0x10/0x10
[  134.437058][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  134.442328][    C1]  kernfs_put+0x1dc/0x370
[  134.446742][    C1]  kernfs_remove_by_name_ns+0xe4/0x160
[  134.452249][    C1]  sysfs_remove_group+0xfe/0x2c0
[  134.457475][    C1]  sysfs_remove_groups+0x54/0xb0
[  134.462612][    C1]  device_remove_attrs+0x23a/0x290
[  134.468148][    C1]  ? __pfx_device_remove_attrs+0x10/0x10
[  134.474006][    C1]  ? kernfs_remove_by_name_ns+0x11b/0x160
[  134.480085][    C1]  device_del+0x572/0x9b0
[  134.484559][    C1]  ? __pfx_device_del+0x10/0x10
[  134.489613][    C1]  ? netdev_unregister_kobject+0x178/0x250
[  134.495600][    C1]  unregister_netdevice_many_notify+0x17d3/0x1d20
[  134.502092][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  134.508985][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  134.514967][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  134.521194][    C1]  default_device_exit_batch+0xa0f/0xa90
[  134.526919][    C1]  ? __pfx___might_resched+0x10/0x10
[  134.532290][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  134.538579][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  134.543969][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  134.550189][    C1]  cleanup_net+0x89d/0xcc0
[  134.554840][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  134.559877][    C1]  ? process_scheduled_works+0x945/0x1830
[  134.565700][    C1]  process_scheduled_works+0xa2c/0x1830
[  134.571348][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  134.577539][    C1]  ? assign_work+0x364/0x3d0
[  134.582204][    C1]  worker_thread+0x86d/0xd40
[  134.586896][    C1]  ? __kthread_parkme+0x169/0x1d0
[  134.592417][    C1]  ? __pfx_worker_thread+0x10/0x10
[  134.597627][    C1]  kthread+0x2f0/0x390
[  134.601765][    C1]  ? __pfx_worker_thread+0x10/0x10
[  134.606969][    C1]  ? __pfx_kthread+0x10/0x10
[  134.611767][    C1]  ret_from_fork+0x4b/0x80
[  134.616272][    C1]  ? __pfx_kthread+0x10/0x10
[  134.620966][    C1]  ret_from_fork_asm+0x1a/0x30
[  134.625854][    C1]  </TASK>
[  134.628935][    C1] DEBUG: waiting rtnl_mutex for 537 jiffies.
[  134.635002][    C1] task:syz-executor    state:D stack:21024 pid:5615  tgid:5615  ppid:5610   flags:0x00004002
[  134.645298][    C1] Call Trace:
[  134.648640][    C1]  <TASK>
[  134.651710][    C1]  __schedule+0x1800/0x4a60
[  134.656334][    C1]  ? __pfx___schedule+0x10/0x10
[  134.661273][    C1]  ? __pfx_lock_release+0x10/0x10
[  134.666549][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  134.671368][ T5779] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  134.672180][    C1]  ? schedule+0x90/0x320
[  134.672245][    C1]  schedule+0x14b/0x320
[  134.672272][    C1]  schedule_preempt_disabled+0x13/0x30
[  134.672319][    C1]  __mutex_lock+0x6a4/0xd70
[  134.672351][    C1]  ? __mutex_lock+0x527/0xd70
[  134.672379][    C1]  ? unregister_nexthop_notifier+0x17/0x40
[  134.672407][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  134.672455][    C1]  ? synchronize_rcu+0x11b/0x360
[  134.672491][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.672524][    C1]  ? get_rtnl_holder+0x144/0x190
[  134.672549][    C1]  unregister_nexthop_notifier+0x17/0x40
[  134.672597][    C1]  nsim_fib_destroy+0x89/0x180
[  134.672627][    C1]  nsim_dev_reload_destroy+0x2e3/0x490
[  134.672657][    C1]  ? __pfx_nsim_bus_remove+0x10/0x10
[  134.672684][    C1]  nsim_drv_remove+0x58/0x160
[  134.672731][    C1]  device_release_driver_internal+0x4a9/0x7c0
[  134.672769][    C1]  bus_remove_device+0x34f/0x420
[  134.672867][    C1]  device_del+0x57a/0x9b0
[  134.672908][    C1]  ? __pfx_device_del+0x10/0x10
[  134.672943][    C1]  device_unregister+0x20/0xc0
[  134.672968][    C1]  del_device_store+0x363/0x480
[  134.673024][    C1]  ? __pfx_del_device_store+0x10/0x10
[  134.673059][    C1]  ? sysfs_kf_write+0x182/0x2a0
[  134.673085][    C1]  ? bus_attr_store+0x4f/0xa0
[  134.673108][    C1]  ? __pfx_sysfs_kf_write+0x10/0x10
[  134.673164][    C1]  kernfs_fop_write_iter+0x3a1/0x500
[  134.673197][    C1]  vfs_write+0xa72/0xc90
[  134.673223][    C1]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  134.673249][    C1]  ? __pfx_vfs_write+0x10/0x10
[  134.829730][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.835026][    C1]  ? blkcg_maybe_throttle_current+0x1ab/0xb80
[  134.841428][    C1]  ksys_write+0x1a0/0x2c0
[  134.845813][    C1]  ? __pfx_ksys_write+0x10/0x10
[  134.850740][    C1]  ? do_syscall_64+0x100/0x230
[  134.855602][    C1]  ? do_syscall_64+0xb6/0x230
[  134.860350][    C1]  do_syscall_64+0xf3/0x230
[  134.865019][    C1]  ? clear_bhb_loop+0x35/0x90
[  134.869760][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.875739][    C1] RIP: 0033:0x7f939477475f
[  134.880247][    C1] RSP: 002b:00007ffe5aad7b60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.888854][    C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f939477475f
[  134.897026][    C1] RDX: 0000000000000001 RSI: 00007ffe5aad7bb0 RDI: 0000000000000005
[  134.905270][    C1] RBP: 00007f93947e45a0 R08: 0000000000000000 R09: 00007ffe5aad79b7
[  134.913432][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  134.921494][    C1] R13: 00007ffe5aad7bb0 R14: 00007f9395434620 R15: 0000000000000003
[  134.930004][    C1]  </TASK>
[  134.933201][    C1] 
[  134.933201][    C1] Showing all locks held in the system:
[  134.940966][    C1] 6 locks held by kworker/0:1/9:
[  134.946333][    C1]  #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  134.957853][    C1]  #1: ffffc900000e7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  134.969877][    C1]  #2: ffff888023656190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  134.978983][    C1]  #3: ffff8880218ba190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  134.988349][    C1]  #4: ffff888061481160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  134.997814][    C1]  #5: ffff888023010f68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0
[  135.008324][    C1] 3 locks held by kworker/1:0/25:
[  135.013731][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  135.024842][    C1]  #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  135.036229][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  135.045450][    C1] 5 locks held by kworker/u8:6/1040:
[  135.050844][    C1] 2 locks held by kworker/u8:10/3515:
[  135.056315][    C1] 2 locks held by dhcpcd/4761:
[  135.062128][    C1]  #0: ffff888078655678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[  135.072974][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210
[  135.082519][    C1] 2 locks held by getty/4848:
[  135.087335][    C1]  #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  135.097267][    C1]  #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  135.107607][    C1] 4 locks held by udevd/5098:
[  135.112328][    C1]  #0: ffff88801ced02f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
[  135.121249][    C1]  #1: ffff8880776c2088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  135.130843][    C1]  #2: ffff88805ca63698 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  135.140768][    C1]  #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: product_show+0x26/0xa0
[  135.149799][    C1] 4 locks held by udevd/5110:
[  135.154695][    C1]  #0: ffff88802284f2f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
[  135.163617][    C1]  #1: ffff888077d90c88 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  135.173118][    C1]  #2: ffff88805d3d03c8 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  135.182611][    C1]  #3: ffff8880218ba190 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17d/0x340
[  135.191651][    C1] 2 locks held by kworker/0:3/5133:
[  135.196924][    C1] 6 locks held by kworker/1:4/5144:
[  135.202149][    C1]  #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  135.213633][    C1]  #1: ffffc90003f4fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  135.225734][    C1]  #2: ffff8880235b6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  135.234868][    C1]  #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  135.245580][    C1]  #4: ffff8880627b5160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  135.254990][    C1]  #5: ffff888022fc1d68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0
[  135.266097][    C1] 7 locks held by syz-executor/5615:
[  135.271440][    C1]  #0: ffff88802f2f6420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90
[  135.280589][    C1]  #1: ffff88802a998488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  135.290509][    C1]  #2: ffff888021939a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500
[  135.300801][    C1]  #3: ffffffff8ef05248 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  135.311231][    C1]  #4: ffff8880624960e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  135.321909][    C1]  #5: ffff888062497250 (&devlink->lock_key#6){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  135.332185][    C1]  #6: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40
[  135.342438][    C1] 2 locks held by syz.4.142/5742:
[  135.347655][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  135.356022][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  135.366451][    C1] 1 lock held by syz.4.142/5765:
[  135.371568][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  135.381178][    C1] 2 locks held by syz.2.146/5768:
[  135.386280][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  135.394710][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  135.404082][    C1] 1 lock held by syz.2.146/5774:
[  135.409047][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  135.418788][    C1] 2 locks held by syz.0.145/5770:
[  135.424110][    C1] 3 locks held by syz.3.147/5778:
[  135.429330][    C1]  #0: ffff88807cb9ed80 (&u->iolock){+.+.}-{3:3}, at: __unix_dgram_recvmsg+0x246/0x12f0
[  135.439219][    C1]  #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  135.449484][    C1]  #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  135.459566][    C1] 
[  135.461955][    C1] =============================================
[  135.461955][    C1] 
[  136.075478][    T9] cdc_ncm 5-1:1.0: bind() failure
[  136.123277][    T9] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  136.130141][    T9] cdc_ncm 5-1:1.1: bind() failure
[  136.472855][    C1] DEBUG: waiting rtnl_mutex for 585 jiffies.
[  136.479021][    C1] task:dhcpcd          state:D stack:20672 pid:4761  tgid:4761  ppid:4760   flags:0x00000002
[  136.489273][    C1] Call Trace:
[  136.492586][    C1]  <TASK>
[  136.495589][    C1]  __schedule+0x1800/0x4a60
[  136.500184][    C1]  ? __pfx___schedule+0x10/0x10
[  136.505150][    C1]  ? __pfx_lock_release+0x10/0x10
[  136.510285][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  136.515864][    C1]  ? schedule+0x90/0x320
[  136.520206][    C1]  schedule+0x14b/0x320
[  136.524553][    C1]  schedule_preempt_disabled+0x13/0x30
[  136.530107][    C1]  __mutex_lock+0x6a4/0xd70
[  136.534729][    C1]  ? __mutex_lock+0x527/0xd70
[  136.539463][    C1]  ? rtnl_dumpit+0x9e/0x210
[  136.544001][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  136.549068][    C1]  ? __alloc_skb+0x28f/0x440
[  136.553738][    C1]  ? get_rtnl_holder+0x144/0x190
[  136.558701][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  136.564166][    C1]  rtnl_dumpit+0x9e/0x210
[  136.568517][    C1]  netlink_dump+0x647/0xd80
[  136.573232][    C1]  ? __pfx_netlink_dump+0x10/0x10
[  136.578402][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  136.583584][    C1]  __netlink_dump_start+0x59f/0x780
[  136.588815][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  136.594218][    C1]  rtnetlink_rcv_msg+0xdaa/0x1180
[  136.599271][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  136.604704][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[  136.609920][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  136.615525][    C1]  ? is_bpf_text_address+0x285/0x2a0
[  136.620864][    C1]  ? mark_lock+0x9a/0x360
[  136.625417][    C1]  ? __lock_acquire+0x1359/0x2000
[  136.630490][    C1]  ? __pfx_rtnl_dumpit+0x10/0x10
[  136.635498][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  136.641312][    C1]  netlink_rcv_skb+0x1e3/0x430
[  136.646209][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  136.651777][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  136.657159][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.662402][    C1]  netlink_unicast+0x7f0/0x990
[  136.667265][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  136.672596][    C1]  ? __virt_addr_valid+0x183/0x530
[  136.677808][    C1]  ? __check_object_size+0x49c/0x900
[  136.683159][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  136.688296][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  136.693567][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.698870][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  136.703876][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  136.709187][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  136.714719][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.720025][    C1]  __sock_sendmsg+0x221/0x270
[  136.724869][    C1]  __sys_sendto+0x3a4/0x4f0
[  136.729439][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  136.734634][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  136.740641][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  136.747129][    C1]  __x64_sys_sendto+0xde/0x100
[  136.752044][    C1]  do_syscall_64+0xf3/0x230
[  136.756956][    C1]  ? clear_bhb_loop+0x35/0x90
[  136.761993][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.768069][    C1] RIP: 0033:0x7f6cf0cd1ad7
[  136.772895][    C1] RSP: 002b:00007ffefe7c19b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  136.781813][    C1] RAX: ffffffffffffffda RBX: 00007ffefe7c2ae0 RCX: 00007f6cf0cd1ad7
[  136.789900][    C1] RDX: 0000000000000014 RSI: 00007ffefe7c2a00 RDI: 0000000000000018
[  136.798019][    C1] RBP: 00007ffefe7c2a70 R08: 00007ffefe7c29e4 R09: 000000000000000c
[  136.806667][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
[  136.814707][    C1] R13: 00007ffefe7c29e4 R14: 00007ffefe7c2a00 R15: 0000000000000105
[  136.822748][    C1]  </TASK>
[  136.825969][    C1] DEBUG: waiting rtnl_mutex for 536 jiffies.
[  136.832268][    C1] task:syz.4.142       state:D stack:23800 pid:5742  tgid:5741  ppid:5088   flags:0x00000004
[  136.842528][    C1] Call Trace:
[  136.845847][    C1]  <TASK>
[  136.848789][    C1]  __schedule+0x1800/0x4a60
[  136.853359][    C1]  ? __pfx___schedule+0x10/0x10
[  136.858364][    C1]  ? __pfx_lock_release+0x10/0x10
[  136.863534][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  136.869108][    C1]  ? schedule+0x90/0x320
[  136.873461][    C1]  schedule+0x14b/0x320
[  136.877646][    C1]  schedule_preempt_disabled+0x13/0x30
[  136.883149][    C1]  __mutex_lock+0x6a4/0xd70
[  136.888076][    C1]  ? __mutex_lock+0x527/0xd70
[  136.893702][    C1]  ? nl80211_pre_doit+0x5f/0x8b0
[  136.899853][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  136.905240][    C1]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  136.911555][    C1]  ? get_rtnl_holder+0x144/0x190
[  136.916689][    C1]  nl80211_pre_doit+0x5f/0x8b0
[  136.921600][    C1]  genl_rcv_msg+0xaaa/0xec0
[  136.926176][    C1]  ? mark_lock+0x9a/0x360
[  136.930566][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[  136.935635][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  136.940666][    C1]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  136.946070][    C1]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  136.951386][    C1]  ? __pfx_nl80211_post_doit+0x10/0x10
[  136.956963][    C1]  ? __pfx___might_resched+0x10/0x10
[  136.962391][    C1]  netlink_rcv_skb+0x1e3/0x430
[  136.967219][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[  136.972431][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  136.977917][    C1]  ? __netlink_deliver_tap+0x77e/0x7c0
[  136.983478][    C1]  genl_rcv+0x28/0x40
[  136.987517][    C1]  netlink_unicast+0x7f0/0x990
[  136.992389][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  136.997927][    C1]  ? __virt_addr_valid+0x183/0x530
[  137.003205][    C1]  ? __check_object_size+0x49c/0x900
[  137.008528][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  137.013745][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  137.018545][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.023945][    C1]  ? __import_iovec+0x536/0x820
[  137.028840][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  137.033890][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  137.039208][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  137.044817][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.050140][    C1]  __sock_sendmsg+0x221/0x270
[  137.054973][    C1]  ____sys_sendmsg+0x525/0x7d0
[  137.061596][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  137.066934][    C1]  __sys_sendmsg+0x2b0/0x3a0
[  137.071618][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[  137.076844][    C1]  ? __hrtimer_run_queues+0xcdc/0xd50
[  137.082260][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  137.087622][    C1]  ? hrtimer_interrupt+0x76f/0x990
[  137.092821][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  137.099200][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  137.105583][    C1]  ? __irq_exit_rcu+0x100/0x1c0
[  137.110445][    C1]  ? do_syscall_64+0xb6/0x230
[  137.115150][    C1]  do_syscall_64+0xf3/0x230
[  137.119662][    C1]  ? clear_bhb_loop+0x35/0x90
[  137.124367][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.130279][    C1] RIP: 0033:0x7f401f175bd9
[  137.134743][    C1] RSP: 002b:00007f401ff25048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.143291][    C1] RAX: ffffffffffffffda RBX: 00007f401f303f60 RCX: 00007f401f175bd9
[  137.151394][    C1] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 000000000000000a
[  137.159643][    C1] RBP: 00007f401f1e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  137.167758][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  137.175778][    C1] R13: 000000000000000b R14: 00007f401f303f60 R15: 00007ffc96af5b78
[  137.183784][    C1]  </TASK>
[  137.186824][    C1] DEBUG: waiting rtnl_mutex for 567 jiffies.
[  137.192839][    C1] task:syz.4.142       state:D stack:26800 pid:5765  tgid:5741  ppid:5088   flags:0x00000004
[  137.203116][    C1] Call Trace:
[  137.206407][    C1]  <TASK>
[  137.209346][    C1]  __schedule+0x1800/0x4a60
[  137.213914][    C1]  ? __pfx___schedule+0x10/0x10
[  137.218878][    C1]  ? __pfx_lock_release+0x10/0x10
[  137.223936][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  137.229457][    C1]  ? schedule+0x90/0x320
[  137.233832][    C1]  schedule+0x14b/0x320
[  137.238042][    C1]  schedule_preempt_disabled+0x13/0x30
[  137.243599][    C1]  __mutex_lock+0x6a4/0xd70
[  137.248131][    C1]  ? __mutex_lock+0x527/0xd70
[  137.252933][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[  137.258156][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  137.263214][    C1]  ? get_rtnl_holder+0x144/0x190
[  137.268154][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[  137.273211][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[  137.278422][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  137.284212][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  137.289612][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  137.294854][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  137.300240][    C1]  ? dev_hard_start_xmit+0x773/0x7e0
[  137.305590][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[  137.310702][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  137.316541][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[  137.321662][    C1]  ? __dev_queue_xmit+0x1763/0x3e90
[  137.326883][    C1]  ? kasan_save_track+0x51/0x80
[  137.331794][    C1]  ? do_syscall_64+0xf3/0x230
[  137.336640][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[  137.342084][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[  137.347563][    C1]  ? ref_tracker_free+0x643/0x7e0
[  137.352992][    C1]  netlink_rcv_skb+0x1e3/0x430
[  137.357853][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  137.363642][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  137.368987][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  137.374365][    C1]  netlink_unicast+0x7f0/0x990
[  137.379155][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  137.384511][    C1]  ? __virt_addr_valid+0x183/0x530
[  137.389637][    C1]  ? __check_object_size+0x49c/0x900
[  137.395119][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  137.400268][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  137.405129][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.410444][    C1]  ? __import_iovec+0x536/0x820
[  137.415358][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  137.420322][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  137.425690][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  137.431212][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.436553][    C1]  __sock_sendmsg+0x221/0x270
[  137.441290][    C1]  ____sys_sendmsg+0x525/0x7d0
[  137.446177][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  137.451526][    C1]  __sys_sendmsg+0x2b0/0x3a0
[  137.456161][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[  137.461330][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  137.467472][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  137.473836][    C1]  ? exc_page_fault+0x590/0x8c0
[  137.478818][    C1]  ? do_syscall_64+0xb6/0x230
[  137.483652][    C1]  do_syscall_64+0xf3/0x230
[  137.488175][    C1]  ? clear_bhb_loop+0x35/0x90
[  137.492912][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.498962][    C1] RIP: 0033:0x7f401f175bd9
[  137.503449][    C1] RSP: 002b:00007f401ff04048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.512053][    C1] RAX: ffffffffffffffda RBX: 00007f401f304038 RCX: 00007f401f175bd9
[  137.520074][    C1] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000009
[  137.528368][    C1] RBP: 00007f401f1e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  137.536711][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  137.544748][    C1] R13: 000000000000006e R14: 00007f401f304038 R15: 00007ffc96af5b78
[  137.553135][    C1]  </TASK>
[  137.556357][    C1] DEBUG: holding rtnl_mutex for 832 jiffies.
[  137.562359][    C1] task:kworker/u8:6    state:R  running task     stack:22672 pid:1040  tgid:1040  ppid:2      flags:0x00004008
[  137.574376][    C1] Workqueue: netns cleanup_net
[  137.579179][    C1] Call Trace:
[  137.582510][    C1]  <IRQ>
[  137.585431][    C1]  sched_show_task+0x506/0x6d0
[  137.590228][    C1]  ? report_rtnl_holders+0x29e/0x3f0
[  137.595907][    C1]  ? __pfx__printk+0x10/0x10
[  137.600524][    C1]  ? __pfx_sched_show_task+0x10/0x10
[  137.605865][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  137.611770][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.618147][    C1]  report_rtnl_holders+0x320/0x3f0
[  137.623299][    C1]  call_timer_fn+0x18e/0x650
[  137.627999][    C1]  ? call_timer_fn+0xc0/0x650
[  137.633093][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[  137.638883][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  137.644067][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[  137.650455][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[  137.656145][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[  137.661928][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  137.667228][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  137.672504][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[  137.678287][    C1]  __run_timer_base+0x66a/0x8e0
[  137.683220][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  137.688772][    C1]  run_timer_softirq+0xb7/0x170
[  137.693681][    C1]  handle_softirqs+0x2c4/0x970
[  137.698485][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[  137.703340][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  137.708776][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[  137.714122][    C1]  __irq_exit_rcu+0xf4/0x1c0
[  137.718853][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  137.724261][    C1]  irq_exit_rcu+0x9/0x30
[  137.728575][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  137.734281][    C1]  </IRQ>
[  137.737340][    C1]  <TASK>
[  137.740340][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.746464][    C1] RIP: 0010:__down_write_common+0x169/0x200
[  137.752534][    C1] Code: d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 0d 67 8b 00 4c 89 33 31 db bf 01 00 00 00 e8 4e ae f3 ff 65 8b 05 5f ee 94 7e <85> c0 74 56 48 c7 44 24 20 0e 36 e0 45 4b c7 04 2c 00 00 00 00 65
[  137.772802][    C1] RSP: 0018:ffffc90003e3f3e0 EFLAGS: 00000297
[  137.779020][    C1] RAX: 0000000080000000 RBX: 0000000000000000 RCX: 0000000000000001
[  137.787765][    C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
[  137.795782][    C1] RBP: ffffc90003e3f498 R08: ffff888015ede97f R09: 1ffff11002bdbd2f
[  137.803781][    C1] R10: dffffc0000000000 R11: ffffed1002bdbd30 R12: dffffc0000000000
[  137.811754][    C1] R13: 1ffff920007c7e80 R14: ffff888021c6da00 R15: 1ffff920007c7e84
[  137.819776][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  137.824854][    C1]  ? __pfx___down_write_common+0x10/0x10
[  137.830546][    C1]  __kernfs_remove+0x4ba/0x870
[  137.835396][    C1]  kernfs_remove_by_name_ns+0xdc/0x160
[  137.840866][    C1]  sysfs_remove_group+0xfe/0x2c0
[  137.845879][    C1]  sysfs_remove_groups+0x54/0xb0
[  137.850885][    C1]  __kobject_del+0x84/0x310
[  137.855736][    C1]  ? kobject_put+0x23d/0x480
[  137.861039][    C1]  kobject_put+0x245/0x480
[  137.865660][    C1]  net_rx_queue_update_kobjects+0x52b/0x5b0
[  137.872180][    C1]  netdev_unregister_kobject+0x104/0x250
[  137.879590][    C1]  unregister_netdevice_many_notify+0x17d3/0x1d20
[  137.886822][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  137.893771][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  137.899687][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  137.905967][    C1]  default_device_exit_batch+0xa0f/0xa90
[  137.911627][    C1]  ? __pfx___might_resched+0x10/0x10
[  137.917057][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  137.923259][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  137.928549][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  137.935032][    C1]  cleanup_net+0x89d/0xcc0
[  137.939647][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  137.944835][    C1]  ? process_scheduled_works+0x945/0x1830
[  137.950791][    C1]  process_scheduled_works+0xa2c/0x1830
[  137.956562][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  137.962916][    C1]  ? assign_work+0x364/0x3d0
[  137.967651][    C1]  worker_thread+0x86d/0xd40
[  137.972369][    C1]  ? __kthread_parkme+0x169/0x1d0
[  137.977487][    C1]  ? __pfx_worker_thread+0x10/0x10
[  137.982630][    C1]  kthread+0x2f0/0x390
[  137.986743][    C1]  ? __pfx_worker_thread+0x10/0x10
[  137.992009][    C1]  ? __pfx_kthread+0x10/0x10
[  137.996630][    C1]  ret_from_fork+0x4b/0x80
[  138.001340][    C1]  ? __pfx_kthread+0x10/0x10
[  138.006022][    C1]  ret_from_fork_asm+0x1a/0x30
[  138.011299][    C1]  </TASK>
[  138.014405][    C1] DEBUG: waiting rtnl_mutex for 876 jiffies.
[  138.021046][    C1] task:syz-executor    state:D stack:21024 pid:5615  tgid:5615  ppid:5610   flags:0x00004002
[  138.031502][    C1] Call Trace:
[  138.034856][    C1]  <TASK>
[  138.037831][    C1]  __schedule+0x1800/0x4a60
[  138.042406][    C1]  ? __pfx___schedule+0x10/0x10
[  138.047440][    C1]  ? __pfx_lock_release+0x10/0x10
[  138.052734][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  138.058546][    C1]  ? schedule+0x90/0x320
[  138.063027][    C1]  schedule+0x14b/0x320
[  138.067318][    C1]  schedule_preempt_disabled+0x13/0x30
[  138.072871][    C1]  __mutex_lock+0x6a4/0xd70
[  138.078059][    C1]  ? __mutex_lock+0x527/0xd70
[  138.082855][    C1]  ? unregister_nexthop_notifier+0x17/0x40
[  138.088868][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  138.094078][    C1]  ? synchronize_rcu+0x11b/0x360
[  138.099236][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  138.105641][    C1]  ? get_rtnl_holder+0x144/0x190
[  138.110602][    C1]  unregister_nexthop_notifier+0x17/0x40
[  138.116319][    C1]  nsim_fib_destroy+0x89/0x180
[  138.121145][    C1]  nsim_dev_reload_destroy+0x2e3/0x490
[  138.126691][    C1]  ? __pfx_nsim_bus_remove+0x10/0x10
[  138.132013][    C1]  nsim_drv_remove+0x58/0x160
[  138.136852][    C1]  device_release_driver_internal+0x4a9/0x7c0
[  138.143101][    C1]  bus_remove_device+0x34f/0x420
[  138.148164][    C1]  device_del+0x57a/0x9b0
[  138.152604][    C1]  ? __pfx_device_del+0x10/0x10
[  138.157513][    C1]  device_unregister+0x20/0xc0
[  138.162282][    C1]  del_device_store+0x363/0x480
[  138.167372][    C1]  ? __pfx_del_device_store+0x10/0x10
[  138.172833][    C1]  ? sysfs_kf_write+0x182/0x2a0
[  138.177968][    C1]  ? bus_attr_store+0x4f/0xa0
[  138.183152][    C1]  ? __pfx_sysfs_kf_write+0x10/0x10
[  138.188402][    C1]  kernfs_fop_write_iter+0x3a1/0x500
[  138.193766][    C1]  vfs_write+0xa72/0xc90
[  138.198075][    C1]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  138.203916][    C1]  ? __pfx_vfs_write+0x10/0x10
[  138.208685][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  138.213919][    C1]  ? blkcg_maybe_throttle_current+0x1ab/0xb80
[  138.220002][    C1]  ksys_write+0x1a0/0x2c0
[  138.224373][    C1]  ? __pfx_ksys_write+0x10/0x10
[  138.229245][    C1]  ? do_syscall_64+0x100/0x230
[  138.234222][    C1]  ? do_syscall_64+0xb6/0x230
[  138.238937][    C1]  do_syscall_64+0xf3/0x230
[  138.243503][    C1]  ? clear_bhb_loop+0x35/0x90
[  138.248209][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.254556][    C1] RIP: 0033:0x7f939477475f
[  138.259625][    C1] RSP: 002b:00007ffe5aad7b60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  138.269429][    C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f939477475f
[  138.277674][    C1] RDX: 0000000000000001 RSI: 00007ffe5aad7bb0 RDI: 0000000000000005
[  138.285825][    C1] RBP: 00007f93947e45a0 R08: 0000000000000000 R09: 00007ffe5aad79b7
[  138.294232][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  138.304026][    C1] R13: 00007ffe5aad7bb0 R14: 00007f9395434620 R15: 0000000000000003
[  138.314747][    C1]  </TASK>
[  138.318226][    C1] DEBUG: waiting rtnl_mutex for 818 jiffies.
[  138.324809][    C1] task:kworker/1:0     state:D stack:22256 pid:25    tgid:25    ppid:2      flags:0x00004000
[  138.335225][    C1] Workqueue: events linkwatch_event
[  138.340593][    C1] Call Trace:
[  138.344267][    C1]  <TASK>
[  138.347305][    C1]  __schedule+0x1800/0x4a60
[  138.351971][    C1]  ? __pfx___schedule+0x10/0x10
[  138.357418][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  138.363561][    C1]  ? __pfx_lock_release+0x10/0x10
[  138.370172][    C1]  ? kick_pool+0x1bd/0x620
[  138.375650][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  138.380989][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  138.386451][    C1]  ? schedule+0x90/0x320
[  138.390841][    C1]  schedule+0x14b/0x320
[  138.395139][    C1]  schedule_preempt_disabled+0x13/0x30
[  138.401288][    C1]  __mutex_lock+0x6a4/0xd70
[  138.406084][    C1]  ? __mutex_lock+0x527/0xd70
[  138.410833][    C1]  ? linkwatch_event+0xe/0x60
[  138.415575][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  138.421515][    C1]  ? get_rtnl_holder+0x144/0x190
[  138.427505][    C1]  ? process_scheduled_works+0x945/0x1830
[  138.433268][    C1]  linkwatch_event+0xe/0x60
[  138.437822][    C1]  process_scheduled_works+0xa2c/0x1830
[  138.443653][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  138.449884][    C1]  ? assign_work+0x364/0x3d0
[  138.454526][    C1]  worker_thread+0x86d/0xd40
[  138.459145][    C1]  ? __kthread_parkme+0x169/0x1d0
[  138.464326][    C1]  ? __pfx_worker_thread+0x10/0x10
[  138.469579][    C1]  kthread+0x2f0/0x390
[  138.473819][    C1]  ? __pfx_worker_thread+0x10/0x10
[  138.479054][    C1]  ? __pfx_kthread+0x10/0x10
[  138.483973][    C1]  ret_from_fork+0x4b/0x80
[  138.488487][    C1]  ? __pfx_kthread+0x10/0x10
[  138.493129][    C1]  ret_from_fork_asm+0x1a/0x30
[  138.497920][    C1]  </TASK>
[  138.500983][    C1] 
[  138.500983][    C1] Showing all locks held in the system:
[  138.509223][    C1] 3 locks held by kworker/1:0/25:
[  138.514390][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  138.525568][    C1]  #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  138.537168][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  138.546311][    C1] 6 locks held by kworker/1:1/46:
[  138.551332][    C1]  #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  138.562867][    C1]  #1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  138.575368][    C1]  #2: ffff8880235c6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  138.584345][    C1]  #3: ffff888023651518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b6/0x5150
[  138.595540][    C1]  #4: ffff888023008568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f4/0x5150
[  138.606323][    C1]  #5: ffffffff8ef34f90 (ehci_cf_port_reset_rwsem){.+.+}-{3:3}, at: hub_port_reset+0x1f8/0x1b30
[  138.616991][    C1] 8 locks held by kworker/u8:6/1040:
[  138.622291][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  138.633510][    C1]  #1: ffffc90003e3fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  138.644769][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  138.654551][    C1]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  138.665089][    C1]  #4: ffff888015ede948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x7a/0x160
[  138.676017][    C1]  #5: ffff888015ede9e0 (&root->kernfs_iattr_rwsem){++++}-{3:3}, at: __kernfs_remove+0x4ba/0x870
[  138.686776][    C1]  #6: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  138.697178][    C1]  #7: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  138.707442][    C1] 2 locks held by dhcpcd/4761:
[  138.712238][    C1]  #0: ffff888078655678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[  138.722890][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210
[  138.732130][    C1] 2 locks held by getty/4848:
[  138.736890][    C1]  #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  138.746744][    C1]  #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  138.757056][    C1] 1 lock held by syz-executor/5097:
[  138.762445][    C1] 4 locks held by udevd/5098:
[  138.767251][    C1]  #0: ffff88801ced02f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
[  138.776598][    C1]  #1: ffff8880776c2088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  138.786630][    C1]  #2: ffff88805ca63698 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  138.796335][    C1]  #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: product_show+0x26/0xa0
[  138.805299][    C1] 6 locks held by kworker/1:4/5144:
[  138.810529][    C1]  #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  138.822398][    C1]  #1: ffffc90003f4fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  138.834445][    C1]  #2: ffff8880235b6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  138.843674][    C1]  #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  138.853262][    C1]  #4: ffff8880627b5160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  138.862605][    C1]  #5: ffff888022fc1d68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0
[  138.873117][    C1] 7 locks held by syz-executor/5615:
[  138.879191][    C1]  #0: ffff88802f2f6420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90
[  138.888579][    C1]  #1: ffff88802a998488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  138.898756][    C1]  #2: ffff888021939a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500
[  138.909072][    C1]  #3: ffffffff8ef05248 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  138.919535][    C1]  #4: ffff8880624960e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  138.930278][    C1]  #5: ffff888062497250 (&devlink->lock_key#6){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  138.940751][    C1]  #6: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40
[  138.951503][    C1] 2 locks held by syz.4.142/5742:
[  138.956677][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  138.965100][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  138.974797][    C1] 1 lock held by syz.4.142/5765:
[  138.979754][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  138.989599][    C1] 2 locks held by syz.2.146/5768:
[  138.995014][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  139.003471][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  139.013290][    C1] 1 lock held by syz.2.146/5774:
[  139.018224][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  139.027889][    C1] 1 lock held by syz.3.148/5781:
[  139.032885][    C1] 
[  139.035237][    C1] =============================================
[  139.035237][    C1] 
[  139.051953][   T46] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  139.061660][ T5144] cdc_ncm 3-1:1.0: bind() failure
[  139.159087][ T5144] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  139.200432][ T5144] cdc_ncm 3-1:1.1: bind() failure
[  139.325039][ T5789] loop3: detected capacity change from 0 to 8
[  139.474206][   T25] usb 3-1: USB disconnect, device number 9
[  139.484538][ T5144] usb 5-1: USB disconnect, device number 6
[  139.766557][ T5615] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  139.806225][ T5792] loop4: detected capacity change from 0 to 64
[  139.914015][ T5615] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  140.043566][ T5615] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  140.116166][ T5615] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  140.402947][   T46] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  140.575257][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.614467][ T5615] 8021q: adding VLAN 0 to HW filter on device team0
[  140.660510][   T46] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.948779][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.956128][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.982298][   T46] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  141.062963][   T46] usb 4-1: config 1 has no interface number 0
[  141.069321][   T46] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  141.194927][   T46] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  141.207090][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.214387][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.228272][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.240498][ T5808] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  141.279758][   T46] usb 4-1: Product: syz
[  141.292191][   T46] usb 4-1: Manufacturer: syz
[  141.298536][ T5816] loop0: detected capacity change from 0 to 512
[  141.314618][   T46] usb 4-1: SerialNumber: syz
[  141.331595][ T5816] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  141.340120][ T5816] EXT4-fs (loop0): orphan cleanup on readonly fs
[  141.352592][ T5816] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0
[  141.361090][   T46] usb 4-1: selecting invalid altsetting 1
[  141.363890][ T5816] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  141.379061][ T5816] EXT4-fs error (device loop0): ext4_acquire_dquot:6862: comm syz.0.155: Failed to acquire dquot type 1
[  141.401284][ T5816] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.155: bg 0: block 40: padding at end of block bitmap is not set
[  141.416532][ T5816] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  141.428784][ T5816] EXT4-fs (loop0): 1 truncate cleaned up
[  141.449989][ T5816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  141.482366][ T5819] loop2: detected capacity change from 0 to 512
[  141.524916][ T5819] EXT4-fs: Ignoring removed bh option
[  141.558918][ T5821] Cache volume key already in use (9p,(null),)
[  141.615422][ T5819] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  141.635229][ T5821] loop4: detected capacity change from 0 to 512
[  141.666958][ T5821] EXT4-fs: Ignoring removed bh option
[  141.692221][ T5821] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  141.709912][ T5097] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.734602][ T5819] EXT4-fs (loop2): 1 truncate cleaned up
[  141.735566][ T5821] EXT4-fs (loop4): 1 truncate cleaned up
[  141.743448][ T5819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.761486][ T1040] bridge_slave_1: left allmulticast mode
[  141.777916][ T5821] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.791093][ T1040] bridge_slave_1: left promiscuous mode
[  141.798934][   T46] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS
[  141.805335][   T46] cdc_ncm 4-1:1.1: bind() failure
[  141.815522][ T1040] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.828332][ T5821] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.849453][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.860080][   T46] usb 4-1: USB disconnect, device number 9
[  141.868251][ T1040] bridge_slave_0: left allmulticast mode
[  141.882374][ T1040] bridge_slave_0: left promiscuous mode
[  141.894349][ T1040] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.220480][ T5821] overlayfs: missing 'lowerdir'
[  142.719205][   T46] libceph: connect (1)[c::]:6789 error -101
[  142.736094][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  142.835828][ T5836] ceph: No mds server is up or the cluster is laggy
[  142.879382][    T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  142.976215][ T5846] loop3: detected capacity change from 0 to 8
[  142.982995][ T5145] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  143.026767][  T929] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  143.113194][    T8] usb 1-1: Using ep0 maxpacket: 32
[  143.137505][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.170930][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.187689][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  143.197794][ T5145] usb 5-1: Using ep0 maxpacket: 8
[  143.209171][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  143.219653][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  143.230847][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  143.243356][ T5145] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.259381][  T929] usb 3-1: Using ep0 maxpacket: 32
[  143.272595][  T929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.288237][    T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  143.428413][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.437808][  T929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.438331][ T1040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  143.449071][    T8] usb 1-1: Product: syz
[  143.467645][ T1040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  143.469581][ T5145] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  143.499727][ T1040] bond0 (unregistering): Released all slaves
[  143.504767][  T929] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  143.523108][    T8] usb 1-1: Manufacturer: syz
[  143.527909][    T8] usb 1-1: SerialNumber: syz
[  143.532757][ T5145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.536449][  T929] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  143.555929][ T5145] usb 5-1: Product: syz
[  143.560391][ T5145] usb 5-1: Manufacturer: syz
[  143.566683][ T5145] usb 5-1: SerialNumber: syz
[  143.629140][ T5145] usb 5-1: bad CDC descriptors
[  143.645477][  T929] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  143.714531][  T929] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  143.724387][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.769032][  T929] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  143.795886][  T929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.809499][  T929] usb 3-1: Product: syz
[  143.819316][  T929] usb 3-1: Manufacturer: syz
[  143.843451][  T929] usb 3-1: SerialNumber: syz
[  143.857837][ T5830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.899074][ T5615] veth0_vlan: entered promiscuous mode
[  143.911809][ T5830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.611501][    T8] cdc_ncm 1-1:1.0: bind() failure
[  144.630631][    T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  144.640969][ T5857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.649708][    T8] cdc_ncm 1-1:1.1: bind() failure
[  144.674904][ T5857] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.675818][    T8] usb 1-1: USB disconnect, device number 4
[  144.689269][ T5615] veth1_vlan: entered promiscuous mode
[  144.798963][  T929] cdc_ncm 3-1:1.0: bind() failure
[  144.813237][  T929] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  144.820568][  T929] cdc_ncm 3-1:1.1: bind() failure
[  144.834975][  T929] usb 3-1: USB disconnect, device number 10
[  144.948510][ T1040] hsr_slave_0: left promiscuous mode
[  144.972992][ T1040] hsr_slave_1: left promiscuous mode
[  144.987570][ T5859] loop3: detected capacity change from 0 to 64
[  144.996942][ T1040] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  145.007414][ T1040] batman_adv: batadv0: Removing interface: batadv_slave_0
[  145.017375][ T1040] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  145.025356][ T1040] batman_adv: batadv0: Removing interface: batadv_slave_1
[  145.059917][ T1040] veth1_macvtap: left promiscuous mode
[  145.066786][ T1040] veth0_macvtap: left promiscuous mode
[  145.072562][ T1040] veth1_vlan: left promiscuous mode
[  145.078418][ T1040] veth0_vlan: left promiscuous mode
[  145.305213][ T5863] netlink: 'syz.0.167': attribute type 29 has an invalid length.
[  146.164275][ T5133] usb 5-1: USB disconnect, device number 7
[  146.236241][ T5870] netlink: 28 bytes leftover after parsing attributes in process `syz.2.168'.
[  146.428972][ T5874] loop3: detected capacity change from 0 to 512
[  146.459911][ T5874] EXT4-fs: Ignoring removed bh option
[  146.503042][ T5874] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  146.566063][ T5874] EXT4-fs (loop3): 1 truncate cleaned up
[  146.572493][ T5874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.603174][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  146.643353][ T5874] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.887949][    T8] usb 3-1: Using ep0 maxpacket: 8
[  147.033892][    T8] usb 3-1: config 1 has an invalid interface descriptor of length 3, skipping
[  147.133265][    T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.173185][    T8] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  147.182508][    T8] usb 3-1: config 1 has no interface number 1
[  147.189144][    T8] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  147.210263][    T8] usb 3-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113
[  147.458671][    T8] usb 3-1: config 1 interface 2 has no altsetting 0
[  147.470309][    T8] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  147.480500][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.488810][    T8] usb 3-1: Product: 쑿퉈ਝ쑻
[  147.493815][    T8] usb 3-1: Manufacturer: ф
[  147.498352][    T8] usb 3-1: SerialNumber: syz
[  147.641644][ T1040] team0 (unregistering): Port device team_slave_1 removed
[  147.732540][ T1040] team0 (unregistering): Port device team_slave_0 removed
[  148.354438][ T5200] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  148.390043][ T5863] netlink: 'syz.0.167': attribute type 29 has an invalid length.
[  148.447070][ T5615] veth0_macvtap: entered promiscuous mode
[  148.470446][ T5615] veth1_macvtap: entered promiscuous mode
[  148.550169][ T5200] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  148.562387][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.580139][ T5200] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  148.593113][    T8] usb 3-1: USB disconnect, device number 11
[  148.596252][ T5885] loop0: detected capacity change from 0 to 64
[  148.620294][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.622895][ T5200] usb 4-1: config 1 has no interface number 0
[  148.656941][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.667617][ T5200] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  148.679061][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.703735][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.717695][ T5200] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  148.742923][ T5200] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.756089][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.761527][ T5200] usb 4-1: Product: syz
[  148.773996][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.789530][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.795880][ T5200] usb 4-1: Manufacturer: syz
[  148.805437][ T5887] loop4: detected capacity change from 0 to 8
[  148.805745][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.818582][ T5200] usb 4-1: SerialNumber: syz
[  148.862694][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  148.864796][ T5200] usb 4-1: selecting invalid altsetting 1
[  148.916280][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.953150][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.978740][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.993057][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.034196][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.067650][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.097176][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.108924][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.136959][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.163061][ T5615] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.173939][ T5615] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.334834][ T5200] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS
[  149.341013][ T5200] cdc_ncm 4-1:1.1: bind() failure
[  149.365877][ T5200] usb 4-1: USB disconnect, device number 10
[  149.389743][ T5615] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.415539][ T5615] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.428560][ T5894] loop0: detected capacity change from 0 to 64
[  149.578307][ T5144] libceph: connect (1)[c::]:6789 error -101
[  149.605262][ T5144] libceph: mon0 (1)[c::]:6789 connect error
[  149.673140][ T5896] ceph: No mds server is up or the cluster is laggy
[  149.739549][ T1051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.838183][ T1051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.005688][  T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.016810][  T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.186652][ T5907] netlink: 'syz.0.178': attribute type 10 has an invalid length.
[  150.254426][ T5911] loop3: detected capacity change from 0 to 2048
[  150.261410][ T5912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.178'.
[  150.338922][ T5907] team0: Failed to send options change via netlink (err -105)
[  150.363757][ T5911] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  150.385200][ T5907] team0: Port device netdevsim0 added
[  150.422473][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.445265][ T5147] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  150.533174][   T29] audit: type=1326 audit(1720143797.836:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.111" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9394775bd9 code=0x0
[  150.683245][ T5200] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  150.903472][ T5200] usb 1-1: Using ep0 maxpacket: 8
[  150.986211][ T5200] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.050558][ T5200] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  151.071428][ T5200] usb 1-1: config 1 has no interface number 1
[  151.079447][ T5200] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  151.101486][ T5200] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  151.129794][ T5911] Process accounting resumed
[  151.136546][ T5200] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  151.191480][ T5200] usb 1-1: config 1 interface 2 has no altsetting 0
[  151.203770][ T5133] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  151.211370][    T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  151.214701][ T5200] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  151.258110][ T5200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.274405][ T5200] usb 1-1: Product: 쑿퉈ਝ쑻
[  151.279586][ T5200] usb 1-1: Manufacturer: ф
[  151.298093][ T5200] usb 1-1: SerialNumber: syz
[  151.392961][    T9] usb 3-1: Using ep0 maxpacket: 8
[  151.410778][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.421228][ T5133] usb 5-1: Using ep0 maxpacket: 32
[  151.430319][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.457675][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  151.474249][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.487496][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.491666][ T5923] loop1: detected capacity change from 0 to 64
[  151.495862][ T5133] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  151.512519][    T9] usb 3-1: Product: syz
[  151.542667][    T9] usb 3-1: Manufacturer: syz
[  151.554891][    T9] usb 3-1: SerialNumber: syz
[  151.569548][ T5133] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  151.588921][    T9] usb 3-1: bad CDC descriptors
[  151.609617][ T5133] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  151.625037][ T5133] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  151.650638][ T5133] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  151.660824][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.693289][ T5133] usb 5-1: Product: syz
[  151.699075][ T5133] usb 5-1: Manufacturer: syz
[  151.714392][ T5133] usb 5-1: SerialNumber: syz
[  151.743098][ T5144] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  151.847754][ T5200] usb 1-1: USB disconnect, device number 5
[  152.157446][ T5144] usb 4-1: config 0 has an invalid interface number: 106 but max is 0
[  152.173448][ T5903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.506751][ T5144] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  152.519700][ T5144] usb 4-1: config 0 has no interface number 0
[  152.526011][ T5144] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11
[  152.553821][ T5144] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024
[  152.571631][ T5903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.629873][ T5144] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  152.649113][ T5144] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  152.686700][ T5133] cdc_ncm 5-1:1.0: bind() failure
[  152.707872][ T5133] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  152.719911][ T5133] cdc_ncm 5-1:1.1: bind() failure
[  152.740940][ T5133] usb 5-1: USB disconnect, device number 8
[  152.741215][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  152.766202][ T5144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.825291][ T5144] usb 4-1: config 0 descriptor??
[  152.831730][ T5922] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  152.880853][ T5144] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  153.027686][ T5930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.184'.
[  153.194741][ T5933] loop0: detected capacity change from 0 to 8
[  153.383528][ T5133] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  153.614223][ T5133] usb 2-1: Using ep0 maxpacket: 8
[  153.644826][ T5133] usb 2-1: config 1 has an invalid interface descriptor of length 3, skipping
[  153.679542][ T5144] usb 3-1: USB disconnect, device number 12
[  153.689157][ T5133] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  153.768341][ T5133] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  153.808189][ T5133] usb 2-1: config 1 has no interface number 1
[  153.835950][ T5133] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  153.881461][ T5133] usb 2-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113
[  153.935064][   T58] usb 4-1: Failed to submit usb control message: -110
[  153.971723][   T58] usb 4-1: unable to send the bmi data to the device: -110
[  153.987576][ T5133] usb 2-1: config 1 interface 2 has no altsetting 0
[  154.001646][   T58] usb 4-1: unable to get target info from device
[  154.016383][   T58] usb 4-1: could not get target info (-110)
[  154.021354][ T5133] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  154.022523][   T58] usb 4-1: could not probe fw (-110)
[  154.046851][ T5133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.055493][ T5133] usb 2-1: Product: 쑿퉈ਝ쑻
[  154.060786][ T5133] usb 2-1: Manufacturer: ф
[  154.065897][ T5133] usb 2-1: SerialNumber: syz
[  154.103001][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  154.310446][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  154.353627][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  154.380900][ T5133] usb 2-1: USB disconnect, device number 4
[  154.490365][    T9] usb 1-1: config 1 has no interface number 0
[  155.100632][    T9] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  155.189431][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  155.200789][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.213342][  T929] usb 4-1: USB disconnect, device number 11
[  155.229317][    T9] usb 1-1: Product: syz
[  155.252229][    T9] usb 1-1: Manufacturer: syz
[  155.292852][    T9] usb 1-1: SerialNumber: syz
[  155.383599][    T9] usb 1-1: selecting invalid altsetting 1
[  155.416027][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  155.595622][   T29] audit: type=1326 audit(1720143802.796:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.2.191" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f474e175bd9 code=0x0
[  156.037541][    T9] cdc_ncm 1-1:1.1: failed GET_NTB_PARAMETERS
[  156.148335][    T9] cdc_ncm 1-1:1.1: bind() failure
[  156.168539][    T9] usb 1-1: USB disconnect, device number 6
[  156.268391][ T5964] loop3: detected capacity change from 0 to 8
[  156.440255][ T5958] loop4: detected capacity change from 0 to 64
[  156.507395][ T5200] libceph: connect (1)[c::]:6789 error -101
[  156.523237][ T5200] libceph: mon0 (1)[c::]:6789 connect error
[  156.533530][ T5962] ceph: No mds server is up or the cluster is laggy
[  156.669464][ T5972] loop1: detected capacity change from 0 to 128
[  156.669511][ T5974] loop3: detected capacity change from 0 to 64
[  156.756276][ T5972] VFS: Found a Xenix FS (block size = 512) on device loop1
[  156.955325][ T5972] sysv_count_free_blocks: cannot read free-list block
[  157.111846][ T5972] sysv_count_free_inodes: unable to read inode table
[  157.124018][ T5978] sysv_count_free_blocks: cannot read free-list block
[  157.137398][ T5978] sysv_count_free_inodes: unable to read inode table
[  157.204919][ T5982] overlay: ./file1 is not a directory
[  157.516894][ T5980] loop0: detected capacity change from 0 to 512
[  157.776213][ T5980] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.834829][ T5980] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.006215][ T5992] netlink: 'syz.2.203': attribute type 10 has an invalid length.
[  158.089622][ T5996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.203'.
[  158.524613][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  158.762907][    T9] usb 3-1: Using ep0 maxpacket: 8
[  158.771260][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  158.828770][    T9] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  158.845761][    T9] usb 3-1: config 1 has no interface number 1
[  158.852342][    T9] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  158.868490][    T9] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  158.889929][    T9] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  158.945911][    T9] usb 3-1: config 1 interface 2 has no altsetting 0
[  158.991830][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  159.017128][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.032046][    T9] usb 3-1: Product: 쑿퉈ਝ쑻
[  159.041855][    T9] usb 3-1: Manufacturer: ф
[  159.054338][ T6006] loop4: detected capacity change from 0 to 256
[  159.062714][    T9] usb 3-1: SerialNumber: syz
[  159.064275][ T5097] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.486810][ T5615] sysv_free_block: trying to free block not in datazone
[  159.497763][    T9] usb 3-1: USB disconnect, device number 13
[  159.520220][ T5615] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  159.684826][ T6011] loop1: detected capacity change from 0 to 8
[  159.793299][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  160.844780][ T5091] Bluetooth: hci3: SCO packet for unknown connection handle 1039
[  160.861096][ T6021] loop1: detected capacity change from 0 to 64
[  160.949184][ T6019] loop3: detected capacity change from 0 to 2048
[  160.985579][ T6019] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  161.022294][ T6019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  161.122122][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  161.163381][ T6019] Process accounting resumed
[  161.171234][ T6009] FAT-fs (loop4): Filesystem has been set read-only
[  161.187001][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  161.458141][ T6029] overlay: ./file1 is not a directory
[  161.680344][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  161.848191][   T29] audit: type=1800 audit(1720143809.096:7): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.206" name="file1" dev="loop4" ino=1048605 res=0 errno=0
[  162.623100][   T59] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  162.625545][ T6047] loop2: detected capacity change from 0 to 128
[  162.700275][ T6047] VFS: Found a Xenix FS (block size = 512) on device loop2
[  162.815857][ T6047] sysv_count_free_blocks: cannot read free-list block
[  162.823126][   T59] usb 2-1: Using ep0 maxpacket: 16
[  162.841793][   T59] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  162.852399][ T6047] sysv_count_free_inodes: unable to read inode table
[  162.859976][ T6048] sysv_count_free_blocks: cannot read free-list block
[  162.873928][ T6048] sysv_count_free_inodes: unable to read inode table
[  162.885523][   T59] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  163.005679][   T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.022046][   T59] usb 2-1: config 0 descriptor??
[  163.055999][ T6051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.220'.
[  163.118763][ T6054] loop0: detected capacity change from 0 to 8
[  163.191383][ T6051] team0: entered promiscuous mode
[  163.200073][ T6051] team_slave_0: entered promiscuous mode
[  163.212865][ T6051] team_slave_1: entered promiscuous mode
[  163.218731][ T6051] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  163.289854][ T6051] team_slave_0: entered allmulticast mode
[  163.347367][ T6051] team0: Port device team_slave_0 removed
[  163.567033][ T6043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.589690][ T6043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.670425][ T6061] binder_alloc: 6056: binder_alloc_buf, no vma
[  164.085512][ T6049] team0: left promiscuous mode
[  164.283004][ T6049] team_slave_1: left promiscuous mode
[  164.293558][ T6049] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  164.524371][   T59] hid (null): unknown global tag 0x83
[  164.539500][   T59] hid (null): global environment stack underflow
[  164.569795][   T59] hid-generic 0003:0158:0100.0002: unexpected long global item
[  164.589741][ T6065] loop0: detected capacity change from 0 to 64
[  164.616074][   T59] hid-generic 0003:0158:0100.0002: probe with driver hid-generic failed with error -22
[  164.818574][   T59] usb 2-1: USB disconnect, device number 5
[  164.978141][ T6070] overlay: ./file1 is not a directory
[  165.726970][ T6072] loop0: detected capacity change from 0 to 256
[  165.909160][ T5092] sysv_free_block: trying to free block not in datazone
[  166.258573][ T5092] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  166.893475][ T4491] Bluetooth: hci2: SCO packet for unknown connection handle 1039
[  167.069971][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  167.088132][ T6079] FAT-fs (loop0): Filesystem has been set read-only
[  167.095999][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  167.106633][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  167.116978][   T29] audit: type=1800 audit(1720143814.426:8): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.226" name="file1" dev="loop0" ino=1048608 res=0 errno=0
[  167.208341][ T6085] loop2: detected capacity change from 0 to 1024
[  167.309887][ T6085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.419172][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.231'.
[  167.458081][ T6092] team0: entered promiscuous mode
[  167.467523][ T6092] team_slave_1: entered promiscuous mode
[  167.486847][ T6092] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  167.533211][ T6091] team0: left promiscuous mode
[  167.538062][ T6091] team_slave_1: left promiscuous mode
[  167.557766][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.563287][ T6091] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  167.751036][ T6100] loop0: detected capacity change from 0 to 8
[  167.905551][ T4491] Bluetooth: hci6: link tx timeout
[  167.910028][ T6105] loop4: detected capacity change from 0 to 64
[  167.912182][ T4491] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  167.930205][ T5091] Bluetooth: hci6: link tx timeout
[  167.938418][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  167.947247][ T5091] Bluetooth: hci6: link tx timeout
[  167.955183][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  167.971797][ T5091] Bluetooth: hci6: link tx timeout
[  167.977255][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  168.005588][ T5091] Bluetooth: hci6: link tx timeout
[  168.011261][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  168.019209][ T5091] Bluetooth: hci6: link tx timeout
[  168.025281][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  168.692433][ T6111] overlay: ./file1 is not a directory
[  168.820134][ T6099] loop2: detected capacity change from 0 to 4096
[  168.835311][ T6099] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  169.158820][ T6099] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  169.202358][ T6099] ntfs3: loop2: mft corrupted
[  169.207366][ T6099] ntfs3: loop2: Failed to load $Extend (-22).
[  169.214017][ T6099] ntfs3: loop2: Failed to initialize $Extend.
[  169.365882][ T6099] ntfs3: Unknown parameter '����������01777777777777777777777���X�c�v�:�Q���'
[  169.366406][ T6123] loop4: detected capacity change from 0 to 128
[  169.430587][ T6123] VFS: Found a Xenix FS (block size = 512) on device loop4
[  169.508060][ T6123] sysv_count_free_blocks: cannot read free-list block
[  169.725601][ T6123] sysv_count_free_inodes: unable to read inode table
[  169.766926][ T6125] sysv_count_free_blocks: cannot read free-list block
[  169.769740][ T6120] loop3: detected capacity change from 0 to 4096
[  169.865376][ T6125] sysv_count_free_inodes: unable to read inode table
[  169.960540][ T6120] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  169.994868][ T5091] Bluetooth: hci6: command 0x0406 tx timeout
[  170.075579][ T6131] loop2: detected capacity change from 0 to 256
[  170.180362][ T6120] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  170.217409][ T6120] ntfs3: loop3: mft corrupted
[  170.222407][ T6120] ntfs3: loop3: Failed to load $Extend (-22).
[  170.229177][ T6120] ntfs3: loop3: Failed to initialize $Extend.
[  170.532595][ T6120] ntfs3: Unknown parameter '����������01777777777777777777777���X�c�v�:�Q���'
[  170.597173][ T4491] Bluetooth: hci6: SCO packet for unknown connection handle 201
[  170.609575][ T4491] Bluetooth: hci6: SCO packet for unknown connection handle 1039
[  170.966597][ T6136] netlink: 'syz.3.243': attribute type 13 has an invalid length.
[  171.003634][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  171.023506][ T6131] FAT-fs (loop2): Filesystem has been set read-only
[  171.055446][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  171.100055][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  171.151741][   T29] audit: type=1800 audit(1720143818.456:9): pid=6131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.242" name="file1" dev="loop2" ino=1048611 res=0 errno=0
[  171.281932][ T6141] netlink: 'syz.1.245': attribute type 10 has an invalid length.
[  171.384514][ T6141] team0: Failed to send options change via netlink (err -105)
[  171.427550][ T6144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.245'.
[  171.441754][ T6141] team0: Port device netdevsim0 added
[  171.463880][   T59] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  171.476143][ T5088] sysv_free_block: trying to free block not in datazone
[  171.523552][ T5088] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  171.692369][ T6152] loop4: detected capacity change from 0 to 64
[  171.792899][   T59] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  172.955336][   T59] usb 2-1: Using ep0 maxpacket: 8
[  172.986375][   T59] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  173.013025][   T59] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  173.026018][   T59] usb 2-1: config 1 has no interface number 1
[  173.032256][   T59] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  173.045043][ T6165] loop4: detected capacity change from 0 to 8
[  173.051990][   T59] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  173.074900][   T59] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  173.094398][   T59] usb 2-1: config 1 interface 2 has no altsetting 0
[  173.206153][   T59] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.272893][   T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.297389][   T59] usb 2-1: Product: 쑿퉈ਝ쑻
[  173.312615][   T59] usb 2-1: Manufacturer: ф
[  173.320275][   T59] usb 2-1: SerialNumber: syz
[  173.422176][ T6171] capability: warning: `syz.3.252' uses 32-bit capabilities (legacy support in use)
[  173.604174][   T59] usb 2-1: USB disconnect, device number 6
[  173.850465][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  174.167076][ T6173] netlink: 24 bytes leftover after parsing attributes in process `syz.4.253'.
[  174.186996][ T6173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  174.235467][ T6173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  174.612940][   T59] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  174.666579][ T6182] loop1: detected capacity change from 0 to 256
[  174.824379][   T59] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[  174.874464][   T59] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.917919][   T59] usb 3-1: config 0 has no interface number 0
[  174.935997][   T59] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11
[  174.967089][   T59] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024
[  174.984890][   T59] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  175.029337][   T59] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  175.060482][   T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.088480][   T59] usb 3-1: config 0 descriptor??
[  175.125708][ T6176] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  175.161015][   T59] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  176.197399][   T29] audit: type=1800 audit(1720143823.506:10): pid=6196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.257" name="file1" dev="loop1" ino=1048614 res=0 errno=0
[  176.305625][ T1051] usb 3-1: Failed to submit usb control message: -110
[  176.382274][ T1051] usb 3-1: unable to send the bmi data to the device: -110
[  176.436442][ T1051] usb 3-1: unable to get target info from device
[  176.462888][ T1051] usb 3-1: could not get target info (-110)
[  176.473629][ T1051] usb 3-1: could not probe fw (-110)
[  177.406953][ T5843] usb 3-1: USB disconnect, device number 14
[  178.490454][ T6219] netlink: 'syz.2.265': attribute type 10 has an invalid length.
[  178.541437][ T6219] netlink: 28 bytes leftover after parsing attributes in process `syz.2.265'.
[  178.542035][ T6222] netlink: 'syz.1.266': attribute type 10 has an invalid length.
[  178.631412][ T6222] netlink: 28 bytes leftover after parsing attributes in process `syz.1.266'.
[  178.862916][ T5843] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  179.044829][   T59] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  179.062906][ T5843] usb 3-1: Using ep0 maxpacket: 8
[  179.074355][ T5843] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  179.090361][ T5843] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  179.100012][ T5843] usb 3-1: config 1 has no interface number 1
[  179.106673][ T5843] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  179.172935][ T6232] binder_alloc: 6229: binder_alloc_buf, no vma
[  179.200167][ T5843] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  179.271902][ T5843] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  179.398094][ T5843] usb 3-1: config 1 interface 2 has no altsetting 0
[  179.484060][ T5843] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  179.608441][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.697612][ T5843] usb 3-1: Product: 쑿퉈ਝ쑻
[  179.714825][ T5843] usb 3-1: Manufacturer: ф
[  179.739656][ T5843] usb 3-1: SerialNumber: syz
[  179.846715][ T6228] loop4: detected capacity change from 0 to 32768
[  179.854865][ T6228] XFS: ikeep mount option is deprecated.
[  179.860553][ T6228] XFS: ikeep mount option is deprecated.
[  179.893964][   T59] usb 2-1: Using ep0 maxpacket: 8
[  180.293150][ T6228] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  180.738722][   T59] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.751169][   T59] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  180.762266][   T59] usb 2-1: config 1 has no interface number 1
[  180.769425][   T59] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  180.780765][   T59] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  180.792491][   T59] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  180.806611][   T59] usb 2-1: config 1 interface 2 has no altsetting 0
[  180.816205][   T59] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  180.829071][   T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.852328][   T59] usb 2-1: Product: 쑿퉈ਝ쑻
[  180.867895][   T59] usb 2-1: Manufacturer: ф
[  180.870639][ T5843] usb 3-1: USB disconnect, device number 15
[  180.874579][   T59] usb 2-1: SerialNumber: syz
[  180.990149][ T6247] loop3: detected capacity change from 0 to 256
[  181.014199][ T6228] XFS (loop4): Ending clean mount
[  181.107216][   T29] audit: type=1800 audit(1720143828.416:11): pid=6228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.268" name="bus" dev="loop4" ino=9289 res=0 errno=0
[  181.143357][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.225123][ T5088] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.251801][   T59] usb 2-1: USB disconnect, device number 7
[  181.515715][ T5098] udevd[5098]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.564981][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  181.578502][ T6248] FAT-fs (loop3): Filesystem has been set read-only
[  181.585396][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  181.595947][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  181.614816][   T29] audit: type=1800 audit(1720143828.916:12): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.271" name="file1" dev="loop3" ino=1048617 res=0 errno=0
[  181.634648][    C0] vkms_vblank_simulate: vblank timer overrun
[  181.793254][ T6255] loop2: detected capacity change from 0 to 4096
[  181.800856][ T6255] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  181.949983][ T6255] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  181.998735][ T6255] ntfs3: loop2: mft corrupted
[  182.010319][ T6255] ntfs3: loop2: Failed to load $Extend (-22).
[  182.039509][ T6255] ntfs3: loop2: Failed to initialize $Extend.
[  182.263909][ T6261] ntfs3: Unknown parameter '����������01777777777777777777777���X�c�v�:�Q���'
[  182.419243][ T6262] loop1: detected capacity change from 0 to 4096
[  182.461011][ T6262] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  182.630972][ T6262] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  182.669083][ T6262] ntfs3: loop1: mft corrupted
[  182.675289][ T6262] ntfs3: loop1: Failed to load $Extend (-22).
[  182.682230][ T5091] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  182.694689][ T6262] ntfs3: loop1: Failed to initialize $Extend.
[  182.713451][ T5091] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  182.783280][ T5091] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  182.851109][ T5091] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  182.860090][ T5091] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  182.867693][ T5091] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  183.296002][ T3515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.448833][ T6276] loop2: detected capacity change from 0 to 512
[  183.479271][ T6276] EXT4-fs: Ignoring removed bh option
[  183.513109][ T6276] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  183.553962][ T3515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.585980][ T6276] EXT4-fs (loop2): 1 truncate cleaned up
[  183.596779][ T6276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.619229][ T6276] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.952941][ T5109] Bluetooth: hci4: command tx timeout
[  185.213760][ T6293] overlayfs: missing 'lowerdir'
[  186.616165][ T3515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.651994][ T5109] Bluetooth: hci1: command 0x0406 tx timeout
[  186.659137][ T5103] Bluetooth: hci0: command 0x0406 tx timeout
[  186.665370][ T5109] Bluetooth: hci2: command 0x0406 tx timeout
[  186.753402][ T6298] netlink: 24 bytes leftover after parsing attributes in process `syz.3.283'.
[  186.765074][ T6291] loop1: detected capacity change from 0 to 2048
[  186.792232][ T4491] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  186.806605][ T6291] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  186.831123][ T6291] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  186.854157][ T6303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.938762][ T3515] team0: Port device netdevsim0 removed
[  186.949945][ T3515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.034671][ T5099] Bluetooth: hci4: command tx timeout
[  187.072909][ T5133] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  187.126768][ T6304] loop4: detected capacity change from 0 to 4096
[  187.160553][ T6304] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  187.267320][ T5133] usb 3-1: New USB device found, idVendor=093b, idProduct=a102, bcdDevice= 0.01
[  187.330880][ T5133] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.332933][ T6304] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  187.356111][ T5133] usb 3-1: Product: syz
[  187.360328][ T5133] usb 3-1: Manufacturer: syz
[  187.365210][ T6304] ntfs3: loop4: mft corrupted
[  187.370855][ T6304] ntfs3: loop4: Failed to load $Extend (-22).
[  187.382862][ T6304] ntfs3: loop4: Failed to initialize $Extend.
[  187.387557][ T5133] usb 3-1: SerialNumber: syz
[  187.391823][ T6266] chnl_net:caif_netlink_parms(): no params data found
[  187.418728][ T5133] usb 3-1: config 0 descriptor??
[  187.431633][ T5133] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  187.600700][ T6315] ntfs3: Unknown parameter '����������01777777777777777777777���X�c�v�:�Q���'
[  187.649852][ T3515] bridge_slave_1: left allmulticast mode
[  187.670521][ T3515] bridge_slave_1: left promiscuous mode
[  187.689211][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.711785][ T3515] bridge_slave_0: left allmulticast mode
[  187.726246][ T3515] bridge_slave_0: left promiscuous mode
[  187.739952][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.230430][ T6332] loop4: detected capacity change from 0 to 512
[  188.257843][ T6332] EXT4-fs: Ignoring removed bh option
[  188.292969][ T6332] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  189.112946][ T5099] Bluetooth: hci4: command tx timeout
[  189.356395][ T5099] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  189.366326][ T6332] EXT4-fs (loop4): 1 truncate cleaned up
[  189.401323][ T6332] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.485985][ T6332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.980249][ T6357] overlayfs: missing 'lowerdir'
[  190.628379][ T6366] loop1: detected capacity change from 0 to 8
[  190.813244][   T46] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  190.869582][ T3515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.891898][ T3515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.917164][ T3515] bond0 (unregistering): Released all slaves
[  191.026237][   T46] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  191.065676][   T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.080198][   T46] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  191.120938][ T6266] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.132415][   T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.150167][ T6266] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.167949][   T46] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  191.178409][ T6266] bridge_slave_0: entered allmulticast mode
[  191.187222][   T46] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  191.194523][ T6266] bridge_slave_0: entered promiscuous mode
[  191.202854][ T5099] Bluetooth: hci4: command tx timeout
[  191.209989][   T46] usb 5-1: Product: syz
[  191.220189][   T46] usb 5-1: Manufacturer: syz
[  191.230597][ T6266] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.255632][   T46] cdc_wdm 5-1:1.0: skipping garbage
[  191.260927][   T46] cdc_wdm 5-1:1.0: skipping garbage
[  191.271739][ T6266] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.280720][ T6266] bridge_slave_1: entered allmulticast mode
[  191.295486][ T6266] bridge_slave_1: entered promiscuous mode
[  191.370247][   T46] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  191.388372][   T46] cdc_wdm 5-1:1.0: Unknown control protocol
[  191.552530][ T6266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.631520][ T6266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.883064][ T5133] usb 3-1: USB disconnect, device number 16
[  191.913526][ T6266] team0: Port device team_slave_0 added
[  191.935114][   T46] usb 5-1: USB disconnect, device number 9
[  192.002307][ T6266] team0: Port device team_slave_1 added
[  192.110316][ T3515] hsr_slave_0: left promiscuous mode
[  192.135398][ T3515] hsr_slave_1: left promiscuous mode
[  192.171858][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.179853][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.192406][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.193109][ T5843] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  192.200694][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.256851][ T3515] veth1_macvtap: left promiscuous mode
[  192.262544][ T3515] veth0_macvtap: left promiscuous mode
[  192.269618][ T3515] veth1_vlan: left promiscuous mode
[  192.281601][ T3515] veth0_vlan: left promiscuous mode
[  192.437122][ T5843] usb 2-1: config 0 has an invalid interface number: 106 but max is 0
[  192.471212][ T5843] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.565134][ T5843] usb 2-1: config 0 has no interface number 0
[  192.584798][ T5843] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11
[  192.608850][ T5843] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024
[  192.615237][   T46] libceph: connect (1)[c::]:6789 error -101
[  192.634817][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  192.641506][   T46] libceph: connect (1)[c::]:6789 error -101
[  192.648826][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  192.690128][ T5843] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  192.727871][ T6389] ceph: No mds server is up or the cluster is laggy
[  192.753231][ T5843] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  192.819127][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.870055][ T6398] loop4: detected capacity change from 0 to 512
[  192.923429][ T6398] EXT4-fs: Ignoring removed bh option
[  192.951910][ T5843] usb 2-1: config 0 descriptor??
[  192.964311][ T6398] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  193.021219][ T6374] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  193.044845][ T6398] EXT4-fs (loop4): 1 truncate cleaned up
[  193.091518][ T5843] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  193.094294][ T6398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.368179][ T6398] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.930178][ T6415] overlayfs: missing 'lowerdir'
[  194.163504][   T11] usb 2-1: Failed to submit usb control message: -110
[  194.193067][   T11] usb 2-1: unable to send the bmi data to the device: -110
[  194.262920][   T11] usb 2-1: unable to get target info from device
[  194.310102][   T11] usb 2-1: could not get target info (-110)
[  194.334161][   T11] usb 2-1: could not probe fw (-110)
[  194.469016][ T6419] loop4: detected capacity change from 0 to 8
[  194.652714][ T5200] usb 2-1: USB disconnect, device number 8
[  194.680047][ T3515] team0 (unregistering): Port device team_slave_1 removed
[  194.790209][ T5099] Bluetooth: hci1: SCO packet for unknown connection handle 1039
[  194.801534][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  194.818026][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  194.862722][ T6424] loop1: detected capacity change from 0 to 512
[  194.876109][ T3515] team0 (unregistering): Port device team_slave_0 removed
[  194.895568][ T6424] EXT4-fs: Ignoring removed bh option
[  194.909658][ T6424] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  194.943251][ T6424] EXT4-fs (loop1): 1 truncate cleaned up
[  194.982153][ T6424] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.034279][ T6424] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.353626][ T5099] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  195.490332][ T6435] loop3: detected capacity change from 0 to 64
[  196.635471][ T5099] Bluetooth: hci2: Malformed HCI Event: 0x22
[  196.751879][ T6451] Cannot find add_set index 0 as target
[  196.968038][ T6454] overlayfs: missing 'lowerdir'
[  197.272798][    C1] DEBUG: holding rtnl_mutex for 517 jiffies.
[  197.279015][    C1] task:kworker/u8:10   state:R  running task     stack:20280 pid:3515  tgid:3515  ppid:2      flags:0x00004000
[  197.291273][    C1] Workqueue: netns cleanup_net
[  197.296459][    C1] Call Trace:
[  197.299786][    C1]  <TASK>
[  197.302817][    C1]  __schedule+0x1800/0x4a60
[  197.307406][    C1]  ? __pfx___schedule+0x10/0x10
[  197.312373][    C1]  ? __pfx_lock_release+0x10/0x10
[  197.317593][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  197.323704][    C1]  ? kthread_data+0x52/0xd0
[  197.328316][    C1]  ? wq_worker_sleeping+0x66/0x240
[  197.333534][    C1]  ? schedule+0x90/0x320
[  197.337853][    C1]  schedule+0x14b/0x320
[  197.342082][    C1]  synchronize_rcu_expedited+0x684/0x830
[  197.347858][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  197.354074][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  197.359544][    C1]  ? __pfx___might_resched+0x10/0x10
[  197.364877][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  197.370970][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  197.377244][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  197.383640][    C1]  synchronize_rcu+0x11b/0x360
[  197.388450][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  197.393938][    C1]  lockdep_unregister_key+0x556/0x610
[  197.399400][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  197.405368][    C1]  ? rcu_is_watching+0x15/0xb0
[  197.410165][    C1]  ? qdisc_reset+0x3bf/0x5b0
[  197.414838][    C1]  __qdisc_destroy+0x165/0x410
[  197.419626][    C1]  dev_shutdown+0x9b/0x440
[  197.424374][    C1]  unregister_netdevice_many_notify+0x9c7/0x1d20
[  197.430761][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  197.437637][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  197.443836][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  197.450042][    C1]  default_device_exit_batch+0xa0f/0xa90
[  197.455820][    C1]  ? __pfx___might_resched+0x10/0x10
[  197.461184][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  197.467461][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  197.472829][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  197.479134][    C1]  cleanup_net+0x89d/0xcc0
[  197.483597][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  197.488558][    C1]  ? process_scheduled_works+0x945/0x1830
[  197.494360][    C1]  process_scheduled_works+0xa2c/0x1830
[  197.499982][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  197.506022][    C1]  ? assign_work+0x364/0x3d0
[  197.510645][    C1]  worker_thread+0x86d/0xd40
[  197.515272][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  197.521267][    C1]  ? __kthread_parkme+0x169/0x1d0
[  197.526330][    C1]  ? __pfx_worker_thread+0x10/0x10
[  197.531482][    C1]  kthread+0x2f0/0x390
[  197.535616][    C1]  ? __pfx_worker_thread+0x10/0x10
[  197.540745][    C1]  ? __pfx_kthread+0x10/0x10
[  197.545390][    C1]  ret_from_fork+0x4b/0x80
[  197.549867][    C1]  ? __pfx_kthread+0x10/0x10
[  197.554503][    C1]  ret_from_fork_asm+0x1a/0x30
[  197.559472][    C1]  </TASK>
[  197.562530][    C1] DEBUG: waiting rtnl_mutex for 550 jiffies.
[  197.568658][    C1] task:syz-executor    state:D stack:21024 pid:6266  tgid:6266  ppid:6258   flags:0x00004000
[  197.579205][    C1] Call Trace:
[  197.582509][    C1]  <TASK>
[  197.585647][    C1]  __schedule+0x1800/0x4a60
[  197.590186][    C1]  ? __pfx___schedule+0x10/0x10
[  197.595102][    C1]  ? __pfx_lock_release+0x10/0x10
[  197.600238][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  197.605763][    C1]  ? schedule+0x90/0x320
[  197.610268][    C1]  schedule+0x14b/0x320
[  197.614483][    C1]  schedule_preempt_disabled+0x13/0x30
[  197.619949][    C1]  __mutex_lock+0x6a4/0xd70
[  197.624505][    C1]  ? __mutex_lock+0x527/0xd70
[  197.629236][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[  197.634637][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  197.639770][    C1]  ? get_rtnl_holder+0x144/0x190
[  197.644794][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[  197.649839][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[  197.655106][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  197.660701][    C1]  ? is_bpf_text_address+0x285/0x2a0
[  197.666039][    C1]  ? __pfx_validate_chain+0x10/0x10
[  197.671352][    C1]  ? __pfx_validate_chain+0x10/0x10
[  197.676672][    C1]  ? arch_stack_walk+0x16d/0x1b0
[  197.681688][    C1]  ? mark_lock+0x9a/0x360
[  197.686777][    C1]  ? __pfx_validate_chain+0x10/0x10
[  197.692195][    C1]  ? __lock_acquire+0x1359/0x2000
[  197.697339][    C1]  ? mark_lock+0x9a/0x360
[  197.701701][    C1]  ? __lock_acquire+0x1359/0x2000
[  197.706921][    C1]  netlink_rcv_skb+0x1e3/0x430
[  197.711868][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  197.717469][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  197.723042][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  197.728295][    C1]  netlink_unicast+0x7f0/0x990
[  197.733116][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  197.738411][    C1]  ? __virt_addr_valid+0x183/0x530
[  197.743709][    C1]  ? __check_object_size+0x49c/0x900
[  197.749347][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  197.754535][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  197.759617][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.765324][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  197.771335][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  197.776353][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  197.781667][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  197.787184][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.792870][    C1]  __sock_sendmsg+0x221/0x270
[  197.797793][    C1]  __sys_sendto+0x3a4/0x4f0
[  197.802306][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  197.807416][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  197.813472][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  197.819807][    C1]  __x64_sys_sendto+0xde/0x100
[  197.824621][    C1]  do_syscall_64+0xf3/0x230
[  197.829196][    C1]  ? clear_bhb_loop+0x35/0x90
[  197.833918][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.839924][    C1] RIP: 0033:0x7f33f277796c
[  197.844612][    C1] RSP: 002b:00007ffffb2b4c90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  197.853107][    C1] RAX: ffffffffffffffda RBX: 00007f33f3434620 RCX: 00007f33f277796c
[  197.861324][    C1] RDX: 000000000000006c RSI: 00007f33f3434670 RDI: 0000000000000003
[  197.869342][    C1] RBP: 0000000000000000 R08: 00007ffffb2b4ce4 R09: 000000000000000c
[  197.877587][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  197.885622][    C1] R13: 0000000000000000 R14: 00007f33f3434670 R15: 0000000000000000
[  197.893646][    C1]  </TASK>
[  197.896694][    C1] 
[  197.896694][    C1] Showing all locks held in the system:
[  197.904597][    C1] 3 locks held by kworker/1:1/46:
[  197.909609][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  197.920666][    C1]  #1: ffffc90000b67d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  197.931722][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  197.940951][    C1] 5 locks held by kworker/u8:4/58:
[  197.946318][    C1]  #0: ffff88802a932948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  197.958252][    C1]  #1: ffffc9000123fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  197.971575][    C1]  #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610
[  197.981137][    C1]  #3: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  197.991327][    C1]  #4: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  198.001398][    C1] 5 locks held by kworker/u8:10/3515:
[  198.006789][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  198.017744][    C1]  #1: ffffc9000af8fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  198.028377][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  198.038025][    C1]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  198.048222][    C1]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  198.060151][    C1] 1 lock held by udevd/4547:
[  198.064921][    C1] 1 lock held by dhcpcd/4761:
[  198.069638][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  198.079107][    C1] 2 locks held by getty/4848:
[  198.084001][    C1]  #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  198.093924][    C1]  #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  198.104188][    C1] 2 locks held by kworker/0:3/5133:
[  198.109412][    C1] 2 locks held by syz-executor/5615:
[  198.114887][    C1] 1 lock held by syz-executor/6266:
[  198.120094][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  198.130029][    C1] 1 lock held by syz.2.307/6430:
[  198.134985][    C1]  #0: ffffffff8eb3e5e8 (reading_mutex){+.+.}-{3:3}, at: rng_dev_read+0x171/0x6d0
[  198.144296][    C1] 1 lock held by syz.3.310/6449:
[  198.149581][    C1] 1 lock held by syz.3.310/6451:
[  198.155170][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x21e/0x1bc0
[  198.164208][    C1] 1 lock held by syz.4.312/6452:
[  198.169146][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  198.178687][    C1] 
[  198.180995][    C1] =============================================
[  198.180995][    C1] 
[  198.483507][ T6452] netlink: 'syz.4.312': attribute type 10 has an invalid length.
[  198.528582][ T6452] team0: Port device netdevsim0 removed
[  198.560878][ T6452] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  198.574033][ T6451] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  198.583203][ T6451] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  198.644841][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.652026][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.696036][ T6266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.717909][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.725132][ T5099] Bluetooth: hci2: command 0x0406 tx timeout
[  198.735825][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.781979][ T6266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  198.872064][ T5099] Bluetooth: hci0: Malformed HCI Event: 0x22
[  198.955604][ T6266] hsr_slave_0: entered promiscuous mode
[  198.973182][ T6266] hsr_slave_1: entered promiscuous mode
[  199.004154][ T6266] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  199.018143][ T6266] Cannot create hsr debugfs directory
[  199.121215][ T6467] Cannot find add_set index 0 as target
[  199.340201][ T6471] loop1: detected capacity change from 0 to 8
[  199.420052][ T6467] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  199.431693][ T6467] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  200.022553][ T5099] Bluetooth: hci2: SCO packet for unknown connection handle 1039
[  200.152962][ T5133] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  200.231797][ T6486] loop4: detected capacity change from 0 to 64
[  200.403063][ T5133] usb 2-1: Using ep0 maxpacket: 32
[  200.560564][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.593034][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.644692][ T5133] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  200.818655][ T5133] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  200.874140][ T5099] Bluetooth: hci0: command 0x0406 tx timeout
[  200.952358][ T5133] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  201.031530][ T5133] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  201.194991][ T5133] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  201.269011][ T5133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.308614][ T5133] usb 2-1: Product: syz
[  201.323016][ T5133] usb 2-1: Manufacturer: syz
[  201.339099][ T5133] usb 2-1: SerialNumber: syz
[  201.388783][ T6492] loop4: detected capacity change from 0 to 512
[  201.422056][ T6492] EXT4-fs: Ignoring removed bh option
[  201.461565][ T6492] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  201.545582][ T6492] EXT4-fs (loop4): 1 truncate cleaned up
[  201.591581][ T6492] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.608561][ T6479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.643175][ T6479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.692335][ T5133] cdc_ncm 2-1:1.0: bind() failure
[  201.725215][ T5133] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  201.743254][ T6492] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.795760][ T5133] cdc_ncm 2-1:1.1: bind() failure
[  201.853492][ T6266] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  201.884233][ T5133] usb 2-1: USB disconnect, device number 9
[  202.034336][ T6266] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  202.094030][ T6266] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  202.143617][ T6266] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  202.234298][ T6505] netlink: 'syz.3.324': attribute type 10 has an invalid length.
[  202.278710][ T6505] team0: Port device netdevsim0 removed
[  202.321870][ T6505] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  202.331209][ T5099] Bluetooth: hci0: Malformed HCI Event: 0x22
[  202.337553][    T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  202.464676][ T6510] Cannot find add_set index 0 as target
[  202.553723][ T6510] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  202.577734][ T6510] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  202.579667][ T6515] loop3: detected capacity change from 0 to 8
[  202.602918][    T8] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  202.606384][ T6266] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.627474][    T8] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  202.651361][    T8] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  202.700414][ T6266] 8021q: adding VLAN 0 to HW filter on device team0
[  202.700532][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.782568][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.790142][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.830574][ T5200] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.837927][ T5200] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.187382][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  203.214044][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  203.222829][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  203.231284][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  203.239356][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  203.274286][   T46] usb 3-1: USB disconnect, device number 17
[  203.398572][ T6533] netlink: 'syz.4.328': attribute type 10 has an invalid length.
[  203.454387][ T6533] bond0: (slave netdevsim0): Releasing backup interface
[  203.490027][ T6533] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  203.526026][ T6533] team0: Failed to send options change via netlink (err -105)
[  203.546083][ T6540] loop3: detected capacity change from 0 to 64
[  203.552950][ T6533] team0: Port device netdevsim0 added
[  203.568755][ T6538] netlink: 28 bytes leftover after parsing attributes in process `syz.1.329'.
[  203.738480][ T6266] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.827707][ T6266] veth0_vlan: entered promiscuous mode
[  204.393394][ T5099] Bluetooth: hci0: command 0x0406 tx timeout
[  204.428976][ T6266] veth1_vlan: entered promiscuous mode
[  204.593336][ T5200] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  204.616693][ T6266] veth0_macvtap: entered promiscuous mode
[  204.659703][ T6266] veth1_macvtap: entered promiscuous mode
[  204.692450][ T5099] Bluetooth: hci6: SCO packet for unknown connection handle 201
[  204.704054][ T5099] Bluetooth: hci6: SCO packet for unknown connection handle 1039
[  204.778502][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.833851][ T5200] usb 5-1: Using ep0 maxpacket: 8
[  204.863155][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.883632][ T5200] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.903843][ T5200] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  204.913081][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.939284][ T5200] usb 5-1: config 1 has no interface number 1
[  204.945691][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.966360][ T5200] usb 5-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  204.998092][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.019789][ T5200] usb 5-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  205.065900][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.100562][ T5200] usb 5-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  205.153302][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.160317][ T5200] usb 5-1: config 1 interface 2 has no altsetting 0
[  205.174453][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.194870][ T5200] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  205.215143][ T5200] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.277311][ T5200] usb 5-1: Product: 쑿퉈ਝ쑻
[  205.319905][ T5200] usb 5-1: Manufacturer: ф
[  205.346180][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_0
[  205.438667][ T5200] usb 5-1: SerialNumber: syz
[  205.804869][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.833004][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.883119][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.915872][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.932825][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.959540][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.976798][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.997768][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.028267][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_1
[  206.036143][ T5200] usb 5-1: USB disconnect, device number 10
[  206.059950][ T6266] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.087163][ T6266] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.112826][ T6266] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.141074][ T6266] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  206.314010][    T8] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  206.327855][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.359322][ T5099] Bluetooth: hci1: Malformed HCI Event: 0x22
[  206.481654][ T6581] Cannot find add_set index 0 as target
[  206.494086][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.520795][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.568822][    T8] usb 4-1: Using ep0 maxpacket: 32
[  206.614388][    T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.644478][ T6581] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  206.649595][    T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.666755][ T6581] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  206.683980][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.688876][    T8] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  206.702396][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.738609][    T8] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  206.782827][    T8] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  206.822033][ T6591] loop1: detected capacity change from 0 to 8
[  206.825913][    T8] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  206.990683][    T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  207.182983][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.832272][    T8] usb 4-1: Product: syz
[  207.850861][    T8] usb 4-1: Manufacturer: syz
[  207.872838][    T8] usb 4-1: SerialNumber: syz
[  208.136329][ T6573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.167684][ T6573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.283836][ T5133] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  208.321638][    T8] cdc_ncm 4-1:1.0: bind() failure
[  208.393484][ T5099] Bluetooth: hci1: command 0x0406 tx timeout
[  208.418032][    T8] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  208.426999][    T8] cdc_ncm 4-1:1.1: bind() failure
[  208.453190][   T46] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  208.455818][    T8] usb 4-1: USB disconnect, device number 12
[  208.544883][ T5133] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  208.586384][ T5133] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  208.643912][ T5133] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  208.646128][   T52] ------------[ cut here ]------------
[  208.656075][ T5133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.659341][   T52] WARNING: CPU: 1 PID: 52 at net/wireless/nl80211.c:19513 cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.659382][   T52] Modules linked in:
[  208.659403][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  208.659422][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  208.659434][   T52] Workqueue: phy3 ieee80211_color_collision_detection_work
[  208.659458][   T52] RIP: 0010:cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.659482][   T52] Code: 00 e8 fc b9 b6 fe 48 83 c4 08 89 c1 c1 f8 1f 21 c8 e9 08 fd ff ff e8 67 b3 ab f6 90 0f 0b 90 e9 6f fb ff ff e8 59 b3 ab f6 90 <0f> 0b 90 e9 36 fb ff ff e8 4b b3 ab f6 c6 05 8b 02 b2 04 01 90 48
[  208.659496][   T52] RSP: 0018:ffffc90000bc7aa0 EFLAGS: 00010293
[  208.659510][   T52] RAX: ffffffff8ae7d087 RBX: 0000000000000000 RCX: ffff888015b68000
[  208.659522][   T52] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  208.659532][   T52] RBP: ffffc90000bc7bb0 R08: ffffffff8ae7cbb2 R09: 1ffffffff1f5ef4d
[  208.659545][   T52] R10: dffffc0000000000 R11: ffffffff8b037720 R12: 1ffff92000178f5c
[  208.659558][   T52] R13: ffff88802ef38000 R14: ffff88802ef38cd0 R15: dffffc0000000000
[  208.659571][   T52] FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  208.659585][   T52] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.659597][   T52] CR2: 0000001b3321fffc CR3: 0000000069d12000 CR4: 00000000003506f0
[  208.659612][   T52] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.659623][   T52] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  208.659634][   T52] Call Trace:
[  208.659641][   T52]  <TASK>
[  208.659650][   T52]  ? __warn+0x168/0x4e0
[  208.659666][   T52]  ? cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.659691][   T52]  ? report_bug+0x2b3/0x500
[  208.659712][   T52]  ? cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.659738][   T52]  ? handle_bug+0x3e/0x70
[  208.659754][   T52]  ? exc_invalid_op+0x1a/0x50
[  208.659770][   T52]  ? asm_exc_invalid_op+0x1a/0x20
[  208.659792][   T52]  ? __pfx_ieee80211_color_collision_detection_work+0x10/0x10
[  208.659813][   T52]  ? cfg80211_bss_color_notify+0x122/0x8b0
[  208.659834][   T52]  ? cfg80211_bss_color_notify+0x5f7/0x8b0
[  208.659858][   T52]  ? cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.659891][   T52]  ? __pfx_lock_acquire+0x10/0x10
[  208.659914][   T52]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  208.659934][   T52]  ? __pfx_cfg80211_bss_color_notify+0x10/0x10
[  208.659957][   T52]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  208.659988][   T52]  ? process_scheduled_works+0x945/0x1830
[  208.660007][   T52]  process_scheduled_works+0xa2c/0x1830
[  208.660052][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  208.660079][   T52]  ? assign_work+0x364/0x3d0
[  208.660104][   T52]  worker_thread+0x86d/0xd40
[  208.660136][   T52]  ? __kthread_parkme+0x169/0x1d0
[  208.660160][   T52]  ? __pfx_worker_thread+0x10/0x10
[  208.660179][   T52]  kthread+0x2f0/0x390
[  208.660200][   T52]  ? __pfx_worker_thread+0x10/0x10
[  208.660219][   T52]  ? __pfx_kthread+0x10/0x10
[  208.660241][   T52]  ret_from_fork+0x4b/0x80
[  208.660261][   T52]  ? __pfx_kthread+0x10/0x10
[  208.660282][   T52]  ret_from_fork_asm+0x1a/0x30
[  208.660317][   T52]  </TASK>
[  208.660325][   T52] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  208.660336][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  208.660354][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  208.660365][   T52] Workqueue: phy3 ieee80211_color_collision_detection_work
[  208.660386][   T52] Call Trace:
[  208.660394][   T52]  <TASK>
[  208.660401][   T52]  dump_stack_lvl+0x241/0x360
[  208.660429][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.660452][   T52]  ? __pfx__printk+0x10/0x10
[  208.660482][   T52]  ? vscnprintf+0x5d/0x90
[  208.660502][   T52]  panic+0x349/0x870
[  208.660526][   T52]  ? __warn+0x177/0x4e0
[  208.660542][   T52]  ? __pfx_panic+0x10/0x10
[  208.660575][   T52]  ? ret_from_fork_asm+0x1a/0x30
[  208.660601][   T52]  __warn+0x34b/0x4e0
[  208.660617][   T52]  ? cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.660643][   T52]  report_bug+0x2b3/0x500
[  208.660663][   T52]  ? cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.660691][   T52]  handle_bug+0x3e/0x70
[  208.660707][   T52]  exc_invalid_op+0x1a/0x50
[  208.660725][   T52]  asm_exc_invalid_op+0x1a/0x20
[  208.660743][   T52] RIP: 0010:cfg80211_bss_color_notify+0x5f8/0x8b0
[  208.660766][   T52] Code: 00 e8 fc b9 b6 fe 48 83 c4 08 89 c1 c1 f8 1f 21 c8 e9 08 fd ff ff e8 67 b3 ab f6 90 0f 0b 90 e9 6f fb ff ff e8 59 b3 ab f6 90 <0f> 0b 90 e9 36 fb ff ff e8 4b b3 ab f6 c6 05 8b 02 b2 04 01 90 48
[  208.660780][   T52] RSP: 0018:ffffc90000bc7aa0 EFLAGS: 00010293
[  208.660795][   T52] RAX: ffffffff8ae7d087 RBX: 0000000000000000 RCX: ffff888015b68000
[  208.660808][   T52] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  208.660819][   T52] RBP: ffffc90000bc7bb0 R08: ffffffff8ae7cbb2 R09: 1ffffffff1f5ef4d
[  208.660832][   T52] R10: dffffc0000000000 R11: ffffffff8b037720 R12: 1ffff92000178f5c
[  208.660845][   T52] R13: ffff88802ef38000 R14: ffff88802ef38cd0 R15: dffffc0000000000
[  208.660863][   T52]  ? __pfx_ieee80211_color_collision_detection_work+0x10/0x10
[  208.660891][   T52]  ? cfg80211_bss_color_notify+0x122/0x8b0
[  208.660912][   T52]  ? cfg80211_bss_color_notify+0x5f7/0x8b0
[  208.660941][   T52]  ? __pfx_lock_acquire+0x10/0x10
[  208.660962][   T52]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  208.660984][   T52]  ? __pfx_cfg80211_bss_color_notify+0x10/0x10
[  208.661015][   T52]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  208.661047][   T52]  ? process_scheduled_works+0x945/0x1830
[  208.661066][   T52]  process_scheduled_works+0xa2c/0x1830
[  208.661110][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  208.661138][   T52]  ? assign_work+0x364/0x3d0
[  208.661163][   T52]  worker_thread+0x86d/0xd40
[  208.661196][   T52]  ? __kthread_parkme+0x169/0x1d0
[  208.661221][   T52]  ? __pfx_worker_thread+0x10/0x10
[  208.661241][   T52]  kthread+0x2f0/0x390
[  208.661262][   T52]  ? __pfx_worker_thread+0x10/0x10
[  208.661282][   T52]  ? __pfx_kthread+0x10/0x10
[  208.661304][   T52]  ret_from_fork+0x4b/0x80
[  208.661324][   T52]  ? __pfx_kthread+0x10/0x10
[  208.661346][   T52]  ret_from_fork_asm+0x1a/0x30
[  208.661381][   T52]  </TASK>
[  208.667584][   T52] Kernel Offset: disabled