last executing test programs:

11.607163381s ago: executing program 1 (id=2530):
r0 = syz_usbip_server_init(0x3)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000100)={<r3=>0x0, @local, @loopback}, &(0x7f0000000180)=0xc)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newaddr={0x34, 0x14, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast2}, @IFA_RT_PRIORITY={0x8}]}, 0x34}, 0x1, 0x8, 0x0, 0x10}, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r2, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="8118f78b3b05d147"], 0x8)
setsockopt$inet6_int(r2, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000140)={0x2, [0x9, 0xcf29]}, &(0x7f0000000280)=0x8)
syz_emit_ethernet(0x7e, &(0x7f0000000200)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "570002", 0x48, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "c5e4"}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10}, 0x2, {0x0, 0x1}}}}}}}}}, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$BTRFS_IOC_INO_PATHS(r4, 0xc0389423, &(0x7f0000000340)={0x1738c0, 0x0, [0x8, 0x8, 0x3, 0x8], 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0x9c3c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
r7 = fcntl$dupfd(r5, 0x0, r6)
write$P9_RMKNOD(r7, &(0x7f0000000080)={0x14}, 0xfdef)
sendfile(r0, r1, 0x0, 0x6)

10.711309608s ago: executing program 1 (id=2541):
open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, &(0x7f00000000c0), 0x371, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x2, 0x1, 0x5, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0x562}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x40, 0x0, 0xff}, {0x6, 0x24, 0x1a, 0x311, 0x8}, [@country_functional={0x10, 0x24, 0x7, 0x4, 0xfc00, [0x9, 0x1, 0x7ff, 0x7f, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0xd9, 0x2, [0x3, 0x17c, 0x543]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @mdlm_detail={0x27, 0x24, 0x13, 0x7f, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}, @country_functional={0xc, 0x24, 0x7, 0xff, 0xcdc, [0x6, 0x1, 0x30d]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xbf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0x80, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x1f, 0x4d}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r3, &(0x7f00000009c0)={0x14, &(0x7f0000000880)={0x0, 0x24, 0xf8, {0xf8, 0x23, "b718f59a3ac120a29be448eb20ffd4a1cbdbe751e8391e6c0aac82810bb4a414eef45bd1234ea4e31bfa60c7f49fd515440d887370b8a17623aa491b01173d6ba4deea3bb8a110c80f50bb2b3326188d515e3e0252286c7925fe187b81bcfd9213e9664003581865dda608032290b5a4782f737226d6a702d7a54dd73430b6abebbc544992090138430c7899f4b55ab523a1361d702de958d94f6b7c6c3ea9be39b012c06f9b9e8ed026d87147da89ba9024093579898f970e13543cc3fd1026e5dcf788175506c47ed627da6b9fcb741f78436abc46d90d9360314bc3837dc097dc07f0ee16e1f6787942291eb59d85f596de1c04f6"}}, &(0x7f0000000980)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c00)={0x44, &(0x7f0000000a00)={0x40, 0x9, 0x18, "39629046a25102e9b18ba51e183aa0291da28610314dd76c"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000ac0)={0x20, 0x80, 0x1c, {0x9, 0x1, 0x0, 0x4, 0x0, 0x1000, 0x4, 0x0, 0x4a8c, 0x3ff, 0x8, 0xfff}}, &(0x7f0000000b00)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000b40)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000b80)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000bc0)={0x20, 0x89, 0x2, 0x1}})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001400)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
setresuid(0x0, 0x0, 0x0)
setresuid(r6, 0x0, 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x90)

8.193564589s ago: executing program 2 (id=2547):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x19, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2}, {@private}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_read_part_table(0x103c, &(0x7f0000001040)="$eJzszjEOQUEYhdE7iEwlswRqq/i1apVNWILEWjQ2p1BLRK+W95Jz6pubL8zS8X15JdftLrdaJD1pPUmN3A/7bEZy/s5qmWet00ay+vFyevy/HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5xMAAP//1hgIrg==")

7.510425606s ago: executing program 2 (id=2551):
r0 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000540)='id_legacy\x00', 0x0, &(0x7f00000005c0)='\x00', r0)
add_key(&(0x7f00000000c0)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='j', 0x1, 0xfffffffffffffffd)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, 0x0, 0xffffffffffffffff)

7.392753818s ago: executing program 1 (id=2553):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
io_setup(0x4, &(0x7f0000002c40)=<r5=>0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
io_submit(r5, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x8, 0x9)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000001500))
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
r7 = open(&(0x7f00000000c0)='.\x00', 0x80000, 0x0)
getdents(r7, &(0x7f0000001fc0)=""/184, 0x20002078)

7.263168333s ago: executing program 2 (id=2554):
open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, &(0x7f00000000c0), 0x496, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b24156d5735d1ee7064b07bde3a7643cb7631057346202cad2bf48adc717df4d77cf46fcb20c5bdfd317b1b665041d9254ae8d88732fbbe90ad508"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x2, 0x1, 0x5, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0x562}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x40, 0x0, 0xff}, {0x6, 0x24, 0x1a, 0x311, 0x8}, [@country_functional={0x10, 0x24, 0x7, 0x4, 0xfc00, [0x9, 0x1, 0x7ff, 0x7f, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0xd9, 0x2, [0x3, 0x17c, 0x543]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @mdlm_detail={0x27, 0x24, 0x13, 0x7f, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}, @country_functional={0xc, 0x24, 0x7, 0xff, 0xcdc, [0x6, 0x1, 0x30d]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xbf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0x80, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x1f, 0x4d}}}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001400)={0x2020, 0x0, 0x0, <r5=>0x0}, 0x2020)
setresuid(0x0, 0x0, 0x0)
setresuid(r5, 0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x90)

6.277768776s ago: executing program 1 (id=2557):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000001480)={0x2c, &(0x7f0000001280)={0x0, 0x22, 0x20, {0x20, 0x22, "96fb7ca6b82d8a2e575c9bc81a810a7ae31c1bf625d32955bdef674da5e5"}}, &(0x7f0000001300)={0x0, 0x3, 0x90, @string={0x90, 0x3, "dc1a6c60b78a0d20c6b812752f30d19f2aaba7c46ac068d1b8731a41de8de89efbdb3b2234a837257f5d0d13700ae79184611fd9c8be2d8cf9386dd11cb3e6763c412186776d159c3e46ab40243a48d05319efbee0d0b6dd623cbafcd6aabf3cf596ced197b39c6f9be9720923c3fae81d4a39b368f2447c2269c2d7611c3522285b7ea5457dc63fb1c4f2ec75c7"}}, &(0x7f00000013c0)={0x0, 0xf, 0x10, {0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x10, 0x6, 0x80, 0x8000, 0x1}]}}, &(0x7f0000001400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x81, 0x6e, 0x0, 0xf8, "a6fb18b9", "3591ede4"}}, 0x0}, &(0x7f0000001980)={0x84, &(0x7f00000014c0)={0x0, 0x9, 0xcd, "b620b91eb063a7ae9a4d4aced56ef748963c22d5dcd6d56a444009545e8b712c53983032678d6c971889d2519a20b7d100127ed0ed0a9204ebc4fb5e92dc63d36d02045bbf76dbceb452da005a9efd6b6889b22d51aa40ac1190395ee7eea06f89a700f1cd5d3d98b70dd83ab267276e5c449e29abcd673be68a051ec6f50260fa36b8165bad1dec18cc6d4e6b95865d32fc7de282d951bb41b46af30afafecb2e51cbf8dd8d0e073092a7cf5e2fb1bf839067f46bffa5be0f9f6562b99bee7583508a6a9973a7f8401efb268f"}, &(0x7f00000015c0)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000001600)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000001640)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000001680)={0x20, 0x0, 0x4, {0x140, 0x2}}, &(0x7f00000016c0)={0x40, 0x7, 0x2, 0xfff8}, &(0x7f0000001700)={0x40, 0x9, 0x1}, &(0x7f0000001740)={0x40, 0xb, 0x2, '~d'}, &(0x7f0000001780)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000017c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000001800)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000001840)={0x40, 0x19, 0x2, "a767"}, &(0x7f0000001880)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000018c0)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000001900)={0x40, 0x1e, 0x1}, &(0x7f0000001940)={0x40, 0x21, 0x1, 0x1f}})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x44, &(0x7f0000000580)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6.216579508s ago: executing program 3 (id=2559):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
syslog(0xa, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0)
ftruncate(r1, 0x20cf01)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000001140)={'\x00', 0x1, 0x7, 0x3f, 0x0, 0x200, 0x2, 0x4000, '\x00', 0x8})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000005a"], 0x0, 0x76}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b736c97102439d39375d17bc3a80b14702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000ab000400000084e2bd20b9d320e83edb0723a0fa94406329ffc07a1e0bbb14a63c000040c67c3da1714086a73ef03e", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
read$hidraw(r0, &(0x7f0000000180)=""/69, 0x45)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4010000ecffffff6111a4000000000006000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

6.018928735s ago: executing program 3 (id=2561):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
syslog(0xa, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
ftruncate(r1, 0x20cf01)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000001140)={'\x00', 0x1, 0x7, 0x3f, 0x0, 0x200, 0x2, 0x4000, '\x00', 0x8})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000005a"], 0x0, 0x76}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b736c97102439d39375d17bc3a80b14702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000ab000400000084e2bd20b9d320e83edb0723a0fa94406329ffc07a1e0bbb14a63c000040c67c3da1714086a73ef03e", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
read$hidraw(r0, &(0x7f0000000180)=""/69, 0x45)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4010000ecffffff6111a4000000000006000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

6.015118426s ago: executing program 0 (id=2562):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x19, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2}, {@private}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_read_part_table(0x103c, &(0x7f0000001040)="$eJzszjEOQUEYhdE7iEwlswRqq/i1apVNWILEWjQ2p1BLRK+W95Jz6pubL8zS8X15JdftLrdaJD1pPUmN3A/7bEZy/s5qmWet00ay+vFyevy/HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5xMAAP//1hgIrg==")

5.863856334s ago: executing program 3 (id=2563):
open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, &(0x7f00000000c0), 0x371, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x2, 0x1, 0x5, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0x562}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x40, 0x0, 0xff}, {0x6, 0x24, 0x1a, 0x311, 0x8}, [@country_functional={0x10, 0x24, 0x7, 0x4, 0xfc00, [0x9, 0x1, 0x7ff, 0x7f, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0xd9, 0x2, [0x3, 0x17c, 0x543]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @mdlm_detail={0x27, 0x24, 0x13, 0x7f, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}, @country_functional={0xc, 0x24, 0x7, 0xff, 0xcdc, [0x6, 0x1, 0x30d]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xbf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0x80, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x1f, 0x4d}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r3, &(0x7f00000009c0)={0x14, &(0x7f0000000880)={0x0, 0x24, 0xf8, {0xf8, 0x23, "b718f59a3ac120a29be448eb20ffd4a1cbdbe751e8391e6c0aac82810bb4a414eef45bd1234ea4e31bfa60c7f49fd515440d887370b8a17623aa491b01173d6ba4deea3bb8a110c80f50bb2b3326188d515e3e0252286c7925fe187b81bcfd9213e9664003581865dda608032290b5a4782f737226d6a702d7a54dd73430b6abebbc544992090138430c7899f4b55ab523a1361d702de958d94f6b7c6c3ea9be39b012c06f9b9e8ed026d87147da89ba9024093579898f970e13543cc3fd1026e5dcf788175506c47ed627da6b9fcb741f78436abc46d90d9360314bc3837dc097dc07f0ee16e1f6787942291eb59d85f596de1c04f6"}}, &(0x7f0000000980)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c00)={0x44, &(0x7f0000000a00)={0x40, 0x9, 0x18, "39629046a25102e9b18ba51e183aa0291da28610314dd76c"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000ac0)={0x20, 0x80, 0x1c, {0x9, 0x1, 0x0, 0x4, 0x0, 0x1000, 0x4, 0x0, 0x4a8c, 0x3ff, 0x8, 0xfff}}, &(0x7f0000000b00)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000b40)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000b80)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000bc0)={0x20, 0x89, 0x2, 0x1}})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001400)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
setresuid(0x0, 0x0, 0x0)
setresuid(r6, 0x0, 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x90)

4.897446615s ago: executing program 0 (id=2564):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000004c0), r0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000c00060002000000000000002c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08b0d61f5b493ca2c85632a4680f93ece6b1e401000080c39f344cca7df7c8e09bb5a6b61504a3047f9dffffffffe3a80eb1299fd7942fd414068a5c3b99fec03c79fe39da1baf1d78cccb0a8489b1ab6a2d4ff490bdb7b08269c090297881c623b009d61c4e6c4dc14522f39a131cb60c7477f9d0e2fc6700"/132, @ANYRES32, @ANYBLOB="0c00020007000000000000000c00030005000000000000000c0006000200000000000000"], 0x78}}, 0x200480d0)

4.825447398s ago: executing program 0 (id=2566):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000001c0), &(0x7f0000000240)=0x68)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x0, 0x8}, 0x48)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r3, &(0x7f0000000280)="ca", &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000edb4ff8c01ddcd5d4f6f63c59c2c59ce81b0b5f8c69559e1406e2640427ac68ddcf8f77a9682d97d85eda65b289af53542ecea952fc731abf63bf019037333fda3717a6441e619d39aa03fa27d4864c752af6c6b9f56f0b33179d1392c1efe04", @ANYRES16=0x0], 0x20}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_iso={0x0, {0x0, 0x1}, 0x5, 0xa, &(0x7f00000004c0), 0x0, 0x800, 0x2, 0xa, 0x7, 0x8, 0x0, [{0x10000, 0x0, 0x5}, {0xcc1c, 0x1}, {0x90c}, {0x0, 0xc2d, 0x950}, {0x3f, 0x7c}, {0x0, 0x0, 0xffff0000}, {0x4, 0x2, 0x9}, {0x0, 0x20, 0x8}, {0x0, 0xa9, 0x8000}, {0xff, 0x0, 0x6}]})
sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000011c0)=ANY=[@ANYBLOB="340021dbf546832c0062e3b3c10073d3c11e17bab40788cd91cce8b80b1f00173f", @ANYRES16=r4, @ANYBLOB], 0xfffffffffffffe5d}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x40, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="20001700070600000000000000000000000000000900020073797a313393134349000000001070ee"], 0x20}}, 0x0)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c0000000109021200010000000009040000"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f00000000c0)={0x0, 0x0, "d9e67b"})

4.176159969s ago: executing program 2 (id=2568):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x33, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@broadcast}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x13, 0x0, [@dev, @remote, @multicast1, @private=0xa010102]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.146675285s ago: executing program 4 (id=2569):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
io_setup(0x4, &(0x7f0000002c40)=<r5=>0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
io_submit(r5, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x8, 0x9)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000001500))
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
r7 = open(&(0x7f00000000c0)='.\x00', 0x80000, 0x0)
getdents(r7, &(0x7f0000001fc0)=""/184, 0x20002078)

4.067917199s ago: executing program 2 (id=2570):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb06030000e8169523010902240001000064000904340102d469e70009058acf"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x401070c9, &(0x7f0000000180))

3.081001934s ago: executing program 1 (id=2571):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
syslog(0xa, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0)
ftruncate(r1, 0x20cf01)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000001140)={'\x00', 0x1, 0x7, 0x3f, 0x0, 0x200, 0x2, 0x4000, '\x00', 0x8})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000005a"], 0x0, 0x76}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b736c97102439d39375d17bc3a80b14702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000ab000400000084e2bd20b9d320e83edb0723a0fa94406329ffc07a1e0bbb14a63c000040c67c3da1714086a73ef03e", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000"], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
read$hidraw(r0, &(0x7f0000000180)=""/69, 0x45)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4010000ecffffff6111a4000000000006000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

3.076612705s ago: executing program 4 (id=2572):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1b, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000000000000000000b60000006215e4e011"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7fff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
write$binfmt_script(r1, &(0x7f0000001580), 0xfecc)
close_range(r0, 0xffffffffffffffff, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000940)=[{{&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000001680)="c4701f08f3f48fc40716319ee94da3c492a466973faa8d0a19ac9535b294f712792cdd1155ab4430214dba3e3e5e9f66fc05ced523a16f6c90b6af3e17a70b9c91f928ba9a8ab016f5ebc529696de7e8db695ad9604345958b1a9381023f4d637c345860ca5882ab3e3e29e11c43771cc8a77fe567900fdbe63591716ec31bf8a8adbfbbb69700f615d5dd8cab0b3d7dea0a1e55b7d2c46732ca5b6e4ed203e7b2c47e0b27c7404b4be69214f73b8da070ffa38e72ae864a3470bc66d8428f0d405e03a968b552b95eead8163fd169e864c17e78df607d678559924a3689c01683aaf87a7fa580e13b46adf94c9db1737eaedbe203e8d21b9147650c26abc5ab6d1d339722c52ad1f6c1463dd50fd53c0eb040f507c5aab4c280d16ad175c48fd8febadc3dc04e09ee6f27d9078d8c5ad436ac211cce0e181c924a3f9b2271ba8860309c54aff961581a495b958677d6cc5d35973652c4d7d55ca7273f4e4ef9536810d565f679973f39b1461dcf430301fd0b8d1469a83a379b03a7ab74b244b90afa5845b9d857156719343a6f9cdb44f63b59677535aac1abefd13b39da9cced41b5ff770ac7920e3bcaf86c64745360bbde7b2562fd67fa0803a652971c3328daf03fd43766c04874d6cf07a96ae3f57f02ec22d70f89444dbc8eea26914218e636d2fc0eb157dd9e574803e286eb57615b43967295303e3e9f9ed0c8fe4b4087448ad37efaa898eeb3d4925b068e2830bec6a2cc925923fcd0e84223912e75be8be3a0e8921b112ec7cdf9d416e9a2f2e7e742ca9132fa49a36a55c0d8edd3ccff6e2fe56a852804afaa3f1956a9720a60c2c8bdc4c70b75ecdae6a7e3b47ec66298cc617cced07fa9075e312e19dba004f80f2009344d56f64da15e2bd2fdf0f6038599ac987f2da41054adaaf4987e01efab425680dc5a630dc460c2dd46db0d6e3178b2b9586d5593f2222b50628ad7ca23d053894b464beefd329c47a8f6b874034026e14a9829c7edd46396ab27316940c1f5da196f8bb2f0b733e5cff13a6c5c32386cd71d086d42b20531f40e41b40f3281ee0d94733478325da3234823c7b7ab3743a96f7e1347aac00e45897e7f63382231b45f4c480d832f0c7e52d74a1bde5280f6b550cdfed0a9dd365d3c71eb7750e7a445c22059fb4c51892aaae24f50de459dc9ee6d356cf8b3db91fd2dfb41ae8efb88d71a6689d0388cbb8c9d1575cd30eb6f534dd84a78cec87e16dee367ad94dbf72cc063972ebe057963d10cefcee036baf76f1666fb6f3dc012c2f4771b65bd23175637604630f7a2334cdf3167d8257203bb7531dd88b0904e629a7ef60873cae14a78d1b761e16fe12721bd4457246fa828d32d72bc2851c7ff1e86f390917502d113121ff44640ab8d06c6334c4bbcb332bcbe6b73498587a1bfa6de532bd420bc0aec8ee273a9fdb8bec6d48019d88cdfa8ec95ce5ef1b3592ab503215bbd05d0ba63ddf8e935c942b6ca087aa69b1e43e16877248b814f0a212b6796ceb3343af48022c2c37d203880acdf2e760b9dc612d0d6a3b2d46e4154d4911c743d58bf3633b8494b101cc0ace5fa376dbf5d69756d1808694b722f69b7cef12dbc4795717968ee7d4461c7b78582cec393b516a47a80c1a0ed50b6ab9e12b939da254d3fff54df3c2d2e32a85efc437a6cdd566f8e19c83b68650c0aa408635e124cea6358f64c5f23391ad4073dd6782cd24f8ba6fb8301e667e0572af191ae1aad59770ef060bd1e655d98bb1f62be4585677ebe06b862482056df5d470f96aeba77937f9ba25e46e3b92a726036c0717822ee263ce17d4b64118912502fd655b78a1235344eb51775c6a941a64dc97584f3a51e0a79101aaf0a04aca411ea224e1efb154e3725b5fd9b3c59983eb3c71086fcf9c226d105212f7b028aecb2e9300608708409ebe6ac25ec8c184a7bf240a069f631fdc2b98f7008cf17be96b9f75afca479966b40859dfdbc38c5a68e8a36761b56af3bb9c65d4f186d371485c41f01f0cc09fc5bcf900779e3a08318475aaa38a32061295b298446edf7cc518733e04fb6a673b8058a71c7d4f3d2a1502534dc27ceba65f21c7271ac09cd94fd35d6aa64f10c65c764c0161b285c9589b3b0726e3e30dfd159c4a420dc95d59bccd7c4ff0e6aa5850f8847357c719a6a3fb971084c42acb97e38207ad401b1cbf10495882e415e7295dedd79748f7e7e9aa784f15ca08d16844d9ce237c2cc569805c50240c9cba7a5c037f8efce9d650add669897bcad67bd421abcb412e4832b637bec45c0cecdeff64f9294b54fc8e8f2ae3ee30baf3fd6eaefbd740781c2fb1437ef1b338c0c364a0139be49a4fdd8b373c8f527aa4ab6c95552f778eac98ec698ee2a1c6be246fa1e36e332a25bd6ffe8a48eee5a9d2474a89657edebd77d9e6271fe407df9f80f7e8e4ba719bafc90f8482fe1e5e76f4240b902b01a36c19e9dba95032c3db9a205406fad82bba1b0577c15ee5d1c7302e2df44f271e2b9a31551aa6b6f0289b8c0e7ab39632c0b4af19d3a76dfb18fa390ba838ece84cd88bfbd577f7bb78d8565f6f300d3f14797f0289a14a93ec9b0c07f279f2cc7f59997f5ae6b05daaf4f6d0f908d5833d5560c7d7498fa12870317478f9e8915088a6908e6dea066922fa2517d359b076141a06d699134e046f2567f68fa7cc9eb1e26ecf3fa7165d928813d76f98c7578191eb10f35e29600e2ee2313e087b3f8fe01aafebb15458710519416ce9961c68898bfbf2f4d9b6d59750af9dc72a8645773e290658a8079a09ce3025a2e9c4163c06044a7cffe02b7172d14f5ae74b7a11a9ea3607783e52b8b066f813a50acece53cf65ec9797cd20f3c54e56191cd927c616861bdfd23ece693626d49dc8ce25645c2d3b68896d096b8b3fcb0970c4b019800f27c5a335778848d34def3b999a07e77cd61982a0f217fc497fe19d7f1fcf124ffec1e0eefdbf8cbcd18e0887807d6367e4c6f9f437039957619151baa551ae82a1df9aace4883c929f8b8de7992b55b83982e9eb29a86533ef18c0c06d9debeb803cabf247bdafee7690761701f738d710105b3760ac9004340147b4d1b6f8acaed985648dbddf1b15592915f9699679c22c297a1cd15b6fb41b4d54274de808dfd2d81bcec09c049a55b9b028656ee3fa5616b595e00ea841d29a08952eb93c0a4063813f0c566b9f387282b6a0fb65dbb2e4d3a8e828f4a5ac92745db0f59523110639b18f26ef7414881a6470b5fc2fed261cc834e714e44b76aff64448640cdbe88155ee26fcdb7bd3804932179f6d9dbac74108b44a76ba0825744458193fb2b3a2f4f811d47439fca2f6e02df821c5f10e1bf20fb4dafd293adc9a231a580d618503b1b73089214600d378f81b7dbad9d3b78dc0287bec6418e26ea24c74b15a404a99d8737203913fc2f73e367f6dd8b7f93936a2bbf6e910975cdde935bb0451075ab465877157a87ca8ff874ed64ab6d906b6c8ac65e2d0a687d681802b4e24a034a4b41f2b30685afde6fb56e441fe82c54f43d038079b1ff8a515fa58e89fc96d4fa77099532cf3a52118656b4f9164714b5fe7dec7539d668cacb93423e9ede954118bc1141c0058a3e96ed9e69e89602ced1afa5900588d770da537882febf85989fea962b3b5fa8fc563ed075af3273e81e427f5e42934691e17abf07278a701c8f08188d77943a944b0d67fd496ba4768ee901324690d6748d7f404c0775219e352a3cc4f9e39c75f82e27a6bf18ef0833afae6f61954871fe120f0515c00600e17b785fe20caeb7966f6524c5746e258541082b10ed5473cf75f5bd57786f50831c47d698dfac4c2af2eb03b55a0b115f7d82bfcf92a2aa167e8822e3e15995654394d7bfbfb401003691678cc056793ccdfeb9d0545e9673801d688bb32b4c6d4474f089257d0b626558f484b597183a9b74d25e3ec52cff1ebd0dc4f438d60b911f4c0bc34e04ed9e3af3fbb4858092cd8153b69e86083bc47f4b55f2664c742d4ab8266c7717164bced1e10faa19b5c99b1f7e26f379a06c66e46674a93ddb957a9ac85259944d0fb7f985aa09ca67483f6e6886fd9cd56b7103063bcaabb7c77ab77941e0a9736fe10ccf55e66fe2ec852c293e69dd43a6b63d05a188bcbfe0d7a302931f3f5bd9be8315a104bd7c820ddfa4378e32a2c19994645691a579251b279923cce6801e96e77c8863acf055afe5a04b1141ccf11b4b3ed0dd03a373dd8fe74f145a85c41bc3abcff3d1443b85230e99e48b4c15eaa6012a579da975e1fae94447b68d410b9d0c2f2d470bdbd58e664704105712aa796a2ffbef8f5005fc9cee374a0a63ba1a9e3050c39c69be19b4893b5607928074f745ffd77345c41703850e4b767fe45777baf6935ff496fca7a0bdd6bc94c5bb68b5fa11135afc6a59d04889d065558d2b7b2aa7bbc80aa471212d15379f4e56c81afb12767899ff63e2c5947a73d559a9190a9c4b6d67703050b2cafcebe2efcc54ee864a7917c08bd23ab00c141c556f798996ff2f4f2a464924f0ba0ad0d60d95bd93b5951f8563eecbd9401aced30018dd109e8a5761c87fa85a65d06aae5c9e1698c72d2a99d93cb1097fe4a7da542dd900b341e33f253fc1126c84c93193b1d0d55ccc8b773fad518aeab14ab01a7f4feceea1a102e84dc8073c82fe63056b7fb05343b27e6e12833f1332166fc375315b5d120fc58f3f985db89296ae0be7c5c61731416dd9789a3b9ca90a0d454dcf3ca5720fa46b521b71cb83e8701a930763e7d4f5102214ac203c15894a60ffce34ac982d5a991f0d47988d632a7164512638cb141667bf260aa362834a0b5d9b8dd007dc409df9faf158f9bf3b4c0f657ec986158decb767d906bbbdc3ef666ea44fe58895f78f4bdb1c72f872ca18b7552c69ca078c9fed720071f46680075014dbe503781c617b9134b11dd51ecab494d80931d0b3a9191bba46dd29f442fe09855c5953d83319f4a02621bd7bdcda98f18af4e5d2347f1cfc1b17eed2a86f5d676a9c3faebdeff44c8455bf06ac24c901f9d93a36a5244825c36a7aeb69187016033962c97f5450303e8d55309088e4df3aa1f714a39a1e11c456327dffc919f1ac644007be03d651874f0b27aceb68a2876ce8f8a318a8c2d720e49f47da033fcd536b673634f332e68ef37a6cef4d84a284ca38c05917ab52a7f15ad237ed9ff6d4c8afa3153dad33e77a800b351ed3941edfd59c4571713d5136e642a2b5735082bd3eaa8e246dcc672679e97781ff4c4fd27630092c30720023fdf4c0631d370e4b38a9b515014ed8cc717b19c69d65e4776ad1f5f6051a1ab6ee2966fff23f89723166740607ad36997ee2c948729d2cd52602f31608bc8b91370573d9c830b53b2ef7352927ccf11574803c14e286f0001e6a97201f1b6755c7e3bcb343696b91b9deff8a188061c7090201ef9d30ad02af7a88d444d808d17319a13c36b279c736d5c5f6a2eb05e9e44ed525e68d1393fd5948fe979c37598a7789ca1a439a5536b0ba552bc13a26500ef83d46e23bb17dea65483559565268bbb84c6f94781409c12e11aa31f0a3e910a84f2ed154ae3139eeb1d6a7312cc84f37da90e3388a31f11e010559ad7bc9eda68a8a7870a4d1dacaba49f716d826382e141a2c96d8f1737791a9a39c81984f2af92e314d760a5eb468879488d42a1d08e9de69b6726165d34eefc44566c643a8208617cd6629994f7ac1c56125ffed87192e0b23146471ee1", 0x1000}, {&(0x7f0000000400)="f55a9ee5a9033924841db1c7945ab2c23711cd", 0x13}], 0x2, &(0x7f0000000900)=[@cred={{0x1c}}], 0x20, 0x8884}}], 0x1, 0x8400)

2.831030051s ago: executing program 3 (id=2573):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x34, 0x4, 0x0, 0x0, 0xd0, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x0, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.582198877s ago: executing program 1 (id=2574):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
syslog(0xa, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
ftruncate(r1, 0x20cf01)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000001140)={'\x00', 0x1, 0x7, 0x3f, 0x0, 0x200, 0x2, 0x4000, '\x00', 0x8})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000005a"], 0x0, 0x76}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b736c97102439d39375d17bc3a80b14702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000ab000400000084e2bd20b9d320e83edb0723a0fa94406329ffc07a1e0bbb14a63c000040c67c3da1714086a73ef03e", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
read$hidraw(r0, &(0x7f0000000180)=""/69, 0x45)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4010000ecffffff6111a4000000000006000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

2.215396236s ago: executing program 4 (id=2575):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x19, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2}, {@private}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_read_part_table(0x103c, &(0x7f0000001040)="$eJzszjEOQUEYhdE7iEwlswRqq/i1apVNWILEWjQ2p1BLRK+W95Jz6pubL8zS8X15JdftLrdaJD1pPUmN3A/7bEZy/s5qmWet00ay+vFyevy/HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5xMAAP//1hgIrg==")

1.851192144s ago: executing program 3 (id=2577):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000004c0), r0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000c00060002000000000000002c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08b0d61f5b493ca2c85632a4680f93ece6b1e401000080c39f344cca7df7c8e09bb5a6b61504a3047f9dffffffffe3a80eb1299fd7942fd414068a5c3b99fec03c79fe39da1baf1d78cccb0a8489b1ab6a2d4ff490bdb7b08269c090297881c623b009d61c4e6c4dc14522f39a131cb60c7477f9d0e2fc6700"/132, @ANYRES32, @ANYBLOB="0c00020007000000000000000c00030005000000000000000c0006000200000000000000"], 0x78}}, 0x200480d0)

1.748825893s ago: executing program 0 (id=2578):
r0 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, 0x0, r0)
add_key(&(0x7f00000000c0)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='j', 0x1, 0xfffffffffffffffd)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, 0x0, 0xffffffffffffffff)

1.613184098s ago: executing program 3 (id=2579):
open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, &(0x7f00000000c0), 0x496, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b24156d5735d1ee7064b07bde3a7643cb7631057346202cad2bf48adc717df4d77cf46fcb20c5bdfd317b1b665041d9254ae8d88732fbbe90ad508"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x2, 0x1, 0x5, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0x562}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x40, 0x0, 0xff}, {0x6, 0x24, 0x1a, 0x311, 0x8}, [@country_functional={0x10, 0x24, 0x7, 0x4, 0xfc00, [0x9, 0x1, 0x7ff, 0x7f, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0xd9, 0x2, [0x3, 0x17c, 0x543]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @mdlm_detail={0x27, 0x24, 0x13, 0x7f, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}, @country_functional={0xc, 0x24, 0x7, 0xff, 0xcdc, [0x6, 0x1, 0x30d]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xbf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0x80, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x1f, 0x4d}}}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001400)={0x2020, 0x0, 0x0, <r5=>0x0}, 0x2020)
setresuid(0x0, 0x0, 0x0)
setresuid(r5, 0x0, 0xffffffffffffffff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x90)

1.595397382s ago: executing program 0 (id=2580):
r0 = syz_usbip_server_init(0x3)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000100)={<r3=>0x0, @local, @loopback}, &(0x7f0000000180)=0xc)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newaddr={0x34, 0x14, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast2}, @IFA_RT_PRIORITY={0x8}]}, 0x34}, 0x1, 0x8, 0x0, 0x10}, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r2, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="8118f78b3b05d147"], 0x8)
setsockopt$inet6_int(r2, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000140)={0x2, [0x9, 0xcf29]}, &(0x7f0000000280)=0x8)
syz_emit_ethernet(0x7e, &(0x7f0000000200)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "570002", 0x48, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "c5e4"}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10}, 0x2, {0x0, 0x1}}}}}}}}}, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$BTRFS_IOC_INO_PATHS(r4, 0xc0389423, &(0x7f0000000340)={0x1738c0, 0x8, [0x8, 0x8, 0x3, 0x8], &(0x7f00000002c0)=[0x0]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0x9c3c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
r7 = fcntl$dupfd(r5, 0x0, r6)
write$P9_RMKNOD(r7, &(0x7f0000000080)={0x14}, 0xfdef)
sendfile(r0, r1, 0x0, 0x6)

1.346242708s ago: executing program 4 (id=2581):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x33, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@broadcast}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x13, 0x0, [@dev, @remote, @multicast1, @private=0xa010102]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.190297418s ago: executing program 2 (id=2582):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000001480)={0x2c, &(0x7f0000001280)={0x0, 0x22, 0x20, {0x20, 0x22, "96fb7ca6b82d8a2e575c9bc81a810a7ae31c1bf625d32955bdef674da5e5"}}, &(0x7f0000001300)={0x0, 0x3, 0x90, @string={0x90, 0x3, "dc1a6c60b78a0d20c6b812752f30d19f2aaba7c46ac068d1b8731a41de8de89efbdb3b2234a837257f5d0d13700ae79184611fd9c8be2d8cf9386dd11cb3e6763c412186776d159c3e46ab40243a48d05319efbee0d0b6dd623cbafcd6aabf3cf596ced197b39c6f9be9720923c3fae81d4a39b368f2447c2269c2d7611c3522285b7ea5457dc63fb1c4f2ec75c7"}}, &(0x7f00000013c0)={0x0, 0xf, 0x10, {0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x10, 0x6, 0x80, 0x8000, 0x1}]}}, &(0x7f0000001400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x81, 0x6e, 0x0, 0xf8, "a6fb18b9", "3591ede4"}}, &(0x7f0000001440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x0, 0x0, 0xff, 0x2, 0x8, 0x40}}}, &(0x7f0000001980)={0x84, &(0x7f00000014c0)={0x0, 0x9, 0xcd, "b620b91eb063a7ae9a4d4aced56ef748963c22d5dcd6d56a444009545e8b712c53983032678d6c971889d2519a20b7d100127ed0ed0a9204ebc4fb5e92dc63d36d02045bbf76dbceb452da005a9efd6b6889b22d51aa40ac1190395ee7eea06f89a700f1cd5d3d98b70dd83ab267276e5c449e29abcd673be68a051ec6f50260fa36b8165bad1dec18cc6d4e6b95865d32fc7de282d951bb41b46af30afafecb2e51cbf8dd8d0e073092a7cf5e2fb1bf839067f46bffa5be0f9f6562b99bee7583508a6a9973a7f8401efb268f"}, &(0x7f00000015c0)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000001600)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000001640)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000001680)={0x20, 0x0, 0x4, {0x140, 0x2}}, &(0x7f00000016c0)={0x40, 0x7, 0x2, 0xfff8}, &(0x7f0000001700)={0x40, 0x9, 0x1}, &(0x7f0000001740)={0x40, 0xb, 0x2, '~d'}, &(0x7f0000001780)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000017c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000001800)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000001840)={0x40, 0x19, 0x2, "a767"}, &(0x7f0000001880)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000018c0)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000001900)={0x40, 0x1e, 0x1}, &(0x7f0000001940)={0x40, 0x21, 0x1, 0x1f}})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x44, &(0x7f0000000580)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.117750281s ago: executing program 4 (id=2583):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
io_setup(0x4, &(0x7f0000002c40)=<r5=>0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
io_submit(r5, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x8, 0x9)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000001500))
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
r7 = open(&(0x7f00000000c0)='.\x00', 0x80000, 0x0)
getdents(r7, &(0x7f0000001fc0)=""/184, 0x20002078)

921.863587ms ago: executing program 0 (id=2584):
open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, &(0x7f00000000c0), 0x371, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x2, 0x1, 0x5, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0x562}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x40, 0x0, 0xff}, {0x6, 0x24, 0x1a, 0x311, 0x8}, [@country_functional={0x10, 0x24, 0x7, 0x4, 0xfc00, [0x9, 0x1, 0x7ff, 0x7f, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0xd9, 0x2, [0x3, 0x17c, 0x543]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @mdlm_detail={0x27, 0x24, 0x13, 0x7f, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}, @country_functional={0xc, 0x24, 0x7, 0xff, 0xcdc, [0x6, 0x1, 0x30d]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xbf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0x80, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x1f, 0x4d}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r3, &(0x7f00000009c0)={0x14, &(0x7f0000000880)={0x0, 0x24, 0xf8, {0xf8, 0x23, "b718f59a3ac120a29be448eb20ffd4a1cbdbe751e8391e6c0aac82810bb4a414eef45bd1234ea4e31bfa60c7f49fd515440d887370b8a17623aa491b01173d6ba4deea3bb8a110c80f50bb2b3326188d515e3e0252286c7925fe187b81bcfd9213e9664003581865dda608032290b5a4782f737226d6a702d7a54dd73430b6abebbc544992090138430c7899f4b55ab523a1361d702de958d94f6b7c6c3ea9be39b012c06f9b9e8ed026d87147da89ba9024093579898f970e13543cc3fd1026e5dcf788175506c47ed627da6b9fcb741f78436abc46d90d9360314bc3837dc097dc07f0ee16e1f6787942291eb59d85f596de1c04f6"}}, &(0x7f0000000980)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c00)={0x44, &(0x7f0000000a00)={0x40, 0x9, 0x18, "39629046a25102e9b18ba51e183aa0291da28610314dd76c"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000ac0)={0x20, 0x80, 0x1c, {0x9, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x4, 0x0, 0x4a8c, 0x3ff, 0x8, 0xfff}}, &(0x7f0000000b00)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000b40)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000b80)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000bc0)={0x20, 0x89, 0x2, 0x1}})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001400)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
setresuid(0x0, 0x0, 0x0)
setresuid(r6, 0x0, 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x90)

0s ago: executing program 4 (id=2585):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
syslog(0xa, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0)
ftruncate(r1, 0x20cf01)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000001140)={'\x00', 0x1, 0x7, 0x3f, 0x0, 0x200, 0x2, 0x4000, '\x00', 0x8})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000005a"], 0x0, 0x76}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b736c97102439d39375d17bc3a80b14702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000ab000400000084e2bd20b9d320e83edb0723a0fa94406329ffc07a1e0bbb14a63c000040c67c3da1714086a73ef03e", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000"], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
read$hidraw(r0, &(0x7f0000000180)=""/69, 0x45)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4010000ecffffff6111a4000000000006000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

kernel console output (not intermixed with test programs):

6289][ T4126] vhci_hcd: release socket
[  591.810341][T11885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2240'.
[  591.838678][   T26] audit: type=1804 audit(1719528204.879:79): pid=11885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2240" name="/root/syzkaller.bzbM20/143/bus" dev="sda1" ino=2027 res=1 errno=0
[  591.891891][ T4126] vhci_hcd: disconnect device
[  591.897174][T11887] loop4: detected capacity change from 0 to 16
[  591.931221][ T3550] usb 11-1: new high-speed USB device number 10 using vhci_hcd
[  591.943975][ T3550] usb 11-1: enqueue for inactive port 0
[  591.959855][T11889] netlink: 'syz.3.2242': attribute type 3 has an invalid length.
[  591.968947][T11887] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  592.031151][ T3550] vhci_hcd: vhci_device speed not set
[  592.238220][T11893] loop4: detected capacity change from 0 to 256
[  592.321697][T11893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2244'.
[  592.420997][T11896] loop2: detected capacity change from 0 to 1024
[  592.607725][T11896] IPVS: lblc: TCP 172.20.20.170:0 - no destination available
[  592.701976][T11906] loop2: detected capacity change from 0 to 512
[  592.770530][T11906] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  592.817827][T11906] EXT4-fs (loop2): 1 orphan inode deleted
[  592.831347][ T3247] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  592.839005][T11906] EXT4-fs (loop2): 1 truncate cleaned up
[  592.846987][T11906] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  592.891318][ T3508] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  592.946715][T11906] EXT4-fs error (device loop2): ext4_check_all_de:656: inode #12: block 7: comm syz.2.2245: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=124 fake=0
[  592.989330][T11906] EXT4-fs (loop2): Remounting filesystem read-only
[  593.041309][ T3247] usb 2-1: device descriptor read/64, error -71
[  593.131275][ T3508] usb 5-1: Using ep0 maxpacket: 32
[  593.253828][ T3508] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  593.268674][ T3508] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  593.290526][ T3508] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  593.323719][ T3247] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  593.376075][T11869] loop0: detected capacity change from 0 to 131072
[  593.422499][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'.
[  593.438333][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'.
[  593.461564][ T3508] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  593.480842][ T3508] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.504828][ T3508] usb 5-1: Product: syz
[  593.509091][ T3508] usb 5-1: Manufacturer: syz
[  593.541104][ T3508] usb 5-1: SerialNumber: syz
[  593.548773][ T3247] usb 2-1: device descriptor read/64, error -71
[  593.598066][T11916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2254'.
[  593.609162][T11916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2254'.
[  593.671449][ T3247] usb usb2-port1: attempt power cycle
[  594.061451][ T3508] cdc_ncm 5-1:1.0: bind() failure
[  594.073575][ T3508] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  594.097501][ T3508] cdc_ncm 5-1:1.1: bind() failure
[  594.116932][ T3247] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  594.135914][ T3508] usb 5-1: USB disconnect, device number 80
[  594.231599][ T3247] usb 2-1: device descriptor read/8, error -71
[  594.234745][T11924] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2257'.
[  594.330900][T11928] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2258'.
[  594.373849][T11927] loop0: detected capacity change from 0 to 2048
[  594.396744][T11928] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2258'.
[  594.487929][T11927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  594.521249][ T3247] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  594.540301][   T26] audit: type=1804 audit(1719528207.609:80): pid=11927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2253" name="/root/syzkaller.2wUXDK/96/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  594.543392][T11927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2253'.
[  594.636554][   T26] audit: type=1804 audit(1719528207.609:81): pid=11927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2253" name="/root/syzkaller.2wUXDK/96/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  594.682632][ T3247] usb 2-1: device descriptor read/8, error -71
[  594.717518][T11935] loop4: detected capacity change from 0 to 512
[  594.752098][T11939] x_tables: duplicate underflow at hook 2
[  594.787825][T11935] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  594.811997][ T3247] usb usb2-port1: unable to enumerate USB device
[  594.857977][T11945] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  594.864638][T11945] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  594.878211][T11945] vhci_hcd vhci_hcd.0: Device attached
[  594.948437][T11946] vhci_hcd: connection closed
[  594.948733][T10398] vhci_hcd: stop threads
[  594.967444][T10398] vhci_hcd: release socket
[  594.978263][T10398] vhci_hcd: disconnect device
[  595.777431][T11961] loop1: detected capacity change from 0 to 1024
[  596.666875][T11964] loop4: detected capacity change from 0 to 2048
[  596.846107][T11970] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  597.356511][T11964] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  597.378815][   T26] audit: type=1804 audit(1719528210.449:82): pid=11969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2271" name="/root/syzkaller.bzbM20/153/bus" dev="sda1" ino=2003 res=1 errno=0
[  597.382314][T11964] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  597.406218][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2271'.
[  597.417099][T11964] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  597.437853][T11964] EXT4-fs (loop4): This should not happen!! Data will be lost
[  597.437853][T11964] 
[  597.440457][T11974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2268'.
[  597.449125][T11964] EXT4-fs (loop4): Total free blocks count 0
[  597.462794][T11964] EXT4-fs (loop4): Free/Dirty block details
[  597.468765][T11964] EXT4-fs (loop4): free_blocks=2415919104
[  597.476914][T11964] EXT4-fs (loop4): dirty_blocks=16
[  597.482242][T11964] EXT4-fs (loop4): Block reservation details
[  597.488458][T11964] EXT4-fs (loop4): i_reserved_data_blocks=1
[  597.495432][   T26] audit: type=1804 audit(1719528210.479:83): pid=11969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2271" name="/root/syzkaller.bzbM20/153/bus" dev="sda1" ino=2003 res=1 errno=0
[  597.582131][ T4104] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  597.658424][ T4104] EXT4-fs (loop4): This should not happen!! Data will be lost
[  597.658424][ T4104] 
[  598.689516][T11986] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  598.696065][T11986] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  598.752032][T11986] vhci_hcd vhci_hcd.0: Device attached
[  598.769282][T11988] loop0: detected capacity change from 0 to 2048
[  598.821408][T11989] vhci_hcd: connection closed
[  598.821797][ T4078] vhci_hcd: stop threads
[  598.830768][ T4078] vhci_hcd: release socket
[  598.876249][ T4078] vhci_hcd: disconnect device
[  599.163856][T12006] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  599.218809][T11988] NILFS error (device loop0): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=1024, inode=0, rec_len=0, name_len=0
[  600.087820][T11988] Remounting filesystem read-only
[  600.137120][T11988] NILFS error (device loop0): nilfs_find_entry: dir 12 size 3569014743761920 exceeds block count 2
[  600.371409][   T23] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  600.383747][T10292] NILFS (loop0): discard dirty page: offset=0, ino=6
[  600.398388][T10292] NILFS (loop0): discard dirty block: blocknr=35, size=1024
[  600.422853][T10292] NILFS (loop0): discard dirty block: blocknr=36, size=1024
[  600.450976][T10292] NILFS (loop0): discard dirty block: blocknr=37, size=1024
[  600.470557][T10292] NILFS (loop0): discard dirty block: blocknr=38, size=1024
[  600.483461][T10292] NILFS (loop0): discard dirty page: offset=4096, ino=6
[  600.514049][T10292] NILFS (loop0): discard dirty block: blocknr=39, size=1024
[  600.538726][T10292] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  600.569636][T10292] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  600.620061][T10292] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  600.641716][ T3247] Bluetooth: hci0: command 0x0406 tx timeout
[  600.791386][   T23] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  600.807617][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.835415][   T23] usb 5-1: config 0 descriptor??
[  600.873402][   T23] gspca_main: cpia1-2.14.0 probing 0813:0001
[  600.921346][ T3247] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  601.122456][ T3550] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  601.171499][ T3247] usb 2-1: Using ep0 maxpacket: 32
[  601.301568][   T23] gspca_cpia1: usb_control_msg 03, error -32
[  601.307834][ T3247] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  601.329233][ T3247] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  601.360635][ T3247] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  601.381467][   T23] cpia1 5-1:0.0: unexpected state after lo power cmd: b6
[  601.388611][ T3550] usb 1-1: Using ep0 maxpacket: 32
[  601.541478][ T3550] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  601.556779][ T3550] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  601.567227][ T3247] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  601.584882][ T3550] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  601.600276][ T3247] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.610202][ T3247] usb 2-1: Product: syz
[  601.619151][ T3247] usb 2-1: Manufacturer: syz
[  601.625344][ T3247] usb 2-1: SerialNumber: syz
[  601.791476][ T3550] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  601.806902][ T3550] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.816528][   T23] gspca_cpia1: usb_control_msg 02, error -71
[  601.827331][ T3550] usb 1-1: Product: syz
[  601.833179][ T3550] usb 1-1: Manufacturer: syz
[  601.837854][ T3550] usb 1-1: SerialNumber: syz
[  601.851304][   T23] gspca_cpia1: usb_control_msg 05, error -71
[  601.865808][   T23] cpia1 5-1:0.0: unexpected systemstate: b6
[  601.886184][   T23] usb 5-1: USB disconnect, device number 81
[  601.961382][ T3247] cdc_ncm 2-1:1.0: bind() failure
[  601.970163][ T3247] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  601.977542][ T3247] cdc_ncm 2-1:1.1: bind() failure
[  602.016589][ T3247] usb 2-1: USB disconnect, device number 83
[  602.105285][T12049] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  602.111833][T12049] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  602.122441][T12049] vhci_hcd vhci_hcd.0: Device attached
[  602.193004][T12050] vhci_hcd: connection closed
[  602.193264][ T3939] vhci_hcd: stop threads
[  602.216210][ T3939] vhci_hcd: release socket
[  602.220667][ T3939] vhci_hcd: disconnect device
[  602.504330][T12060] loop1: detected capacity change from 0 to 1024
[  602.521312][ T3550] cdc_ncm 1-1:1.0: bind() failure
[  602.528796][ T3550] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  602.539682][ T3550] cdc_ncm 1-1:1.1: bind() failure
[  602.549672][ T3550] usb 1-1: USB disconnect, device number 83
[  602.739533][T12062] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  602.968178][   T23] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  603.421435][   T23] usb 4-1: device descriptor read/64, error -71
[  603.581522][T12060] IPVS: lblc: TCP 172.20.20.170:0 - no destination available
[  603.711116][   T23] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  603.719427][T12070] loop1: detected capacity change from 0 to 512
[  603.828065][T12070] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  603.880979][T12073] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2300'.
[  603.916056][T12070] EXT4-fs (loop1): 1 orphan inode deleted
[  603.922335][   T23] usb 4-1: device descriptor read/64, error -71
[  603.929720][T12070] EXT4-fs (loop1): 1 truncate cleaned up
[  603.937336][T12070] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  603.960229][T12073] nbd: must specify a size in bytes for the device
[  604.024297][T12070] EXT4-fs error (device loop1): ext4_check_all_de:656: inode #12: block 7: comm syz.1.2297: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=124 fake=0
[  604.051022][T12070] EXT4-fs (loop1): Remounting filesystem read-only
[  604.051649][   T23] usb usb4-port1: attempt power cycle
[  604.084302][T12079] netlink: 'syz.4.2299': attribute type 39 has an invalid length.
[  604.138319][T12084] loop2: detected capacity change from 0 to 512
[  604.323436][T12084] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.2303: corrupted in-inode xattr
[  604.379643][T12084] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2303: couldn't read orphan inode 15 (err -117)
[  604.461579][T12084] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  604.511356][   T23] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  604.527163][T12095] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2305'.
[  604.641404][   T23] usb 4-1: device descriptor read/8, error -71
[  604.950711][T12105] loop4: detected capacity change from 0 to 2048
[  604.957452][   T23] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  604.966086][ T3550] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  604.974763][T12107] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  604.981285][T12107] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  604.989166][T12107] vhci_hcd vhci_hcd.0: Device attached
[  604.999580][T12105] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  605.024915][T12105] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  605.040633][T12105] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  605.056651][T12105] EXT4-fs (loop4): This should not happen!! Data will be lost
[  605.056651][T12105] 
[  605.057155][T12108] vhci_hcd: connection closed
[  605.066925][T12105] EXT4-fs (loop4): Total free blocks count 0
[  605.068841][ T4077] vhci_hcd: stop threads
[  605.071905][ T3247] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  605.078907][ T4077] vhci_hcd: release socket
[  605.088093][   T23] usb 4-1: device descriptor read/8, error -71
[  605.089822][ T4077] vhci_hcd: disconnect device
[  605.095295][T12105] EXT4-fs (loop4): Free/Dirty block details
[  605.103314][T12113] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2309'.
[  605.111451][T12105] EXT4-fs (loop4): free_blocks=2415919104
[  605.125859][T12105] EXT4-fs (loop4): dirty_blocks=16
[  605.131508][T12105] EXT4-fs (loop4): Block reservation details
[  605.137532][T12105] EXT4-fs (loop4): i_reserved_data_blocks=1
[  605.232059][   T23] usb usb4-port1: unable to enumerate USB device
[  605.351284][ T3550] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  605.360465][ T3550] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.368816][ T3247] usb 2-1: Using ep0 maxpacket: 32
[  605.375798][ T3550] usb 3-1: config 0 descriptor??
[  605.413644][ T3550] gspca_main: cpia1-2.14.0 probing 0813:0001
[  605.501862][ T3247] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  605.513128][ T3247] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  605.521294][   T13] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  605.523795][ T3247] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  605.733417][ T3552] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  605.751487][ T3247] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  605.770983][ T3247] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.779357][ T3247] usb 2-1: Product: syz
[  605.783902][ T3247] usb 2-1: Manufacturer: syz
[  605.788510][ T3247] usb 2-1: SerialNumber: syz
[  605.817514][T12121] loop0: detected capacity change from 0 to 8192
[  605.861343][ T3550] gspca_cpia1: usb_control_msg 03, error -32
[  605.872244][T12121]  loop0: p1 p2 p3
[  605.912667][ T3550] cpia1 3-1:0.0: unexpected state after lo power cmd: b6
[  605.971464][   T13] usb 5-1: config 1 interface 0 altsetting 9 endpoint 0x2 has an invalid bInterval 219, changing to 11
[  605.991159][ T3552] usb 4-1: Using ep0 maxpacket: 32
[  605.996607][   T13] usb 5-1: config 1 interface 0 has no altsetting 0
[  606.111398][ T3552] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  606.121289][ T3247] cdc_ncm 2-1:1.0: bind() failure
[  606.129208][ T3552] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  606.130843][ T3247] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  606.139638][ T3552] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  606.160284][ T3247] cdc_ncm 2-1:1.1: bind() failure
[  606.166211][   T13] usb 5-1: New USB device found, idVendor=056a, idProduct=00da, bcdDevice= 0.40
[  606.180421][   T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.189492][   T13] usb 5-1: Product: syz
[  606.193551][ T3247] usb 2-1: USB disconnect, device number 84
[  606.194127][   T13] usb 5-1: Manufacturer: syz
[  606.204807][   T13] usb 5-1: SerialNumber: syz
[  606.341443][ T3552] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  606.350730][ T3552] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.359086][ T3552] usb 4-1: Product: syz
[  606.363372][ T3552] usb 4-1: Manufacturer: syz
[  606.369767][ T3552] usb 4-1: SerialNumber: syz
[  606.371350][ T3550] gspca_cpia1: usb_control_msg 02, error -71
[  606.421441][ T3550] gspca_cpia1: usb_control_msg 05, error -71
[  606.427904][ T3550] cpia1 3-1:0.0: unexpected systemstate: b6
[  606.439235][ T3550] usb 3-1: USB disconnect, device number 83
[  606.463611][T12123] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2313'.
[  606.475130][T12123] nbd: must specify a size in bytes for the device
[  606.595769][T12129] netlink: 'syz.0.2316': attribute type 39 has an invalid length.
[  606.632191][T12131] loop1: detected capacity change from 0 to 512
[  606.665831][T12131] EXT4-fs (loop1): 1 truncate cleaned up
[  606.672465][T12131] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  606.741254][   T13] usbhid 5-1:1.0: can't add hid device: -71
[  606.747298][   T13] usbhid: probe of 5-1:1.0 failed with error -71
[  606.774575][   T13] usb 5-1: USB disconnect, device number 82
[  606.873569][ T3552] cdc_ncm 4-1:1.0: bind() failure
[  606.892707][ T3552] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  606.908600][ T3552] cdc_ncm 4-1:1.1: bind() failure
[  606.946475][ T3552] usb 4-1: USB disconnect, device number 87
[  606.960129][T12139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2319'.
[  607.079536][T12141] loop2: detected capacity change from 0 to 2048
[  607.244876][T12141] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  607.288435][T12141] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  607.321277][T12141] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  607.334967][T12141] EXT4-fs (loop2): This should not happen!! Data will be lost
[  607.334967][T12141] 
[  607.348492][T12141] EXT4-fs (loop2): Total free blocks count 0
[  607.354797][T12141] EXT4-fs (loop2): Free/Dirty block details
[  607.360945][T12141] EXT4-fs (loop2): free_blocks=2415919104
[  607.366902][T12141] EXT4-fs (loop2): dirty_blocks=16
[  607.372667][T12141] EXT4-fs (loop2): Block reservation details
[  607.378979][T12141] EXT4-fs (loop2): i_reserved_data_blocks=1
[  607.385538][T12149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2320'.
[  607.421216][   T13] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  607.467202][T12151] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  607.473772][T12151] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  607.500327][ T4077] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  607.513126][T12151] vhci_hcd vhci_hcd.0: Device attached
[  607.539092][ T4077] EXT4-fs (loop2): This should not happen!! Data will be lost
[  607.539092][ T4077] 
[  607.597965][T12151] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  607.628748][T12159] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2325'.
[  607.637999][T12159] nbd: must specify a size in bytes for the device
[  607.687842][T12153] vhci_hcd: connection closed
[  607.688224][ T4077] vhci_hcd: stop threads
[  607.721317][   T13] usb 5-1: no configurations
[  607.726025][   T13] usb 5-1: can't read configurations, error -22
[  607.732829][ T4077] vhci_hcd: release socket
[  607.741207][ T4077] vhci_hcd: disconnect device
[  607.783165][ T3552] usb 15-1: new high-speed USB device number 8 using vhci_hcd
[  607.807453][ T3552] usb 15-1: enqueue for inactive port 0
[  607.891170][   T13] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  607.899509][ T3552] vhci_hcd: vhci_device speed not set
[  608.024834][T12167] loop2: detected capacity change from 0 to 8192
[  608.084862][T12167]  loop2: p1 p2 p3
[  608.161438][ T3553] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  608.181420][   T13] usb 5-1: no configurations
[  608.186094][   T13] usb 5-1: can't read configurations, error -22
[  608.203955][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  608.204540][ T4049] udevd[4049]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  608.214693][ T3494] udevd[3494]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  608.238504][   T13] usb usb5-port1: attempt power cycle
[  608.251400][ T3247] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  608.356799][T12177] loop2: detected capacity change from 0 to 4096
[  608.402295][T12177] ntfs3: Unknown parameter ''
[  608.431175][ T3553] usb 1-1: Using ep0 maxpacket: 32
[  608.573778][ T3553] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  608.585971][ T3553] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  608.596385][ T3553] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  608.611240][ T3508] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  608.631252][ T3247] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  608.640402][ T3247] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.650553][ T3247] usb 2-1: config 0 descriptor??
[  608.655740][   T13] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  608.693499][ T3247] gspca_main: cpia1-2.14.0 probing 0813:0001
[  608.771267][ T3553] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  608.780425][ T3553] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.781257][    T7] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  608.789069][ T3553] usb 1-1: Product: syz
[  608.796562][   T13] usb 5-1: no configurations
[  608.800675][ T3553] usb 1-1: Manufacturer: syz
[  608.809627][ T3553] usb 1-1: SerialNumber: syz
[  608.811228][   T13] usb 5-1: can't read configurations, error -22
[  608.861321][ T3508] usb 4-1: Using ep0 maxpacket: 32
[  608.971246][   T13] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  608.981403][ T3508] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  608.996145][ T3508] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  609.005972][ T3508] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  609.015803][    T7] usb 3-1: device descriptor read/64, error -71
[  609.101350][   T13] usb 5-1: no configurations
[  609.106042][   T13] usb 5-1: can't read configurations, error -22
[  609.116672][   T13] usb usb5-port1: unable to enumerate USB device
[  609.131308][ T3247] gspca_cpia1: usb_control_msg 03, error -32
[  609.161346][ T3553] cdc_ncm 1-1:1.0: bind() failure
[  609.169226][ T3553] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  609.176973][ T3553] cdc_ncm 1-1:1.1: bind() failure
[  609.182206][ T3247] cpia1 2-1:0.0: unexpected state after lo power cmd: b6
[  609.191359][ T3508] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  609.192554][ T3553] usb 1-1: USB disconnect, device number 84
[  609.210689][ T3508] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.225382][ T3508] usb 4-1: Product: syz
[  609.229566][ T3508] usb 4-1: Manufacturer: syz
[  609.234855][ T3508] usb 4-1: SerialNumber: syz
[  609.291308][    T7] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  609.481252][    T7] usb 3-1: device descriptor read/64, error -71
[  609.602133][    T7] usb usb3-port1: attempt power cycle
[  609.610768][T12183] loop0: detected capacity change from 0 to 2048
[  609.618172][ T3247] gspca_cpia1: usb_control_msg 02, error -71
[  609.641325][ T3247] gspca_cpia1: usb_control_msg 05, error -71
[  609.647318][ T3247] cpia1 2-1:0.0: unexpected systemstate: b6
[  609.654898][ T3247] usb 2-1: USB disconnect, device number 85
[  609.741246][ T3508] cdc_ncm 4-1:1.0: bind() failure
[  609.755036][ T3508] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  609.770717][ T3508] cdc_ncm 4-1:1.1: bind() failure
[  609.772291][T12183] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  609.793833][ T3508] usb 4-1: USB disconnect, device number 88
[  609.794369][   T26] audit: type=1804 audit(1719528222.869:84): pid=12183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2334" name="/root/syzkaller.2wUXDK/113/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  609.827653][   T26] audit: type=1804 audit(1719528222.899:85): pid=12183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2334" name="/root/syzkaller.2wUXDK/113/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  609.844172][T12183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2334'.
[  609.982818][T12188] loop0: detected capacity change from 0 to 2048
[  610.011303][    T7] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  610.054913][T12188] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  610.076501][T12188] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  610.098817][T12188] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  610.120296][    T7] usb 3-1: device descriptor read/8, error -71
[  610.130035][T12188] EXT4-fs (loop0): This should not happen!! Data will be lost
[  610.130035][T12188] 
[  610.151954][T12188] EXT4-fs (loop0): Total free blocks count 0
[  610.158175][T12188] EXT4-fs (loop0): Free/Dirty block details
[  610.169228][T12188] EXT4-fs (loop0): free_blocks=2415919104
[  610.175955][T12188] EXT4-fs (loop0): dirty_blocks=16
[  610.176552][T12191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2335'.
[  610.181522][T12188] EXT4-fs (loop0): Block reservation details
[  610.196723][T12188] EXT4-fs (loop0): i_reserved_data_blocks=1
[  610.208429][T12195] loop4: detected capacity change from 0 to 512
[  610.235762][ T4126] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  610.251012][ T4126] EXT4-fs (loop0): This should not happen!! Data will be lost
[  610.251012][ T4126] 
[  610.290257][T12195] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  610.343642][T12201] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2340'.
[  610.366392][T12195] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  610.391134][    T7] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  610.429193][T12195] System zones: 0-2, 18-18, 34-35
[  610.442787][T12195] EXT4-fs (loop4): mounted filesystem without journal. Opts: data=journal,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none.
[  610.481380][    T7] usb 3-1: device descriptor read/8, error -71
[  610.601867][    T7] usb usb3-port1: unable to enumerate USB device
[  610.685145][T12215] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  610.691707][T12215] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  610.711242][T12215] vhci_hcd vhci_hcd.0: Device attached
[  610.758119][T12216] vhci_hcd: connection closed
[  610.758511][ T4077] vhci_hcd: stop threads
[  610.785811][ T4077] vhci_hcd: release socket
[  610.790494][ T4077] vhci_hcd: disconnect device
[  610.801259][ T3553] Bluetooth: hci1: command 0x0406 tx timeout
[  610.841155][ T3555] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  611.081169][ T3555] usb 5-1: Using ep0 maxpacket: 8
[  611.145564][T12222] loop1: detected capacity change from 0 to 2048
[  611.171312][ T3553] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  611.201237][ T3555] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  611.209490][ T3555] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  611.219824][ T3555] usb 5-1: config 0 has no interface number 0
[  611.227082][ T3555] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  611.239194][ T3555] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  611.249686][ T3555] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  611.263295][ T3555] usb 5-1: config 0 interface 52 has no altsetting 0
[  611.286769][T12222] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  611.305475][T12226] loop0: detected capacity change from 0 to 256
[  611.314500][   T26] audit: type=1804 audit(1719528224.389:86): pid=12222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2345" name="/root/syzkaller.PBg7JS/142/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  611.317993][T12222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2345'.
[  611.337176][    C0] vkms_vblank_simulate: vblank timer overrun
[  611.356903][   T26] audit: type=1804 audit(1719528224.389:87): pid=12222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2345" name="/root/syzkaller.PBg7JS/142/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  611.416034][T12226] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  611.431303][ T3555] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  611.441303][ T3553] usb 4-1: Using ep0 maxpacket: 32
[  611.445860][ T3555] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  611.455215][ T3555] usb 5-1: Product: syz
[  611.459385][ T3555] usb 5-1: Manufacturer: syz
[  611.471551][ T3555] usb 5-1: SerialNumber: syz
[  611.487195][ T3555] usb 5-1: config 0 descriptor??
[  611.711874][ T3553] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  611.978952][ T3553] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  612.043930][ T3553] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  612.291298][ T3553] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  612.307353][ T3553] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.316017][ T3553] usb 4-1: Product: syz
[  612.320187][ T3553] usb 4-1: Manufacturer: syz
[  612.331728][ T3555] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  612.335083][ T3553] usb 4-1: SerialNumber: syz
[  612.340387][ T3555] synaptics_usb: probe of 5-1:0.52 failed with error -5
[  612.348598][ T3555] usb 5-1: USB disconnect, device number 87
[  612.492334][T12238] loop0: detected capacity change from 0 to 2048
[  612.511251][ T3508] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  612.591781][T12238] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  612.612658][T12238] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  612.628294][T12238] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  612.641540][T12238] EXT4-fs (loop0): This should not happen!! Data will be lost
[  612.641540][T12238] 
[  612.642416][    T7] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  612.659253][T12238] EXT4-fs (loop0): Total free blocks count 0
[  612.665925][T12238] EXT4-fs (loop0): Free/Dirty block details
[  612.672109][T12238] EXT4-fs (loop0): free_blocks=2415919104
[  612.673736][T12241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2350'.
[  612.677838][T12238] EXT4-fs (loop0): dirty_blocks=16
[  612.677859][T12238] EXT4-fs (loop0): Block reservation details
[  612.677875][T12238] EXT4-fs (loop0): i_reserved_data_blocks=1
[  612.716818][T10398] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  612.721423][T12186] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set
[  612.734062][ T3553] cdc_ncm 4-1:1.0: bind() failure
[  612.744240][T10398] EXT4-fs (loop0): This should not happen!! Data will be lost
[  612.744240][T10398] 
[  612.760293][ T3553] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  612.780567][ T3553] cdc_ncm 4-1:1.1: bind() failure
[  612.793720][ T3553] usb 4-1: USB disconnect, device number 89
[  612.831714][ T3508] usb 2-1: no configurations
[  612.836376][ T3508] usb 2-1: can't read configurations, error -22
[  612.909283][T12244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2351'.
[  612.932099][T12244] nbd: must specify a size in bytes for the device
[  613.011250][    T7] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  613.020739][ T3508] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  613.029008][    T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.043031][    T7] usb 3-1: config 0 descriptor??
[  613.083349][    T7] gspca_main: cpia1-2.14.0 probing 0813:0001
[  613.149848][T12249] loop0: detected capacity change from 0 to 8192
[  613.195174][T12249]  loop0: p1 p2 p3
[  613.203780][   T26] audit: type=1326 audit(1719528226.279:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.3.2355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3701a1b29 code=0x0
[  613.227126][ T3247] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  613.311320][ T3508] usb 2-1: no configurations
[  613.315949][ T3508] usb 2-1: can't read configurations, error -22
[  613.360733][ T3508] usb usb2-port1: attempt power cycle
[  613.531204][    T7] gspca_cpia1: usb_control_msg 03, error -32
[  613.537593][T12259] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  613.544126][T12259] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  613.560479][T12259] vhci_hcd vhci_hcd.0: Device attached
[  613.571383][    T7] cpia1 3-1:0.0: unexpected state after lo power cmd: b6
[  613.628637][T12260] vhci_hcd: connection closed
[  613.629143][T10398] vhci_hcd: stop threads
[  613.649473][T10398] vhci_hcd: release socket
[  613.654380][T10398] vhci_hcd: disconnect device
[  613.661454][ T3247] usb 5-1: config 0 has an invalid descriptor of length 235, skipping remainder of the config
[  613.672320][ T3247] usb 5-1: too many endpoints for config 0 interface 0 altsetting 199: 83, using maximum allowed: 30
[  613.684137][ T3247] usb 5-1: config 0 interface 0 altsetting 199 has 0 endpoint descriptors, different from the interface descriptor's value: 83
[  613.697798][ T3247] usb 5-1: config 0 interface 0 has no altsetting 0
[  613.784839][ T3508] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  613.871647][ T3247] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  613.887840][ T3247] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.896807][ T3247] usb 5-1: Product: syz
[  613.908524][ T3247] usb 5-1: Manufacturer: syz
[  613.913602][ T3247] usb 5-1: SerialNumber: syz
[  613.920923][ T3247] usb 5-1: config 0 descriptor??
[  613.931397][ T3508] usb 2-1: no configurations
[  613.936253][ T3508] usb 2-1: can't read configurations, error -22
[  614.001214][    T7] gspca_cpia1: usb_control_msg 02, error -71
[  614.021378][    T7] gspca_cpia1: usb_control_msg 05, error -71
[  614.027385][    T7] cpia1 3-1:0.0: unexpected systemstate: b6
[  614.050752][    T7] usb 3-1: USB disconnect, device number 88
[  614.111287][ T3508] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  614.209453][T12264] loop0: detected capacity change from 0 to 2048
[  614.230492][ T3247] usb 5-1: selecting invalid altsetting 0
[  614.241910][ T3508] usb 2-1: no configurations
[  614.246924][ T3508] usb 2-1: can't read configurations, error -22
[  614.259710][ T3508] usb usb2-port1: unable to enumerate USB device
[  614.263048][ T3247] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[  614.309092][ T3247] usb 5-1: USB disconnect, device number 88
[  614.314284][ T3494] udevd[3494]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  614.317623][T12264] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  614.374375][   T26] audit: type=1804 audit(1719528227.449:89): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2358" name="/root/syzkaller.2wUXDK/124/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  614.399467][   T26] audit: type=1804 audit(1719528227.449:90): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2358" name="/root/syzkaller.2wUXDK/124/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  614.419874][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2358'.
[  614.422182][    C0] vkms_vblank_simulate: vblank timer overrun
[  614.443944][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2361'.
[  614.569144][T12276] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2364'.
[  614.615628][T12280] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2365'.
[  614.626206][T12280] nbd: must specify a size in bytes for the device
[  614.738826][T12286] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  614.745368][T12286] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  614.755116][T12286] vhci_hcd vhci_hcd.0: Device attached
[  614.781158][   T23] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  614.818827][T12287] vhci_hcd: connection closed
[  614.819050][ T3572] vhci_hcd: stop threads
[  614.833256][ T3572] vhci_hcd: release socket
[  614.837778][ T3572] vhci_hcd: disconnect device
[  614.984538][ T3247] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  615.031421][   T23] usb 4-1: Using ep0 maxpacket: 8
[  615.191418][   T23] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  615.209785][   T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  615.220986][   T23] usb 4-1: config 0 has no interface number 0
[  615.234692][   T23] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  615.246024][ T3247] usb 3-1: Using ep0 maxpacket: 32
[  615.251490][   T23] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  615.262063][   T23] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  615.276075][   T23] usb 4-1: config 0 interface 52 has no altsetting 0
[  615.371765][ T3247] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  615.390775][ T3247] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  615.401491][ T3247] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  615.450540][T12302] loop1: detected capacity change from 0 to 2048
[  615.491425][   T23] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  615.506424][   T23] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  615.515449][   T23] usb 4-1: Product: syz
[  615.519721][   T23] usb 4-1: Manufacturer: syz
[  615.524539][   T23] usb 4-1: SerialNumber: syz
[  615.533383][   T23] usb 4-1: config 0 descriptor??
[  615.578716][T12302] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  615.594544][   T26] audit: type=1804 audit(1719528228.669:91): pid=12302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2372" name="/root/syzkaller.PBg7JS/148/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  615.622560][ T3247] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  615.640770][T12302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2372'.
[  615.650131][ T3247] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.669993][ T3247] usb 3-1: Product: syz
[  615.674744][ T3247] usb 3-1: Manufacturer: syz
[  615.680689][   T26] audit: type=1804 audit(1719528228.699:92): pid=12302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2372" name="/root/syzkaller.PBg7JS/148/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  615.718573][ T3247] usb 3-1: SerialNumber: syz
[  615.757885][T12307] loop4: detected capacity change from 0 to 2048
[  615.802194][   T23] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  615.815050][   T23] synaptics_usb: probe of 4-1:0.52 failed with error -5
[  615.890371][T12307] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  615.958604][T12307] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  615.979101][T12307] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  615.993562][T12307] EXT4-fs (loop4): This should not happen!! Data will be lost
[  615.993562][T12307] 
[  616.004247][T12307] EXT4-fs (loop4): Total free blocks count 0
[  616.016372][   T23] usb 4-1: USB disconnect, device number 90
[  616.022893][T12307] EXT4-fs (loop4): Free/Dirty block details
[  616.031567][T12307] EXT4-fs (loop4): free_blocks=2415919104
[  616.037343][T12307] EXT4-fs (loop4): dirty_blocks=16
[  616.073536][ T3247] cdc_ncm 3-1:1.0: bind() failure
[  616.084031][T12307] EXT4-fs (loop4): Block reservation details
[  616.089403][ T3247] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  616.099875][ T3247] cdc_ncm 3-1:1.1: bind() failure
[  616.108246][T12307] EXT4-fs (loop4): i_reserved_data_blocks=1
[  616.111802][T12315] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2373'.
[  616.127887][ T3247] usb 3-1: USB disconnect, device number 89
[  616.275067][T12320] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2377'.
[  616.288224][T12320] nbd: must specify a size in bytes for the device
[  616.411134][ T3554] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  616.465820][T12326] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2380'.
[  616.475078][ T3550] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  616.574119][T12337] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  616.580645][T12337] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  616.587283][T12340] sctp: [Deprecated]: syz.2.2381 (pid 12340) Use of int in maxseg socket option.
[  616.587283][T12340] Use struct sctp_assoc_value instead
[  616.590687][T12337] vhci_hcd vhci_hcd.0: Device attached
[  616.618819][T12340] loop2: detected capacity change from 0 to 8
[  616.662330][T12340] squashfs: Unknown parameter '/dev/random'
[  616.673655][T12338] vhci_hcd: connection closed
[  616.673890][T10398] vhci_hcd: stop threads
[  616.684065][T10398] vhci_hcd: release socket
[  616.688920][T10398] vhci_hcd: disconnect device
[  616.741800][ T3554] usb 2-1: no configurations
[  616.748413][ T3554] usb 2-1: can't read configurations, error -22
[  616.790940][T12340] loop2: detected capacity change from 0 to 4096
[  616.812068][T12340] NILFS (loop2): unrecognized mount option "nok'"
[  616.871654][ T3550] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  616.880749][ T3550] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.899039][ T3550] usb 1-1: config 0 descriptor??
[  616.904222][ T3554] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  616.940780][T12345] loop4: detected capacity change from 0 to 2048
[  616.960110][ T3550] gspca_main: cpia1-2.14.0 probing 0813:0001
[  616.973035][T12340] loop2: detected capacity change from 0 to 2048
[  617.025027][T12340] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  617.068677][T12345] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  617.116740][   T26] audit: type=1804 audit(1719528230.189:93): pid=12345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2384" name="/root/syzkaller.ltEf2I/31/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  617.177833][T12345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2384'.
[  617.209610][ T3554] usb 2-1: no configurations
[  617.214745][ T3554] usb 2-1: can't read configurations, error -22
[  617.236972][ T3554] usb usb2-port1: attempt power cycle
[  617.246936][   T26] audit: type=1804 audit(1719528230.229:94): pid=12345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2384" name="/root/syzkaller.ltEf2I/31/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  617.411929][ T3550] gspca_cpia1: usb_control_msg 03, error -32
[  617.451560][ T3550] cpia1 1-1:0.0: unexpected state after lo power cmd: b6
[  617.691388][ T3247] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  617.699146][ T3554] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  617.851523][ T3554] usb 2-1: no configurations
[  617.856158][ T3554] usb 2-1: can't read configurations, error -22
[  617.881251][ T3550] gspca_cpia1: usb_control_msg 02, error -71
[  617.901984][ T3550] gspca_cpia1: usb_control_msg 05, error -71
[  617.909394][ T3550] cpia1 1-1:0.0: unexpected systemstate: b6
[  617.934167][ T3550] usb 1-1: USB disconnect, device number 85
[  617.971292][ T3247] usb 5-1: Using ep0 maxpacket: 16
[  618.031228][ T3554] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  618.192569][ T3554] usb 2-1: no configurations
[  618.197718][ T3554] usb 2-1: can't read configurations, error -22
[  618.205651][ T3554] usb usb2-port1: unable to enumerate USB device
[  618.260051][T12363] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2389'.
[  618.270313][T12363] nbd: must specify a size in bytes for the device
[  618.281235][ T3247] usb 5-1: New USB device found, idVendor=0557, idProduct=4000, bcdDevice=53.e0
[  618.302532][ T3247] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.310532][ T3247] usb 5-1: Product: syz
[  618.335578][ T3247] usb 5-1: Manufacturer: syz
[  618.341475][ T3247] usb 5-1: SerialNumber: syz
[  618.371591][ T3247] usb 5-1: config 0 descriptor??
[  618.379453][T12365] loop2: detected capacity change from 0 to 2048
[  618.465667][T12365] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  618.506010][T12365] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  618.541303][T12365] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  618.554420][T12365] EXT4-fs (loop2): This should not happen!! Data will be lost
[  618.554420][T12365] 
[  618.565314][T12365] EXT4-fs (loop2): Total free blocks count 0
[  618.571635][T12365] EXT4-fs (loop2): Free/Dirty block details
[  618.572037][T12374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2388'.
[  618.577634][T12365] EXT4-fs (loop2): free_blocks=2415919104
[  618.592480][T12365] EXT4-fs (loop2): dirty_blocks=16
[  618.597598][T12365] EXT4-fs (loop2): Block reservation details
[  618.604939][T12365] EXT4-fs (loop2): i_reserved_data_blocks=1
[  618.644253][ T3247] kaweth 5-1:0.0: Firmware present in device.
[  618.663461][ T3572] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  618.680172][ T3572] EXT4-fs (loop2): This should not happen!! Data will be lost
[  618.680172][ T3572] 
[  618.711236][ T3554] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  618.812115][T12376] loop2: detected capacity change from 0 to 512
[  618.841399][ T3247] kaweth 5-1:0.0: Statistics collection: 0
[  618.847472][ T3247] kaweth 5-1:0.0: Multicast filter limit: 0
[  618.861896][ T3247] kaweth 5-1:0.0: MTU: 0
[  618.866161][ T3247] kaweth 5-1:0.0: Read MAC address 00:00:00:00:00:00
[  618.898660][T12376] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  618.908895][T12376] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  618.917632][T12376] System zones: 0-2, 18-18, 34-35
[  618.924402][T12376] EXT4-fs (loop2): mounted filesystem without journal. Opts: data=journal,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none.
[  618.951145][ T3554] usb 1-1: Using ep0 maxpacket: 32
[  619.067531][T12382] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  619.081462][ T3554] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  619.093125][T12384] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  619.099657][T12384] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  619.108083][ T3554] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  619.112643][T12384] vhci_hcd vhci_hcd.0: Device attached
[  619.117966][ T3554] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  619.191340][T12385] vhci_hcd: connection closed
[  619.191877][ T4126] vhci_hcd: stop threads
[  619.200935][ T4126] vhci_hcd: release socket
[  619.206495][ T4126] vhci_hcd: disconnect device
[  619.221481][ T3553] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  619.294908][T12392] loop1: detected capacity change from 0 to 2048
[  619.311314][ T3554] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  619.320471][ T3554] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.328510][ T3554] usb 1-1: Product: syz
[  619.333018][ T3554] usb 1-1: Manufacturer: syz
[  619.337623][ T3554] usb 1-1: SerialNumber: syz
[  619.379690][T12392] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  619.405758][   T26] audit: type=1804 audit(1719528232.479:95): pid=12392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2397" name="/root/syzkaller.PBg7JS/153/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  619.429338][   T26] audit: type=1804 audit(1719528232.499:96): pid=12392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2397" name="/root/syzkaller.PBg7JS/153/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  619.432615][T12392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2397'.
[  619.452012][    C0] vkms_vblank_simulate: vblank timer overrun
[  619.497592][ T3553] usb 3-1: Using ep0 maxpacket: 8
[  619.512219][ T3247] kaweth 5-1:0.0: kaweth interface created at eth1
[  619.786670][ T3553] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  619.795988][ T3553] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.806180][ T3553] usb 3-1: config 0 has no interface number 0
[  619.812565][ T3553] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  619.823687][ T3553] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  619.833836][ T3554] cdc_ncm 1-1:1.0: bind() failure
[  619.841124][ T3553] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  620.020623][T12408] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  620.047229][ T3554] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  620.054546][ T3554] cdc_ncm 1-1:1.1: bind() failure
[  620.059807][ T3553] usb 3-1: config 0 interface 52 has no altsetting 0
[  621.166751][ T3554] usb 1-1: USB disconnect, device number 86
[  621.237409][    T7] usb 5-1: USB disconnect, device number 89
[  621.521405][ T3553] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  621.530581][ T3553] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  621.544931][T12417] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2401'.
[  621.598854][T12417] nbd: must specify a size in bytes for the device
[  621.616688][ T3553] usb 3-1: Product: syz
[  621.620879][ T3553] usb 3-1: Manufacturer: syz
[  621.631837][ T3553] usb 3-1: SerialNumber: syz
[  621.653114][T12425] sctp: [Deprecated]: syz.0.2402 (pid 12425) Use of int in maxseg socket option.
[  621.653114][T12425] Use struct sctp_assoc_value instead
[  621.675330][ T3553] usb 3-1: config 0 descriptor??
[  621.732077][T12425] loop0: detected capacity change from 0 to 8
[  621.740840][T12423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2404'.
[  621.812674][T12425] squashfs: Unknown parameter '/dev/random'
[  621.822243][ T3553] usb 3-1: Can not set alternate setting to 1, error: -71
[  621.830325][ T3553] synaptics_usb: probe of 3-1:0.52 failed with error -71
[  621.900549][ T3553] usb 3-1: USB disconnect, device number 90
[  622.112519][T12414] loop4: detected capacity change from 0 to 8192
[  622.186611][T12425] loop0: detected capacity change from 0 to 4096
[  622.226331][T12414]  loop4: p1 p2 p3
[  622.424525][T12425] NILFS (loop0): unrecognized mount option "nok'"
[  622.661433][ T3553] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  623.101397][ T3553] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  623.114530][T12451] loop4: detected capacity change from 0 to 2048
[  623.128341][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  623.132032][ T3553] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  623.168894][T12425] loop0: detected capacity change from 0 to 2048
[  623.186822][ T4049] udevd[4049]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  623.210571][ T3553] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  623.236229][T12451] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  623.250067][ T3553] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.274033][ T3553] usb 3-1: config 0 descriptor??
[  623.274433][   T26] audit: type=1804 audit(1719528236.349:97): pid=12451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2409" name="/root/syzkaller.ltEf2I/34/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  623.274704][   T26] audit: type=1804 audit(1719528236.349:98): pid=12451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2409" name="/root/syzkaller.ltEf2I/34/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  623.286727][T12451] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2409'.
[  623.418234][T12425] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  623.515305][T12469] loop4: detected capacity change from 0 to 256
[  623.630495][T12469] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  623.649057][ T3550] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  624.278811][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  624.295153][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  624.782962][ T3550] usb 2-1: Using ep0 maxpacket: 32
[  624.913262][T12474] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2414'.
[  624.922743][T12474] nbd: must specify a size in bytes for the device
[  624.931637][ T3550] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  624.954127][ T3550] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  625.158164][ T3550] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  625.344790][T12478] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  625.491534][ T3550] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  625.642789][ T3550] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.818484][ T3550] usb 2-1: Product: syz
[  625.902291][ T3550] usb 2-1: Manufacturer: syz
[  625.907254][ T3550] usb 2-1: SerialNumber: syz
[  625.923813][T12480] loop0: detected capacity change from 0 to 512
[  625.973296][ T3553] usb 3-1: USB disconnect, device number 91
[  625.987759][T12480] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  626.088011][T12482] loop2: detected capacity change from 0 to 2048
[  626.094229][T12480] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  626.102582][T12480] System zones: 0-2, 18-18, 34-35
[  626.121875][T12480] EXT4-fs (loop0): mounted filesystem without journal. Opts: data=journal,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none.
[  626.167338][T12488] xt_CT: No such helper "pptp"
[  626.253182][T12482] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  626.311381][ T3550] cdc_ncm 2-1:1.0: bind() failure
[  626.319850][ T3550] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  626.329756][ T3550] cdc_ncm 2-1:1.1: bind() failure
[  626.343566][ T3550] usb 2-1: USB disconnect, device number 94
[  626.372257][T12482] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  626.401184][ T3508] Bluetooth: hci0: command 0x0401 tx timeout
[  626.448006][T12482] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  626.524931][T12500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2417'.
[  626.541338][ T3247] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  626.562593][T12482] EXT4-fs (loop2): This should not happen!! Data will be lost
[  626.562593][T12482] 
[  626.583545][T12482] EXT4-fs (loop2): Total free blocks count 0
[  626.589679][T12482] EXT4-fs (loop2): Free/Dirty block details
[  626.641118][T12482] EXT4-fs (loop2): free_blocks=2415919104
[  626.647488][T12482] EXT4-fs (loop2): dirty_blocks=16
[  626.774115][   T26] audit: type=1800 audit(1719528239.739:99): pid=12503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2422" name="bus" dev="sda1" ino=2026 res=0 errno=0
[  626.921349][ T3247] usb 1-1: Using ep0 maxpacket: 8
[  626.948988][T12482] EXT4-fs (loop2): Block reservation details
[  627.045934][T12482] EXT4-fs (loop2): i_reserved_data_blocks=1
[  627.053211][ T3247] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  627.081814][ T3247] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  627.253358][ T3247] usb 1-1: config 0 has no interface number 0
[  627.259491][ T3247] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  627.359111][ T3247] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  627.373245][T12505] loop1: detected capacity change from 0 to 2048
[  627.385046][ T3247] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  627.404513][ T3247] usb 1-1: config 0 interface 52 has no altsetting 0
[  627.563476][T12505] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  627.590552][ T3247] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  627.609919][T12513] sctp: [Deprecated]: syz.4.2426 (pid 12513) Use of int in maxseg socket option.
[  627.609919][T12513] Use struct sctp_assoc_value instead
[  627.625568][ T3247] usb 1-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  627.633448][T12513] loop4: detected capacity change from 0 to 8
[  627.635098][ T3247] usb 1-1: Product: syz
[  628.470896][T12505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2423'.
[  628.530817][   T26] audit: type=1804 audit(1719528241.599:100): pid=12516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2423" name="/root/syzkaller.PBg7JS/159/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  628.554698][T12513] squashfs: Unknown parameter '/dev/random'
[  628.557251][ T3247] usb 1-1: Manufacturer: syz
[  628.565934][ T3247] usb 1-1: SerialNumber: syz
[  628.573559][ T3247] usb 1-1: config 0 descriptor??
[  628.582757][T12518] loop2: detected capacity change from 0 to 128
[  628.658046][ T3519] Bluetooth: hci3: link tx timeout
[  628.664022][ T3519] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  628.683891][T12513] loop4: detected capacity change from 0 to 4096
[  628.732447][ T3247] usb 1-1: Can not set alternate setting to 1, error: -71
[  628.755279][T12513] NILFS (loop4): unrecognized mount option "nok'"
[  628.799713][ T3247] synaptics_usb: probe of 1-1:0.52 failed with error -71
[  628.851333][ T3247] usb 1-1: USB disconnect, device number 87
[  629.025894][T12524] loop4: detected capacity change from 0 to 2048
[  629.092229][T12524] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  629.251565][ T3550] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  629.835846][T12538] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  629.981832][ T3550] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.069620][ T3550] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  630.081212][ T3553] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  630.205347][ T3550] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  630.281760][ T3550] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.345722][ T3550] usb 2-1: config 0 descriptor??
[  630.694807][T12543] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  630.761701][ T3553] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.931889][ T3553] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  631.106517][ T3553] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  631.430447][ T3508] Bluetooth: hci3: command 0x0406 tx timeout
[  631.444375][ T3553] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.491601][ T3553] usb 1-1: config 0 descriptor??
[  631.882733][T12549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2435'.
[  631.991204][ T3553] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  632.261179][ T3553] usb 3-1: Using ep0 maxpacket: 32
[  632.294925][T12558] loop4: detected capacity change from 0 to 2048
[  632.392740][ T3553] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  632.425237][T12558] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  632.428030][ T3553] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  632.453062][   T26] audit: type=1804 audit(1719528245.529:101): pid=12558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2438" name="/root/syzkaller.ltEf2I/40/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  632.456739][T12558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2438'.
[  632.515588][ T3519] Bluetooth: hci3: link tx timeout
[  632.520814][ T3519] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  632.552179][   T26] audit: type=1804 audit(1719528245.529:102): pid=12558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2438" name="/root/syzkaller.ltEf2I/40/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  632.576200][ T3553] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  632.594284][   T23] usb 2-1: USB disconnect, device number 95
[  632.757383][   T26] audit: type=1804 audit(1719528245.829:103): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2441" name="/root/syzkaller.ltEf2I/41/file1" dev="sda1" ino=2017 res=1 errno=0
[  632.791324][   T26] audit: type=1804 audit(1719528245.829:104): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2441" name="/root/syzkaller.ltEf2I/41/file1" dev="sda1" ino=2017 res=1 errno=0
[  632.827668][ T3553] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  632.842697][T12570] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2442'.
[  632.854975][   T26] audit: type=1804 audit(1719528245.829:105): pid=12567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2441" name="/root/syzkaller.ltEf2I/41/file1" dev="sda1" ino=2017 res=1 errno=0
[  632.857958][ T3553] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.893391][T12570] nbd: must specify a size in bytes for the device
[  632.900087][ T3553] usb 3-1: Product: syz
[  632.916970][ T3247] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  632.924613][ T3553] usb 3-1: Manufacturer: syz
[  632.929222][ T3553] usb 3-1: SerialNumber: syz
[  633.169597][ T3508] usb 1-1: USB disconnect, device number 88
[  633.344560][T12577] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  633.481855][ T3247] usb 4-1: Using ep0 maxpacket: 8
[  633.676210][ T3247] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  633.741934][ T3553] cdc_ncm 3-1:1.0: bind() failure
[  633.770588][ T3247] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.872831][ T3553] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  633.892158][    T7] Bluetooth: hci0: command 0x0401 tx timeout
[  633.897966][ T3553] cdc_ncm 3-1:1.1: bind() failure
[  634.299624][ T3247] usb 4-1: config 0 has no interface number 0
[  634.309521][ T3247] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  634.321350][ T3553] usb 3-1: USB disconnect, device number 92
[  634.330791][ T3247] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  634.344881][ T3494] udevd[3494]: setting owner of /dev/bus/usb/003/092 to uid=0, gid=0 failed: No such file or directory
[  634.345934][ T3247] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  634.373736][ T3247] usb 4-1: config 0 interface 52 has no altsetting 0
[  634.445134][T12584] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  634.459465][T12590] loop4: detected capacity change from 0 to 128
[  634.494885][T12588] loop0: detected capacity change from 0 to 2048
[  634.568205][T12588] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  634.581436][ T3247] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  634.590699][ T3247] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  634.599175][ T3247] usb 4-1: Product: syz
[  634.604533][ T3247] usb 4-1: Manufacturer: syz
[  634.609146][ T3247] usb 4-1: SerialNumber: syz
[  634.618001][ T3247] usb 4-1: config 0 descriptor??
[  634.635072][T12590] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none.
[  634.650423][T12590] ext4 filesystem being mounted at /root/syzkaller.ltEf2I/44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  634.679435][T12588] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  634.721841][T12590] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2446'.
[  634.793859][T12590] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2446'.
[  634.804687][T12588] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  634.849677][T12598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2447'.
[  634.860420][T12599] sctp: [Deprecated]: syz.2.2449 (pid 12599) Use of int in maxseg socket option.
[  634.860420][T12599] Use struct sctp_assoc_value instead
[  634.892399][T12588] EXT4-fs (loop0): This should not happen!! Data will be lost
[  634.892399][T12588] 
[  634.912060][ T3247] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  634.918036][T12588] EXT4-fs (loop0): Total free blocks count 0
[  634.922176][T12599] loop2: detected capacity change from 0 to 8
[  634.947322][ T3247] synaptics_usb: probe of 4-1:0.52 failed with error -5
[  634.949316][T12588] EXT4-fs (loop0): Free/Dirty block details
[  634.992513][T12599] squashfs: Unknown parameter '/dev/random'
[  634.996617][T12588] EXT4-fs (loop0): free_blocks=2415919104
[  635.025150][T12588] EXT4-fs (loop0): dirty_blocks=16
[  635.065833][T12588] EXT4-fs (loop0): Block reservation details
[  635.083916][T12588] EXT4-fs (loop0): i_reserved_data_blocks=1
[  635.155679][ T3247] usb 4-1: USB disconnect, device number 91
[  635.221373][T12599] loop2: detected capacity change from 0 to 4096
[  635.281424][T12599] NILFS (loop2): unrecognized mount option "nok'"
[  635.423428][T12603] loop4: detected capacity change from 0 to 8192
[  635.472696][T12599] loop2: detected capacity change from 0 to 2048
[  635.485475][T12603]  loop4: p1 p2 p3
[  635.619196][T12599] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  635.621320][    T7] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  635.838484][T12609] loop4: detected capacity change from 0 to 2048
[  635.899917][T12613] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2454'.
[  635.921365][ T3555] Bluetooth: hci0: command 0x0401 tx timeout
[  635.939547][T12613] nbd: must specify a size in bytes for the device
[  635.985774][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  635.999360][ T3494] udevd[3494]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  636.001151][ T4049] udevd[4049]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  636.031422][    T7] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  636.047424][    T7] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  636.072241][T12609] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  636.074038][    T7] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  636.092418][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.102467][    T7] usb 1-1: config 0 descriptor??
[  636.197262][   T26] audit: type=1804 audit(1719528249.269:106): pid=12609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2452" name="/root/syzkaller.ltEf2I/46/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  636.230439][T12609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2452'.
[  636.318868][   T26] audit: type=1804 audit(1719528249.299:107): pid=12609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2452" name="/root/syzkaller.ltEf2I/46/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  636.467667][T12623] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  637.497426][T12631] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  637.668655][ T3247] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  638.241501][ T3247] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  638.259737][ T3247] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  638.275867][ T3247] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  638.292552][ T3247] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.308319][ T3247] usb 2-1: config 0 descriptor??
[  638.334906][   T23] usb 1-1: USB disconnect, device number 89
[  638.398883][T12635] loop0: detected capacity change from 0 to 2048
[  638.429277][T12637] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  638.435812][T12637] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  638.445328][T12637] vhci_hcd vhci_hcd.0: Device attached
[  638.471154][ T3550] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  638.505344][T12640] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  638.528219][T12638] vhci_hcd: connection closed
[  638.528596][ T4126] vhci_hcd: stop threads
[  638.545962][ T4126] vhci_hcd: release socket
[  638.550674][ T4126] vhci_hcd: disconnect device
[  638.590379][T12635] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  638.645105][T12635] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  638.667502][T12635] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  638.680092][T12635] EXT4-fs (loop0): This should not happen!! Data will be lost
[  638.680092][T12635] 
[  638.698868][T12635] EXT4-fs (loop0): Total free blocks count 0
[  638.710483][T12643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'.
[  638.726491][T12635] EXT4-fs (loop0): Free/Dirty block details
[  638.735748][T12635] EXT4-fs (loop0): free_blocks=2415919104
[  638.747661][T12635] EXT4-fs (loop0): dirty_blocks=16
[  638.753094][T12635] EXT4-fs (loop0): Block reservation details
[  638.759173][T12635] EXT4-fs (loop0): i_reserved_data_blocks=1
[  638.776730][ T3550] usb 4-1: Using ep0 maxpacket: 32
[  638.836501][T12645] loop2: detected capacity change from 0 to 8
[  638.929314][T12645] SQUASHFS error: zstd decompression failed, data probably corrupt
[  638.933635][ T3550] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  638.965440][ T3550] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  638.973578][T12645] SQUASHFS error: Failed to read block 0x4ec: -5
[  638.979821][ T3550] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  638.990093][T12645] SQUASHFS error: Unable to read metadata cache entry [4ea]
[  639.000039][T12645] SQUASHFS error: Unable to read inode 0x2011f
[  639.041215][ T3553] Bluetooth: hci0: command 0x0401 tx timeout
[  639.077496][T12652] loop4: detected capacity change from 0 to 512
[  639.163053][   T26] audit: type=1326 audit(1719528252.239:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12644 comm="syz.2.2462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c10c41b29 code=0x0
[  639.186948][T12647] loop0: detected capacity change from 0 to 8192
[  639.195237][T12652] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  639.211462][ T3550] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  639.222020][T12652] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  639.235779][T12652] System zones: 0-2, 18-18, 34-35
[  639.240976][ T3550] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.256299][T12647]  loop0: p1 p2 p3
[  639.285798][T12652] EXT4-fs (loop4): mounted filesystem without journal. Opts: data=journal,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none.
[  639.303733][ T3550] usb 4-1: Product: syz
[  639.307908][ T3550] usb 4-1: Manufacturer: syz
[  639.312724][ T3550] usb 4-1: SerialNumber: syz
[  639.611453][ T4223] udevd[4223]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  639.612411][ T4049] udevd[4049]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  639.671861][ T3550] cdc_ncm 4-1:1.0: bind() failure
[  639.793476][T12660] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  639.962362][ T3247] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  640.070742][ T3550] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  640.207793][ T3550] cdc_ncm 4-1:1.1: bind() failure
[  640.421786][T12562] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set
[  640.431308][ T3494] udevd[3494]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  640.452227][    T7] usb 2-1: USB disconnect, device number 96
[  640.471263][ T3247] usb 5-1: Using ep0 maxpacket: 8
[  640.477563][ T3550] usb 4-1: USB disconnect, device number 92
[  640.528054][T12662] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2467'.
[  640.581512][T12662] nbd: must specify a size in bytes for the device
[  640.600703][T12664] loop1: detected capacity change from 0 to 2048
[  640.631532][ T3247] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  640.639890][ T3247] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  640.657337][ T3247] usb 5-1: config 0 has no interface number 0
[  640.667262][ T3247] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  640.806209][T12664] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  640.828296][ T3247] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  640.839162][ T3247] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  640.852893][ T3247] usb 5-1: config 0 interface 52 has no altsetting 0
[  641.208899][T12676] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  641.611077][T12678] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  642.001815][ T3247] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  642.021107][   T26] audit: type=1804 audit(1719528255.069:109): pid=12664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2468" name="/root/syzkaller.PBg7JS/165/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  642.051538][T12664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2468'.
[  642.070702][ T3247] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  642.105540][ T3247] usb 5-1: Product: syz
[  642.109728][ T3247] usb 5-1: Manufacturer: syz
[  642.128770][   T26] audit: type=1804 audit(1719528255.069:110): pid=12664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2468" name="/root/syzkaller.PBg7JS/165/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  642.152609][ T3552] Bluetooth: hci0: command 0x0401 tx timeout
[  642.159069][ T3552] Bluetooth: hci4: command 0x0406 tx timeout
[  642.162158][ T3247] usb 5-1: SerialNumber: syz
[  642.185561][ T3247] usb 5-1: config 0 descriptor??
[  642.230418][ T3247] usb 5-1: can't set config #0, error -71
[  642.256907][ T3247] usb 5-1: USB disconnect, device number 90
[  642.509917][T12685] loop1: detected capacity change from 0 to 2048
[  642.555307][T12682] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  642.601678][T12685] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  642.658193][T12685] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  642.700460][T12685] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  642.718867][T12685] EXT4-fs (loop1): This should not happen!! Data will be lost
[  642.718867][T12685] 
[  642.729237][T12685] EXT4-fs (loop1): Total free blocks count 0
[  642.735620][T12685] EXT4-fs (loop1): Free/Dirty block details
[  642.741952][T12685] EXT4-fs (loop1): free_blocks=2415919104
[  642.747694][T12685] EXT4-fs (loop1): dirty_blocks=16
[  642.753417][T12685] EXT4-fs (loop1): Block reservation details
[  642.759421][T12685] EXT4-fs (loop1): i_reserved_data_blocks=1
[  642.794972][T12685] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2473'.
[  642.934727][ T1215] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  643.118939][T12697] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  643.294539][ T3247] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  643.436746][ T1215] EXT4-fs (loop1): This should not happen!! Data will be lost
[  643.436746][ T1215] 
[  643.926644][   T26] audit: type=1326 audit(1719528256.999:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.3.2478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3701a1b29 code=0x0
[  643.951571][ T3247] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  643.960852][ T3247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.977311][ T3247] usb 5-1: config 0 descriptor??
[  644.072062][T12707] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2480'.
[  644.261213][T10012] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  644.401369][ T3247] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  644.420032][T12711] loop2: detected capacity change from 0 to 512
[  644.539541][T12711] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  644.555914][T12711] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  644.570278][T12711] System zones: 0-2, 18-18, 34-35
[  644.577141][T12711] EXT4-fs (loop2): mounted filesystem without journal. Opts: data=journal,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none.
[  644.651244][ T3247] usb 1-1: Using ep0 maxpacket: 32
[  644.671375][T10012] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  644.681570][T10012] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  644.690568][T10012] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  644.699889][T10012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.709720][T10012] usb 2-1: config 0 descriptor??
[  644.791327][ T3247] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  644.809562][ T3247] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  644.824705][ T3247] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  644.861100][    T7] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  645.001303][ T3247] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  645.010385][ T3247] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.018673][ T3247] usb 1-1: Product: syz
[  645.023064][ T3247] usb 1-1: Manufacturer: syz
[  645.027671][ T3247] usb 1-1: SerialNumber: syz
[  645.111266][    T7] usb 3-1: Using ep0 maxpacket: 8
[  645.146036][   T26] audit: type=1804 audit(1719528258.219:112): pid=12717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2484" name="/root/syzkaller.bzbM20/207/bus" dev="sda1" ino=2030 res=1 errno=0
[  645.174419][T12717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2484'.
[  645.185481][   T26] audit: type=1804 audit(1719528258.249:113): pid=12717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2484" name="/root/syzkaller.bzbM20/207/bus" dev="sda1" ino=2030 res=1 errno=0
[  645.261392][    T7] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  645.270499][    T7] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  645.281153][    T7] usb 3-1: config 0 has no interface number 0
[  645.287245][    T7] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  645.298404][    T7] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  645.309057][    T7] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  645.322101][    T7] usb 3-1: config 0 interface 52 has no altsetting 0
[  645.391292][ T3247] cdc_ncm 1-1:1.0: bind() failure
[  645.404926][ T3247] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  645.418600][ T3247] cdc_ncm 1-1:1.1: bind() failure
[  645.481382][    T7] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  645.490846][    T7] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  645.505597][    T7] usb 3-1: Product: syz
[  645.509959][    T7] usb 3-1: Manufacturer: syz
[  645.516504][    T7] usb 3-1: SerialNumber: syz
[  645.572304][ T3247] usb 1-1: USB disconnect, device number 90
[  645.583336][    T7] usb 3-1: config 0 descriptor??
[  645.596789][ T3553] usb 5-1: USB disconnect, device number 91
[  645.755100][T12724] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  646.371809][    T7] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  646.385104][    T7] synaptics_usb: probe of 3-1:0.52 failed with error -5
[  646.405960][T12730] loop4: detected capacity change from 0 to 2048
[  646.563366][T12730] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  646.589808][T10012] usb 3-1: USB disconnect, device number 93
[  646.590215][T12730] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  646.613419][T12730] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  646.625941][T12730] EXT4-fs (loop4): This should not happen!! Data will be lost
[  646.625941][T12730] 
[  646.635802][T12730] EXT4-fs (loop4): Total free blocks count 0
[  646.641991][    T7] Bluetooth: hci0: command 0x0401 tx timeout
[  646.648876][T12730] EXT4-fs (loop4): Free/Dirty block details
[  646.652976][T12737] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2488'.
[  646.655058][T12730] EXT4-fs (loop4): free_blocks=2415919104
[  646.669412][T12730] EXT4-fs (loop4): dirty_blocks=16
[  646.674695][T12730] EXT4-fs (loop4): Block reservation details
[  646.680903][T12730] EXT4-fs (loop4): i_reserved_data_blocks=1
[  646.805708][T12732] loop0: detected capacity change from 0 to 8192
[  646.812448][T12713] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set
[  646.838377][ T4078] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  646.859495][ T4078] EXT4-fs (loop4): This should not happen!! Data will be lost
[  646.859495][ T4078] 
[  646.934419][T12732]  loop0: p1 p2 p3
[  646.943312][ T3552] usb 2-1: USB disconnect, device number 97
[  647.257825][T12743] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  647.837071][T12745] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2493'.
[  647.899080][T12745] nbd: must specify a size in bytes for the device
[  647.999256][T12747] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  648.037686][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  648.200610][   T26] audit: type=1804 audit(1719528261.269:114): pid=12758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2496" name="/root/syzkaller.bzbM20/212/bus" dev="sda1" ino=2027 res=1 errno=0
[  648.203845][T12758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2496'.
[  648.233235][T12757] loop0: detected capacity change from 0 to 8
[  648.281183][   T26] audit: type=1804 audit(1719528261.269:115): pid=12758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2496" name="/root/syzkaller.bzbM20/212/bus" dev="sda1" ino=2027 res=1 errno=0
[  648.341203][    T7] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  648.513239][T12757] SQUASHFS error: zstd decompression failed, data probably corrupt
[  648.546728][T12757] SQUASHFS error: Failed to read block 0x4ec: -5
[  648.555785][T12757] SQUASHFS error: Unable to read metadata cache entry [4ea]
[  648.722825][T12765] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  648.941497][T12757] SQUASHFS error: Unable to read inode 0x2011f
[  649.347393][ T3508] Bluetooth: hci0: command 0x0401 tx timeout
[  649.347514][T12752] loop2: detected capacity change from 0 to 32768
[  649.551303][   T26] audit: type=1326 audit(1719528262.619:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12755 comm="syz.0.2494" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efdb0a1ab29 code=0x0
[  649.573762][    T7] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  649.586342][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.606675][    T7] usb 2-1: config 0 descriptor??
[  649.614276][ T3517] Bluetooth: hci3: link tx timeout
[  649.622739][ T3517] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  649.671166][ T3552] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  649.911120][ T3552] usb 4-1: Using ep0 maxpacket: 32
[  650.001333][   T23] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  650.031218][ T3552] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  650.051118][ T3552] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  650.060889][ T3552] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  650.091119][    T7] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  650.251187][   T23] usb 5-1: Using ep0 maxpacket: 32
[  650.252124][ T3552] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.281158][ T3552] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.289347][ T3552] usb 4-1: Product: syz
[  650.301184][ T3552] usb 4-1: Manufacturer: syz
[  650.305810][ T3552] usb 4-1: SerialNumber: syz
[  650.381410][   T23] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  650.400092][   T23] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  650.422734][   T23] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  650.451275][    T7] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  650.460319][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.488023][    T7] usb 1-1: config 0 descriptor??
[  650.533214][    T7] gspca_main: cpia1-2.14.0 probing 0813:0001
[  650.571722][T12782] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  650.578256][T12782] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  650.589021][T12782] vhci_hcd vhci_hcd.0: Device attached
[  650.621425][   T23] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.630679][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.638728][   T23] usb 5-1: Product: syz
[  650.643075][   T23] usb 5-1: Manufacturer: syz
[  650.647704][   T23] usb 5-1: SerialNumber: syz
[  650.666096][T12783] vhci_hcd: connection closed
[  650.666339][ T4078] vhci_hcd: stop threads
[  650.675430][ T4078] vhci_hcd: release socket
[  650.679839][ T4078] vhci_hcd: disconnect device
[  650.821342][ T3552] cdc_ncm 4-1:1.0: bind() failure
[  650.828937][ T3552] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  650.839626][ T3552] cdc_ncm 4-1:1.1: bind() failure
[  650.847642][ T3552] usb 4-1: USB disconnect, device number 93
[  650.971306][    T7] gspca_cpia1: usb_control_msg 03, error -32
[  651.001271][   T23] cdc_ncm 5-1:1.0: bind() failure
[  651.009364][   T23] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  651.011999][    T7] cpia1 1-1:0.0: unexpected state after lo power cmd: b6
[  651.016775][   T23] cdc_ncm 5-1:1.1: bind() failure
[  651.031878][   T23] usb 5-1: USB disconnect, device number 92
[  651.258794][ T3552] usb 2-1: USB disconnect, device number 98
[  651.741206][    T7] gspca_cpia1: usb_control_msg 02, error -71
[  653.345058][T12796] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  653.399655][ T3552] Bluetooth: hci0: command 0x0401 tx timeout
[  653.411804][    T7] gspca_cpia1: usb_control_msg 05, error -71
[  653.444764][    T7] cpia1 1-1:0.0: unexpected systemstate: b6
[  653.491800][T12798] loop0: detected capacity change from 0 to 256
[  653.510667][    T7] usb 1-1: USB disconnect, device number 91
[  653.525902][T12798] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  654.352181][T12810] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  654.531532][ T3553] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  654.919943][T12812] loop4: detected capacity change from 0 to 2048
[  655.015188][ T3553] usb 2-1: Using ep0 maxpacket: 32
[  655.116027][T12812] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  655.178209][T12812] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  655.201502][ T3553] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  655.220930][ T3553] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  655.231932][ T3553] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  655.232831][T12812] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  655.273970][T12824] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2514'.
[  655.303498][T12812] EXT4-fs (loop4): This should not happen!! Data will be lost
[  655.303498][T12812] 
[  655.320480][T12812] EXT4-fs (loop4): Total free blocks count 0
[  655.327351][T12812] EXT4-fs (loop4): Free/Dirty block details
[  655.341493][T12812] EXT4-fs (loop4): free_blocks=2415919104
[  655.347371][T12812] EXT4-fs (loop4): dirty_blocks=16
[  655.352741][T12826] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  655.359258][T12826] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  655.377441][T12812] EXT4-fs (loop4): Block reservation details
[  655.388431][T12826] vhci_hcd vhci_hcd.0: Device attached
[  655.394099][T12812] EXT4-fs (loop4): i_reserved_data_blocks=1
[  655.421482][ T3553] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  655.444879][ T3553] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.457314][ T3553] usb 2-1: Product: syz
[  655.463021][ T3553] usb 2-1: Manufacturer: syz
[  655.468273][ T3553] usb 2-1: SerialNumber: syz
[  655.476826][T12827] vhci_hcd: connection closed
[  655.477065][ T1215] vhci_hcd: stop threads
[  655.494523][ T1215] vhci_hcd: release socket
[  655.498965][ T1215] vhci_hcd: disconnect device
[  655.734080][   T13] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  655.811416][ T3553] cdc_ncm 2-1:1.0: bind() failure
[  655.841699][ T3553] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  655.848530][ T3553] cdc_ncm 2-1:1.1: bind() failure
[  655.889275][ T3553] usb 2-1: USB disconnect, device number 99
[  655.898793][T12833] loop4: detected capacity change from 0 to 8192
[  655.950917][T12833]  loop4: p1 p2 p3
[  656.101522][   T13] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  656.130984][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.160392][   T13] usb 4-1: config 0 descriptor??
[  656.288986][T12843] loop1: detected capacity change from 0 to 2048
[  656.341175][    T7] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  656.351898][   T23] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  656.357747][T12843] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  656.384192][   T26] audit: type=1804 audit(1719528269.459:117): pid=12843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2522" name="/root/syzkaller.PBg7JS/173/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  656.387553][T12843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2522'.
[  656.417541][   T26] audit: type=1804 audit(1719528269.459:118): pid=12843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2522" name="/root/syzkaller.PBg7JS/173/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  656.441242][ T3553] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  656.608839][    T7] usb 3-1: Using ep0 maxpacket: 32
[  656.732676][    T7] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  656.751794][    T7] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  656.762127][    T7] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  656.791126][ T3553] usb 5-1: Using ep0 maxpacket: 8
[  656.925486][T12855] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  656.973645][   T23] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  656.992673][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.080673][   T23] usb 1-1: config 0 descriptor??
[  657.102132][ T3553] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  657.133881][ T3553] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  657.237709][   T23] gspca_main: cpia1-2.14.0 probing 0813:0001
[  657.287557][ T3553] usb 5-1: config 0 has no interface number 0
[  657.340423][ T3553] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  657.433443][ T3553] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  657.488947][ T3553] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  657.505638][ T3553] usb 5-1: config 0 interface 52 has no altsetting 0
[  657.661500][    T7] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  657.670588][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.679419][    T7] usb 3-1: Product: syz
[  657.681311][   T23] gspca_cpia1: usb_control_msg 03, error -32
[  657.684268][    T7] usb 3-1: Manufacturer: syz
[  657.689747][ T3553] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  657.696545][    T7] usb 3-1: SerialNumber: syz
[  657.713569][ T3553] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  657.727008][ T3553] usb 5-1: Product: syz
[  657.732596][ T3553] usb 5-1: Manufacturer: syz
[  657.737206][ T3553] usb 5-1: SerialNumber: syz
[  657.748371][   T23] cpia1 1-1:0.0: unexpected state after lo power cmd: b6
[  657.759420][ T3517] Bluetooth: hci3: link tx timeout
[  657.764985][ T3517] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  657.778953][ T3553] usb 5-1: config 0 descriptor??
[  657.808975][T12859] loop1: detected capacity change from 0 to 256
[  657.899322][T12859] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  658.051860][ T3553] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  658.066556][ T3553] synaptics_usb: probe of 5-1:0.52 failed with error -5
[  658.421920][    T7] cdc_ncm 3-1:1.0: bind() failure
[  658.533848][    T7] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  658.680001][    T7] cdc_ncm 3-1:1.1: bind() failure
[  658.849009][    T7] usb 3-1: USB disconnect, device number 94
[  658.865872][   T23] gspca_cpia1: usb_control_msg 02, error -71
[  658.877491][T10012] Bluetooth: hci0: command 0x0401 tx timeout
[  658.891809][   T23] gspca_cpia1: usb_control_msg 05, error -71
[  658.898252][   T23] cpia1 1-1:0.0: unexpected systemstate: b6
[  658.906398][   T23] usb 1-1: USB disconnect, device number 92
[  658.926789][ T3552] usb 5-1: USB disconnect, device number 93
[  658.959081][ T3555] usb 4-1: USB disconnect, device number 94
[  659.062329][T12866] loop0: detected capacity change from 0 to 2048
[  659.176190][T12872] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  659.182722][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  659.205269][T12872] vhci_hcd vhci_hcd.0: Device attached
[  659.258458][T12866] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  659.372140][T12866] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  659.389783][T12873] vhci_hcd: connection closed
[  659.390339][  T154] vhci_hcd: stop threads
[  659.401945][  T154] vhci_hcd: release socket
[  659.406504][  T154] vhci_hcd: disconnect device
[  659.421197][ T3553] vhci_hcd: vhci_device speed not set
[  659.449210][T12866] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  659.485413][T12891] loop2: detected capacity change from 0 to 2048
[  659.511899][T12866] EXT4-fs (loop0): This should not happen!! Data will be lost
[  659.511899][T12866] 
[  659.513372][T12889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2529'.
[  659.522295][T12866] EXT4-fs (loop0): Total free blocks count 0
[  659.537237][T12866] EXT4-fs (loop0): Free/Dirty block details
[  659.543509][T12866] EXT4-fs (loop0): free_blocks=2415919104
[  659.549493][T12866] EXT4-fs (loop0): dirty_blocks=16
[  659.561054][T12866] EXT4-fs (loop0): Block reservation details
[  659.587635][T12866] EXT4-fs (loop0): i_reserved_data_blocks=1
[  659.608493][T10012] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  659.639482][T12891] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  659.673087][   T26] audit: type=1804 audit(1719528272.749:119): pid=12891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2534" name="/root/syzkaller.nKP1fT/168/file0/bus" dev="loop2" ino=18 res=1 errno=0
[  659.701294][   T26] audit: type=1804 audit(1719528272.779:120): pid=12891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2534" name="/root/syzkaller.nKP1fT/168/file0/bus" dev="loop2" ino=18 res=1 errno=0
[  659.727284][T12891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2534'.
[  659.829753][ T3517] Bluetooth: hci3: link tx timeout
[  659.835073][ T3517] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[  659.853945][ T3517] Bluetooth: hci3: link tx timeout
[  659.859351][ T3517] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  659.881248][T10012] usb 5-1: Using ep0 maxpacket: 32
[  660.111309][T10012] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  660.123313][T10012] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  660.133144][T10012] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  660.248131][T12909] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  660.283185][ T3550] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  660.493041][T10012] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  660.517259][T10012] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.583834][T10012] usb 5-1: Product: syz
[  660.609261][T10012] usb 5-1: Manufacturer: syz
[  660.643250][T10012] usb 5-1: SerialNumber: syz
[  660.721757][ T3550] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  660.796486][ T3550] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.812480][ T3550] usb 1-1: config 0 descriptor??
[  660.866878][ T3550] gspca_main: cpia1-2.14.0 probing 0813:0001
[  660.950236][ T3552] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  661.021261][ T3555] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  661.066568][T12911] loop2: detected capacity change from 0 to 256
[  661.131733][T10012] cdc_ncm 5-1:1.0: bind() failure
[  661.133925][T12911] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  661.143227][T10012] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  661.160235][T10012] cdc_ncm 5-1:1.1: bind() failure
[  661.172875][T10012] usb 5-1: USB disconnect, device number 94
[  661.292683][ T3550] gspca_cpia1: usb_control_msg 03, error -32
[  661.341351][ T3550] cpia1 1-1:0.0: unexpected state after lo power cmd: b6
[  661.351148][ T3555] usb 2-1: Using ep0 maxpacket: 32
[  661.435333][ T3552] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  661.478172][ T3552] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.553206][ T3555] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  661.588801][ T3555] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  661.610887][ T3552] usb 4-1: config 0 descriptor??
[  661.811321][ T3555] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  662.119088][ T3553] Bluetooth: hci3: command 0x0406 tx timeout
[  662.151256][ T3550] gspca_cpia1: usb_control_msg 02, error -71
[  662.171384][ T3555] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  662.181257][ T3550] gspca_cpia1: usb_control_msg 05, error -71
[  662.187259][ T3550] cpia1 1-1:0.0: unexpected systemstate: b6
[  662.195271][ T3550] usb 1-1: USB disconnect, device number 93
[  662.201182][ T3555] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.241166][ T3555] usb 2-1: Product: syz
[  662.245376][ T3555] usb 2-1: Manufacturer: syz
[  662.249978][ T3555] usb 2-1: SerialNumber: syz
[  662.377220][T12925] loop0: detected capacity change from 0 to 2048
[  662.459729][T12925] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  662.489495][T12925] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  662.506570][T12925] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  662.518991][T12925] EXT4-fs (loop0): This should not happen!! Data will be lost
[  662.518991][T12925] 
[  662.529295][T12925] EXT4-fs (loop0): Total free blocks count 0
[  662.535608][T12925] EXT4-fs (loop0): Free/Dirty block details
[  662.542461][T12925] EXT4-fs (loop0): free_blocks=2415919104
[  662.548207][T12925] EXT4-fs (loop0): dirty_blocks=16
[  662.554199][T12925] EXT4-fs (loop0): Block reservation details
[  662.560204][T12925] EXT4-fs (loop0): i_reserved_data_blocks=1
[  662.579136][T12925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2546'.
[  662.620253][ T3939] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  662.641246][ T3939] EXT4-fs (loop0): This should not happen!! Data will be lost
[  662.641246][ T3939] 
[  662.641305][ T3553] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  662.771465][ T3555] cdc_ncm 2-1:1.0: bind() failure
[  662.792701][ T3555] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  662.815332][ T3555] cdc_ncm 2-1:1.1: bind() failure
[  662.825551][ T3555] usb 2-1: USB disconnect, device number 100
[  662.855951][T12937] loop0: detected capacity change from 0 to 2048
[  662.895854][T12933] loop2: detected capacity change from 0 to 8192
[  662.902507][ T3553] usb 5-1: Using ep0 maxpacket: 8
[  662.937714][T12937] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  662.968551][T12933]  loop2: p1 p2 p3
[  662.987692][   T26] audit: type=1804 audit(1719528276.059:121): pid=12937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2549" name="/root/syzkaller.2wUXDK/155/file0/bus" dev="loop0" ino=18 res=1 errno=0
[  662.998748][T12937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2549'.
[  663.031496][ T3553] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  663.039569][ T3553] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.059937][ T3553] usb 5-1: config 0 has no interface number 0
[  663.066848][ T3553] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  663.081204][ T3553] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  663.093192][ T3553] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  663.106281][ T3553] usb 5-1: config 0 interface 52 has no altsetting 0
[  663.283473][ T3553] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  663.301000][ T3553] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  663.321180][ T3553] usb 5-1: Product: syz
[  663.321202][ T3553] usb 5-1: Manufacturer: syz
[  663.321219][ T3553] usb 5-1: SerialNumber: syz
[  663.325794][ T3553] usb 5-1: config 0 descriptor??
[  663.395183][   T13] usb 4-1: USB disconnect, device number 95
[  663.452342][T12947] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  663.458882][T12947] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  663.512089][T12947] vhci_hcd vhci_hcd.0: Device attached
[  663.531321][T12948] vhci_hcd: connection closed
[  663.549061][ T1215] vhci_hcd: stop threads
[  663.680532][T12958] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  663.806361][ T3553] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  663.928104][ T1215] vhci_hcd: release socket
[  663.952575][ T3553] synaptics_usb: probe of 5-1:0.52 failed with error -5
[  664.067429][ T1215] vhci_hcd: disconnect device
[  664.257614][ T3553] usb 5-1: USB disconnect, device number 95
[  664.411385][ T3550] Bluetooth: hci0: command 0x0401 tx timeout
[  664.451294][ T3552] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  664.592859][T12972] loop4: detected capacity change from 0 to 256
[  664.622234][T12967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2559'.
[  664.681764][T12972] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  664.694041][ T3552] usb 3-1: Using ep0 maxpacket: 32
[  664.743387][T12974] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2561'.
[  664.761309][   T26] audit: type=1804 audit(1719528277.809:122): pid=12974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2561" name="/root/syzkaller.bzbM20/224/bus" dev="sda1" ino=2026 res=1 errno=0
[  664.837005][ T3553] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  664.961871][ T3552] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  665.075127][ T3552] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  665.170958][ T3552] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  665.451883][ T3552] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  665.486025][ T3552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.566860][ T3552] usb 3-1: Product: syz
[  665.605498][ T3552] usb 3-1: Manufacturer: syz
[  665.673124][ T3552] usb 3-1: SerialNumber: syz
[  665.682139][    T7] Bluetooth: hci3: command 0x0405 tx timeout
[  665.802943][T12984] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2564'.
[  665.821776][T12984] nbd: must specify a size in bytes for the device
[  665.843258][ T3550] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  665.912338][T12990] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  665.918879][T12990] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  665.928080][T12990] vhci_hcd vhci_hcd.0: Device attached
[  665.941544][ T3553] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  665.950736][ T3553] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.967338][ T3553] usb 2-1: config 0 descriptor??
[  665.992808][T12991] vhci_hcd: connection closed
[  665.994761][ T3939] vhci_hcd: stop threads
[  666.008214][ T3939] vhci_hcd: release socket
[  666.012963][ T3939] vhci_hcd: disconnect device
[  666.014940][ T3553] gspca_main: cpia1-2.14.0 probing 0813:0001
[  666.031367][ T3552] cdc_ncm 3-1:1.0: bind() failure
[  666.039252][ T3552] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  666.050031][ T3552] cdc_ncm 3-1:1.1: bind() failure
[  666.058366][ T3552] usb 3-1: USB disconnect, device number 95
[  666.091290][ T3550] usb 4-1: Using ep0 maxpacket: 32
[  666.211362][T10012] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  666.219080][ T3550] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  666.230336][ T3550] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  666.240447][ T3550] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  666.411460][ T3550] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  666.420557][ T3550] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.428632][ T3550] usb 4-1: Product: syz
[  666.432969][ T3550] usb 4-1: Manufacturer: syz
[  666.437564][ T3550] usb 4-1: SerialNumber: syz
[  666.461294][ T3553] gspca_cpia1: usb_control_msg 03, error -32
[  666.511693][ T3553] cpia1 2-1:0.0: unexpected state after lo power cmd: b6
[  666.731934][T10012] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  666.741068][T10012] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.758414][T10012] usb 1-1: config 0 descriptor??
[  666.867160][T13002] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  667.031549][ T3553] gspca_cpia1: usb_control_msg 02, error -71
[  667.101690][ T3553] gspca_cpia1: usb_control_msg 05, error -71
[  667.192102][ T3550] cdc_ncm 4-1:1.0: bind() failure
[  667.302397][ T3553] cpia1 2-1:0.0: unexpected systemstate: b6
[  667.414104][ T3550] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  667.441760][ T3553] usb 2-1: USB disconnect, device number 101
[  667.450662][ T3550] cdc_ncm 4-1:1.1: bind() failure
[  667.476346][ T3550] usb 4-1: USB disconnect, device number 96
[  667.629069][T13005] loop1: detected capacity change from 0 to 2048
[  667.661254][ T3552] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  667.783046][T13005] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  667.841364][T13005] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  667.864271][T13005] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  667.879496][T13005] EXT4-fs (loop1): This should not happen!! Data will be lost
[  667.879496][T13005] 
[  667.898542][T13005] EXT4-fs (loop1): Total free blocks count 0
[  667.901128][ T3552] usb 3-1: Using ep0 maxpacket: 8
[  667.914257][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2571'.
[  667.940169][T13005] EXT4-fs (loop1): Free/Dirty block details
[  667.955477][T13005] EXT4-fs (loop1): free_blocks=2415919104
[  667.979088][T13005] EXT4-fs (loop1): dirty_blocks=16
[  667.995730][T13005] EXT4-fs (loop1): Block reservation details
[  668.016500][T13005] EXT4-fs (loop1): i_reserved_data_blocks=1
[  668.021380][ T3552] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  668.030553][ T3552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  668.057762][ T3552] usb 3-1: config 0 has no interface number 0
[  668.066875][ T3552] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  668.089390][ T3552] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  668.109899][ T3552] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  668.136847][ T3552] usb 3-1: config 0 interface 52 has no altsetting 0
[  668.301400][ T3552] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  668.325350][ T3552] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  668.356587][ T3552] usb 3-1: Product: syz
[  668.366743][T13020] loop1: detected capacity change from 0 to 2048
[  668.380118][ T3552] usb 3-1: Manufacturer: syz
[  668.385241][ T3552] usb 3-1: SerialNumber: syz
[  668.416881][ T3552] usb 3-1: config 0 descriptor??
[  668.476760][T13020] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  668.549240][   T26] audit: type=1804 audit(1719528281.619:123): pid=13020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2574" name="/root/syzkaller.PBg7JS/184/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  668.588918][T13020] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2574'.
[  668.681911][ T3552] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  668.690728][ T3552] synaptics_usb: probe of 3-1:0.52 failed with error -5
[  668.898104][T10012] usb 1-1: USB disconnect, device number 94
[  668.955274][ T3552] usb 3-1: USB disconnect, device number 96
[  669.002787][T13031] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2577'.
[  669.023356][T13031] nbd: must specify a size in bytes for the device
[  669.121268][T13037] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  669.127832][T13037] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  669.150652][T13029] loop4: detected capacity change from 0 to 8192
[  669.152419][T13037] vhci_hcd vhci_hcd.0: Device attached
[  669.208288][T13029]  loop4: p1 p2 p3
[  669.223854][T13039] vhci_hcd: connection closed
[  669.227496][  T154] vhci_hcd: stop threads
[  669.240986][  T154] vhci_hcd: release socket
[  669.260649][  T154] vhci_hcd: disconnect device
[  669.275484][ T1215] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.312247][T13038] ip6gretap0 speed is unknown, defaulting to 1000
[  669.331270][   T13] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  669.359863][ T1215] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.457095][ T1215] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.552750][ T1215] bond0: (slave netdevsim0): Releasing backup interface
[  669.575658][ T1215] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.587069][   T13] usb 4-1: Using ep0 maxpacket: 32
[  669.676859][T13038] chnl_net:caif_netlink_parms(): no params data found
[  669.716874][   T13] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  669.761196][ T3553] Bluetooth: hci0: command 0x0401 tx timeout
[  669.781873][   T13] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  669.934390][T13055] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  670.008118][ T3550] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  670.211719][   T23] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  670.451278][ T3550] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  670.473305][ T3550] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.486317][   T13] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  670.515180][ T3550] usb 3-1: config 0 descriptor??
[  670.557533][T13038] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.567667][ T3550] gspca_main: cpia1-2.14.0 probing 0813:0001
[  670.573762][   T23] usb 1-1: Using ep0 maxpacket: 32
[  670.600899][T13038] bridge0: port 1(bridge_slave_0) entered disabled state
[  670.616899][T13038] device bridge_slave_0 entered promiscuous mode
[  670.667263][T13038] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.687912][T13038] bridge0: port 2(bridge_slave_1) entered disabled state
[  670.697114][T13038] device bridge_slave_1 entered promiscuous mode
[  670.711475][   T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  670.725739][   T13] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  670.736089][   T23] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  670.738841][   T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.754945][   T13] usb 4-1: Product: syz
[  670.759122][   T13] usb 4-1: Manufacturer: syz
[  670.762659][   T23] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  670.764300][   T13] usb 4-1: SerialNumber: syz
[  670.820814][T13038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  670.912383][T13067] loop4: detected capacity change from 0 to 2048
[  670.935163][T13038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  670.944949][T10012] ip6gretap0 speed is unknown, defaulting to 1000
[  670.964160][T10012] ==================================================================
[  670.972674][T10012] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430
[  670.979892][T10012] Read of size 4 at addr ffff88801f14c0d8 by task kworker/1:11/10012
[  670.987962][T10012] 
[  670.990297][T10012] CPU: 1 PID: 10012 Comm: kworker/1:11 Not tainted 5.15.161-syzkaller #0
[  670.998718][T10012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  671.008780][T10012] Workqueue: infiniband ib_cache_event_task
[  671.014675][T10012] Call Trace:
[  671.017947][T10012]  <TASK>
[  671.020965][T10012]  dump_stack_lvl+0x1e3/0x2d0
[  671.025654][T10012]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  671.031274][T10012]  ? _printk+0xd1/0x120
[  671.035421][T10012]  ? __wake_up_klogd+0xcc/0x100
[  671.040267][T10012]  ? panic+0x860/0x860
[  671.044330][T10012]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  671.049846][T10012]  print_address_description+0x63/0x3b0
[  671.055418][T10012]  ? siw_query_port+0x342/0x430
[  671.060277][T10012]  kasan_report+0x16b/0x1c0
[  671.064788][T10012]  ? siw_query_port+0x342/0x430
[  671.069639][T10012]  siw_query_port+0x342/0x430
[  671.074321][T10012]  ? ib_query_port+0x5cd/0x770
[  671.079125][T10012]  ib_cache_update+0x1a8/0xaf0
[  671.083916][T10012]  ? ib_cache_setup_one+0x5a0/0x5a0
[  671.089110][T10012]  ? read_lock_is_recursive+0x10/0x10
[  671.094490][T10012]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  671.100473][T10012]  ? print_irqtrace_events+0x210/0x210
[  671.105926][T10012]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  671.111819][T10012]  ib_cache_event_task+0xef/0x1e0
[  671.116862][T10012]  process_one_work+0x8a1/0x10c0
[  671.121817][T10012]  ? worker_detach_from_pool+0x260/0x260
[  671.127447][T10012]  ? _raw_spin_lock_irqsave+0x120/0x120
[  671.132984][T10012]  ? kthread_data+0x4e/0xc0
[  671.137482][T10012]  ? wq_worker_running+0x97/0x170
[  671.142503][T10012]  worker_thread+0xaca/0x1280
[  671.147201][T10012]  kthread+0x3f6/0x4f0
[  671.151272][T10012]  ? rcu_lock_release+0x20/0x20
[  671.156116][T10012]  ? kthread_blkcg+0xd0/0xd0
[  671.160698][T10012]  ret_from_fork+0x1f/0x30
[  671.165120][T10012]  </TASK>
[  671.168129][T10012] 
[  671.170441][T10012] Allocated by task 9761:
[  671.174756][T10012]  ____kasan_kmalloc+0xba/0xf0
[  671.179510][T10012]  __kmalloc_node+0x199/0x390
[  671.184177][T10012]  kvmalloc_node+0x80/0x140
[  671.188667][T10012]  alloc_netdev_mqs+0x85/0xc10
[  671.193422][T10012]  rtnl_create_link+0x2e9/0x9c0
[  671.198269][T10012]  rtnl_newlink+0x13d2/0x2070
[  671.202937][T10012]  rtnetlink_rcv_msg+0x993/0xee0
[  671.207861][T10012]  netlink_rcv_skb+0x1cf/0x410
[  671.212612][T10012]  netlink_unicast+0x7b6/0x980
[  671.217375][T10012]  netlink_sendmsg+0xa30/0xd60
[  671.222129][T10012]  __sys_sendto+0x564/0x720
[  671.226635][T10012]  __x64_sys_sendto+0xda/0xf0
[  671.231298][T10012]  do_syscall_64+0x3b/0xb0
[  671.235702][T10012]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  671.241596][T10012] 
[  671.243922][T10012] Freed by task 1215:
[  671.247899][T10012]  kasan_set_track+0x4b/0x80
[  671.252487][T10012]  kasan_set_free_info+0x1f/0x40
[  671.257412][T10012]  ____kasan_slab_free+0xd8/0x120
[  671.262427][T10012]  slab_free_freelist_hook+0xdd/0x160
[  671.267787][T10012]  kfree+0xf1/0x270
[  671.271582][T10012]  device_release+0x91/0x1c0
[  671.276167][T10012]  kobject_put+0x224/0x460
[  671.280574][T10012]  netdev_run_todo+0xaaf/0xc40
[  671.285330][T10012]  ip6gre_exit_batch_net+0x41a/0x460
[  671.290610][T10012]  cleanup_net+0x763/0xb60
[  671.295020][T10012]  process_one_work+0x8a1/0x10c0
[  671.299953][T10012]  worker_thread+0xaca/0x1280
[  671.304625][T10012]  kthread+0x3f6/0x4f0
[  671.308684][T10012]  ret_from_fork+0x1f/0x30
[  671.313093][T10012] 
[  671.315406][T10012] The buggy address belongs to the object at ffff88801f14c000
[  671.315406][T10012]  which belongs to the cache kmalloc-cg-4k of size 4096
[  671.329708][T10012] The buggy address is located 216 bytes inside of
[  671.329708][T10012]  4096-byte region [ffff88801f14c000, ffff88801f14d000)
[  671.343059][T10012] The buggy address belongs to the page:
[  671.348699][T10012] page:ffffea00007c5200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801f148000 pfn:0x1f148
[  671.360142][T10012] head:ffffea00007c5200 order:3 compound_mapcount:0 compound_pincount:0
[  671.368476][T10012] memcg:ffff88807df45b01
[  671.372709][T10012] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  671.380688][T10012] raw: 00fff00000010200 ffffea0001187e08 ffffea0001e3da08 ffff888011c4c280
[  671.389263][T10012] raw: ffff88801f148000 0000000000040003 00000001ffffffff ffff88807df45b01
[  671.397836][T10012] page dumped because: kasan: bad access detected
[  671.404233][T10012] page_owner tracks the page as allocated
[  671.409930][T10012] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2962, ts 24667404956, free_ts 24658757515
[  671.429106][T10012]  get_page_from_freelist+0x322a/0x33c0
[  671.434646][T10012]  __alloc_pages+0x272/0x700
[  671.439229][T10012]  new_slab+0xbb/0x4b0
[  671.443293][T10012]  ___slab_alloc+0x6f6/0xe10
[  671.447883][T10012]  __kmalloc_node+0x1fa/0x390
[  671.452550][T10012]  kvmalloc_node+0x80/0x140
[  671.457059][T10012]  seq_read_iter+0x1fe/0xd10
[  671.461640][T10012]  vfs_read+0xa9f/0xe10
[  671.465793][T10012]  ksys_read+0x1a2/0x2c0
[  671.470025][T10012]  do_syscall_64+0x3b/0xb0
[  671.474450][T10012]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  671.480337][T10012] page last free stack trace:
[  671.484997][T10012]  free_unref_page_prepare+0xc34/0xcf0
[  671.490448][T10012]  free_unref_page+0x95/0x2d0
[  671.495116][T10012]  __unfreeze_partials+0x1b7/0x210
[  671.500231][T10012]  put_cpu_partial+0x132/0x1a0
[  671.504985][T10012]  ___cache_free+0xe3/0x100
[  671.509495][T10012]  qlist_free_all+0x36/0x90
[  671.513990][T10012]  kasan_quarantine_reduce+0x162/0x180
[  671.519443][T10012]  __kasan_slab_alloc+0x2f/0xc0
[  671.524287][T10012]  slab_post_alloc_hook+0x53/0x380
[  671.529386][T10012]  kmem_cache_alloc+0xf3/0x280
[  671.534137][T10012]  getname_flags+0xb8/0x4e0
[  671.538634][T10012]  do_sys_openat2+0xd2/0x500
[  671.543212][T10012]  __x64_sys_openat+0x243/0x290
[  671.548062][T10012]  do_syscall_64+0x3b/0xb0
[  671.552474][T10012]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  671.558357][T10012] 
[  671.560665][T10012] Memory state around the buggy address:
[  671.566281][T10012]  ffff88801f14bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.574327][T10012]  ffff88801f14c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.582372][T10012] >ffff88801f14c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.590418][T10012]                                                     ^
[  671.597339][T10012]  ffff88801f14c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.605393][T10012]  ffff88801f14c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  671.613438][T10012] ==================================================================
[  671.621481][T10012] Disabling lock debugging due to kernel taint
[  671.635586][   T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  671.645327][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.655151][   T23] usb 1-1: Product: syz
[  671.661257][   T23] usb 1-1: Manufacturer: syz
[  671.667229][T13038] team0: Port device team_slave_0 added
[  671.671091][   T23] usb 1-1: SerialNumber: syz
[  671.681185][ T3550] gspca_cpia1: usb_control_msg 03, error -32
[  671.689150][T13038] team0: Port device team_slave_1 added
[  671.700473][T13067] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  671.709123][T10012] Kernel panic - not syncing: KASAN: panic_on_warn set ...