last executing test programs:

3m55.673521226s ago: executing program 2 (id=3):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r1, &(0x7f0000000600)=""/161, 0xa1, 0x40)

3m54.565132445s ago: executing program 2 (id=6):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x203, 0xfffd, 0xffffffffffffffff, 0x200000000000008, 0xfffffffffffffffd, 0x200, 0x8, 0x2c, 0x80000005, 0x1})
ioctl$SNDRV_PCM_IOCTL_DELAY(r2, 0x80084121, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

3m53.629647401s ago: executing program 2 (id=9):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x2000, 0x20)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

3m53.347822133s ago: executing program 2 (id=13):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=@newsa={0xfc, 0x16, 0x633, 0x0, 0x80000000, {{@in=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@remote, 0x4d2, 0x32}, @in6=@loopback, {}, {0x5, 0x3, 0x0, 0x5}, {0x4}, 0x2, 0x2, 0xa, 0x4, 0x18}, [@mark={0xc, 0x15, {0x35075c, 0x1}}]}, 0xfc}}, 0x0)

3m48.956826837s ago: executing program 2 (id=23):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001680))
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x0, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0)

3m48.640618092s ago: executing program 32 (id=23):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001680))
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x0, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0)

3m6.392474824s ago: executing program 5 (id=214):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6(0xa, 0x80001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1}, 0x50)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000380)=ANY=[], 0x190)

3m5.731944557s ago: executing program 5 (id=217):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@gettfilter={0x2c, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x7, 0xc}, {0x0, 0xfff1}, {0x7, 0x2}}, [{0x8, 0xb, 0x2d}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4041080)

3m5.556354581s ago: executing program 5 (id=222):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x401)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000005c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
write$eventfd(r2, &(0x7f0000000080)=0xfffffffffffffffe, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)

3m4.063544251s ago: executing program 5 (id=229):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0xcbff9000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000500)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000000)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

3m2.71590133s ago: executing program 5 (id=233):
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, &(0x7f0000000100)=0x800000, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES16, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180600000000001700000000000000001812", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70700"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
ptrace(0x10, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

3m2.419723094s ago: executing program 5 (id=236):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents(r0, &(0x7f0000000140)=""/143, 0x8f)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[], 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}})

2m47.031994432s ago: executing program 33 (id=236):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents(r0, &(0x7f0000000140)=""/143, 0x8f)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[], 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}})

2m31.955104686s ago: executing program 6 (id=326):
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
socket$inet6(0x10, 0x2, 0x4)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)

2m31.66689838s ago: executing program 6 (id=380):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x21831002, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r3, r0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x18d042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0)

2m31.386418342s ago: executing program 6 (id=382):
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0)
syz_usb_connect(0x6, 0x2d, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
sync()

2m16.247770071s ago: executing program 34 (id=382):
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0)
syz_usb_connect(0x6, 0x2d, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
sync()

14.66344831s ago: executing program 7 (id=965):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
syz_emit_ethernet(0x74, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, 0x0, 0x0}, 0x94)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0)
ioctl$FBIO_WAITFORVSYNC(r2, 0x40044620, 0x0)

13.356127645s ago: executing program 7 (id=968):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000bc0)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="1e09cb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

10.012003835s ago: executing program 0 (id=975):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x5, 0xe3}]}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x2)

9.80945075s ago: executing program 7 (id=978):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close(0x3)
close(0x4)

8.874552006s ago: executing program 0 (id=981):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000300)=@filter={'filter\x00', 0xe, 0x4, 0x2d0, 0xffffffff, 0xd0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000, 0xff, 'pim6reg1\x00', 'team0\x00', {0xff}, {0xff}, 0x16, 0x0, 0xa0}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x51102ef484f1ccf, 0x6, 0x1, 0x4, 0x1], 0x0, 0x4}, {0x4, [0x2, 0x1, 0x0, 0x6, 0x1, 0x2], 0x6, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @random="194eb9ca0425", 0x46, 0x5, [0x23, 0x1b, 0x23, 0x32, 0x14, 0x12, 0x18, 0x2f, 0x3d, 0x27, 0x0, 0x4, 0x0, 0x6, 0x14, 0xe], 0x0, 0x80000001, 0x4}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000040), 0x4)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x0, 0x0, 0x0, '\x00', [{}]}, 0x1)
removexattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)=@known='system.posix_acl_access\x00')
pipe2$watch_queue(0x0, 0x80)
fcntl$getownex(r1, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
sched_setattr(r2, &(0x7f0000000500)={0x38, 0x0, 0x6, 0xe2, 0x0, 0x401, 0x4, 0x2, 0x366, 0x19}, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000009140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a30bf328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d12e7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13776204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edcd3f35cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x2000}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f00000007c0)="91f642c8806e5fac6c7396a8b89f75286ee3471d2868b7e5dd8cb71fb3c1021f302254a354e253e89479249f0f2e24bae4941bafa3e8a1dff252ec25236d94cc410f21f43f98912edaed66316bdecc1f16a6ffe5ce4670f7b4db6f2b1447ae3225db086e2f1f8555384b8b8945ac390697fc365bf8431c6ea9809dc731457c8eaae48629901508a6f43a3e1f939b72e9640082028678f2573dceeb4e63f23b71c3318f504b836393930f35db23e5828d88302003e5a157251b6f5f847f54d359a5ae83e57e8c94583c90541626d2f53d63f685c281dec64acbe87808a493dd436cdcbd7ecf097b6e2796263e177a9357259030985a14bdfda63e7f5f929f3d68b40dc237d1b3091c9dad8eadc47d6c16a12cfc95982d2b57146c985e7210646995b1a6fcd1743e958b08ece59f4a327023408f8a6b7f975dccb0805109dc6b3950a35779ae028f32f091b6986bdf218f79255fa61a2eca8f7698c6b8b4fab554b68b0770d9cead8b93d576da4307cc7ceaf8516b790638c19c6a345fb1b9aba8b950afd0a050b712f189261c15a199dc63919f7ea8c1b287814a009ac21e7881eacfe8d8de632e62dfb567facad709ffb5219f39f61697c7107c8c40d9054fc4a4303722c81721d26d40308654900a08c7171d87e554c7d7cd661fd23824dcb39f5f97518ba6312d712c0c0e86ee4c114a65d8baeae23f09b2fff4a3056bad6b6d2ad67fc41a8511177bcbce5a342d4fcb81d41fc2b7b9518fd36f8803ba5c34458061ad5deb6e6e973ffefe72c83d9d38ec77769bb17d59fc54011f9df0139f63c8d0ebbe2b7740fdd0c18f505224d9e03075f1b53d9b5ffd548ef563eab6b385bceee01579da37030d407e5829222437fda930d890b48b174af52a9b4626fd9e3f9ba54ecdefcc3ac109448ed6738f3cd5ff53b94130a965ddaf4a8aaa6ddaeb8485de163af08c75e87b6b798f3d8f28e9b4b71f4e5be23d4ee07c42790a2edbbd8fcf597b6ccf129c06d2ed130be6c1da8b2f66e485cb530b0761cbd11fb5ed4d41ae9dedfabc110b86b36dab0e40b422611ec97dfd6efb5c7a6f00c1600f42dab5233e4d76d319e8db188988f9369b8e2ebb201b40a18076ff4a222e8dd3fe4f6652ac5610f5e1e4e9965bf8f7bf2aca43e38c24353a571047a2924f0baa79f66b477f1720a5f02392199a3047382f93602b007c281d7e7d2f542e8ebad9e6a36746a4bf5a380d8c025372d00057df8251870e40d0eea49c6bb28fbc93b7d5defa7ba417253f9304309574ceb7493d2ec90625e52abc7cbb121320fa10c433944eae564874203a1b751a2aac3ae7004b2a9f0ce1ca66243ba030652ee4f31b30598d86ccdaeeb8b32824830ff5f4262c2909d6923d083a47fbb78b98bbc43671ab2b801ef776547a281d0364ad82468ccbea704f757b0612a648d1e62cf8109dfb4081f8dfdd236357454709c01530e214ab3ad615874fa629b51ed84d9d66d2b1f6d342edaee1b1fd54db2d3754ea1bd74ba6732edd5c00b621ba37ac971ec11bce89bd51a666631ecd91de60560f52b0552abf21d3a4e5c79884489bb56305132446868d40984a4b8a885cdd865abac22afe5d10ea0b7c15050ece0446d84130af727daf682ea29bde7bcd5acba44d54952d227022939524cd85876d1b120e1a88329d26288d3e4a636645d3f0f4a88503ebf1a77275c910d904e05fbfa3ee2c3f19e718cd7465b9f95a88521bf1c460321e3a57f239adddc46ba90c9433c1d277d6c55e78c9438c8a8dff28f89936c4646cb0c75c5403c4b2c7703f9806cc6ae22460dcea64827e1fd70e7554e2c4541a8edcda1d2c04df99bf51389bd3c0b16e27a6a52723567816c929be0e78f10217da580d40b9e912c825fae224a22bca7439a12f40e8e2b424ccc97860b980e0e54c872c4d03e1d31e8ef1eea331c575efa3a0923bbb80fd50217e7e364391c1343f87270eb798956eb9162fdcd5c10d6f810e53f1cef51270fe068d2f101b25bcd3a8b7077876452e2d8777d4c11094d4ad4dc7604626aebefdccc09daf723a1a055bbba4a5bd9279f2201eba945cef29c3462ab4fe771d83aa05383f42f5763a80ead6bc6ae01849b6ed4028faeb400449447aebf66942529222f34ac3fdc8f85d0182db33dc57ad849dc45b8ce8e41aace1d10277ca1eee5e02583fe4306c77c3eec7012504b2e34dbb0291843b52dbe669cb93d0552962a8b5455fc8fdca870065aee06f1f0d04af85eef580231c8336d1ce62bae106152dd27c28b16e153ac3af1d36528f2b850af8c188feb4c061dd2c6450b05a271a284f071f854571afc5b828e2e1e5351b286e1be409f48794772d3509bfb4ed709bf06b1af7ac0cb4e2afecb0f28516cda8aa9dacf12beaae7a244e1e6a9643d60d8edd87267265be94ce206b450dbf3306998124a3c29781a1939b54eff1471bd5d0a679755786ed87d3303531137d2c51af4c108172a4e8b83052045f05be931610b9e5754f816d26ba660d811a37c7d9003d0659dd86fb95832a0f197d3fbdf2578eb90411ecd00c535346cc88a323cfbdc1fc2e1070855edcbc3b66dffe0d6ca0d7f455e56e70153e5b0540ae19940cb54979219b74a04d5edd7823fba99b03d77d882b44878933fd2e22667f93ce866d6b82f51c503a9aa09a81b8d0ae0394804da44d53ce4f3eb84991558ff4e66b60ebdae037b398566be04b385afbfe45e77d93d50c0c62ed846eeff2d27d126a7d150d46c120465512efd593a6aae296200b562cd1113736a67152ff3db4d2c8fb310e4d9c62085f2609dceb435ee0b184d0c5b565f7d708c8a153ec845f003205ac7b3a82c607fcdbc5ff2a44837b32dfde5c2ca62e77916f37ca7aa433ec1a8ee57bf50a242ebaee1bad342fd935949a9dec7893f88b565128d0ccacf631dd10112315f33baf16360851beea0b4e2907fd04f1a44bf06f3498261c7e28b4faacc8d2df96e9b7b48f29516f8300acb600ff0d76e994d2a2cf3910547ba82d39c8320a70105f336a0500a5ed856ef2d0dead4fb36193142962a1bf866bb4fcbf9711d2df9f2eb5b80a4b1ae67ef29c9bb1bfb4d8aabeb3fe054b4f6b465eaa8333dcfdb6f28f4233bbe729d0f9e8abe5e7a6c67b5cfce4f572484264bf2cb5db58a8090bec33ee639bf722ac2657dc22d01bb754be4c27c18709eac1215f864ecd68d9b93dfa6e043ed26108daf5fbf09d20a3284736a8b6e88cb78541112b26cf8bd0881655a99bdf8da161be7b407bf8160bee5bc9b8fddb5961baf363dfce16be41af1014991ef2a518c114c8cc018489877a9ce0c382476c3a643c165dfd75187e76958d0321c239f72cda123fc5b4913e22610310721b9daa6ca64bdaacf40659eafce52a56ccdf538e94389b85c881361c5de06b87bd4bcc2e90a83db092dadb6023e6f2f0e59e079f8478219c978b67b74d1044f4130f8cc9ff12ff52e52ae14f4c4b0c12db7d6f4b14e1628101bc08413e7bc34061de4da864c76e18516a9be3cc9697848ff3011312c2c03529fcf65dda3b72a6ad2c4cb1a00cc33d0dabfbef0857a292a1d34145bd20a46ecb603ee5c69fe7f2732dc43385ec607906ab6665488d8bbba6bd1f5e2f24a84c3126b7a1994e8b500d318ddf1591443cad0763a7506428df06b745a418d314649edb74a6a6e71d61c045929d2115fad2ad00c30940a4dd9e4847977ee8b7483cdcd24424a50c1e72588cb49c60c72dcdaa2f87494690befe8dc8d1da45dbe07449e17fece2883b7b7f9dacff84c616ab97eb972a570cf7a2900e0ab63adfd245ad96cc80ab145627880cba86c83873cd656a6bfea105c5d31e657e10c9abc9ff52f2a0cae31feedc4cecd2eaf4421a2ab40b2d18a172e6c84007cbd21656984dc5a11efd76e0bff9254f796dc70f825747fcdc958b90f37cf2c812caa43da874fdc283a6aebb55a7def13f87a368a3d84bc917307508d3a3d99cfebd1c30d24720cc27c3622c82fe04e822df8ae5ff01f53b32a3d588b127472fdeb337f2b41457645c21f37725b0e8f17867049f22e2cd7895b1a015ec5b34214e6c921c0698f251280a40e95bc52b00ccd89014dd18c7ac5b5b7a4ea8fe00faee7317a14226e3b51de212ff8d9958ef83c53e25a9f6338a918f017ba62d20975ec0c751c79a341e65330b1a8f3e0eca7346cc97dd485d2b0d610eae3618608039949807fd285fa48ccc01b278e171c9d2255ba458be06abdd9db00e76babb9f7a66228fc7e3abeb278af90df9a4140d365c7b54062a28a10142e369d0a5972deffde6e9ab19e2afb42aa6cf84078c7e9112dda38f8e9ede11d0f1bace30244d3d536905eaa595530a56ac38493581274462858a4923b2bbaff35af9b012f106fb34a24b1a29feeb980cde472f5f5393e17fc0fa30c2bf53546478960ac68429363687a90dee420b5e5b5088085f88f955d358f3960c4459b77098cba401834a5efcfd39600f3e7f4ef5a9059eb6308dd903045bddef2d475d6d473bde94519e949b98528a48d2a73138771edd6773b2347fd6c223759bf827a5d7e8b9d786a6495bfe15d4b91ba150b26d2c218ea5151c995cc6d5a757e7edd35dc0b106a942a317003c19a1a08598c026eb89f557689fff2c383b5ece42157f97f0af89b21ec3703c4d99b3c1f422ad563a9059b252b3b7365ab711834dad56306ca3a26d0a8f5bbea6a3e2813fa9f5efdf961a1cf6373296842f9eb1c26cacc89200893d4df95bb91dd80fc4d0b926d41af3d5616b73c34424a26225da81249cd2c32127665e85bc696e2d8442f9021fcd3de8b8c3b1da9e2b8158b75a3cd364242be2fc86b771042b3bb6d96b1d199d1bcaa8eaa52ae9e1fc3a564b7122237d5b2de6e50e4110f6b9703554896851e56cecc785c905983bbb3457c06758d14d63791288c11ec79cdc5a16c7c303678e32aee4d7537fd96fdc2d9c6676fcca01152a22899388343b9eecb95d75c9ffd2ea5a09f52c07e13daa324c2c3115993bcd19a98cb6286750f4d3707d3376209a262fbe54266590081996f6dfce55305b8c52f0d9ece74cbe348217b5101aaf08a84d146b3f30eaff1665a98d5edd5903659a52ba965d59c25d67db8ad84d65b9c136159673aa75afbf4801b0c6129c8fa4bf8b0350695aadef3d8511da0527f320da50a0b8783c294cf70d0c9612ebbceefd6235f5171adf88d016acc2b0e80bad59ad0940e93cfc4d4eed72895f77134d2dbbaee6dacc34fc263841e37d016badba8079c78d020b267b2f89a8ede0e7ef3370f1bc008d4148a977631ec2a95a55c3020bdd9577ba32e89f707e349c333334312f364f7c12cfec6c1bb56ba6d09fcb5baf63978d90188d1900bae3103bb17eaba889c8a034c7f205f45e698cb719348d5cc136ff2a74696e69a4d94e0854feb5649d8163a5ddd2b1983080c35d7d1bf806f685431294dcdafea2e3776fbaaff6570f57302618b8052f251e03458d5bf2ba5a958992fdbc351d9f58e456694be9345ae4e6c2497309f6d37369d71ffd72ddb7089fb46401c1d3be30359397c3475b2f1436e3cc2e784cb68b02ca53091a596d27ad9f0f2781d9186e787b0c3696fa039ca25ad55c13bd2baf339106238f2722aa1ef0d65e4c13c3081ad42ecfe1e6d84d4a6b7954ff7283aa0dae24d8eb33a2969eb8c3a160d29ff126cd8537bf89c24f9aa2f5e8c20a8e98d2b7fddb1fd7591f31794d2637dd3ed9e901fd86b169f1748d46004ee2a3680cc87d27780475ad22035b691fb36c4c30b7f0312bbc4e7b88d3db858b31326c0c6881b738d508e477f040d279392795fa82d9889fa58b8e2ac0e1fe4d394fc8a2b562c9c4a4235ef194da5965e43645bf5ad05e36e8a8e3c2e67d666e396994c0f30a8527a00f99eaecff594053d74c03cef62910d75ec403c7d3367bb6d1ed6d38dee1ac2f868b1a134c4876bcd7290f8f6865a5c4b1b6c7e90b06ebb15a267e283ab221cd09a4784c62a2d60dd9d0c73fd7519127e0907c570e2e5b6f2618eafc3bae7e6f9a5f14769763876195856e67fcac870ee04bbd762688da4d228388fdd32632410072ff4be7f1e25a4b6a05ab20e5b98a05b226532e9f85671b5a404496bb7eff79f7f37fb4c130d88a9149f3b8b09769c1753a634c05e182d12ff68a0db434379ae4f24205c424fcaf6709409bb5e8680b58608ac02c3f95ee933bcb22a5e34f08231cbbd96f184df433d9dd67e1756c2eecff265bcd5e5942a0d2777404eb93a9dfe2ec5ae7d4d7de42e2c947083a8c3e91fd90cad20bd983580f604c112216cde407165baf107959b465dcf28ed7033eddbb412b044da5e2f62d551cc3575f1e464059e6c73b0951b30ad491869b5627ee8b3b95d6accce14c399f5fd5c36fdee83031bb0ff02f2e564e7e93fef6da9fae95f843c5dcd317218738ba05c6e07b07f85c864e0ab36691fc030a0abd2c449c1559204405a086fb9d96b14374e1adafd1162a8deb992a23751573659d64d8c6425ff909c1a25b359ff718919bcb0c5713f326ed66b422c355c30f4574bdf9e97e9538ee862e8a4739c03e77d4c0c22b8ad9d7e6631cd4c87c3cc8a8574d407cb162bc2851bcb600fc5604dfe6ea1a50ef5b907a80cba57358c2a8a0c13a0e32b2bd72e6180744ebaa638080de4370b5823d62430b326e7edae9e8ebb7aea5f8a5e915a8e96042fb6ac8a6b732fb623072969b91e984eba151fdb353ab0042e12dbec05401a49d12a6155ab926abf011db8a94d62a8318e41b30c870ac2133e1b0046836c6c11d9b8f2d5f3f2d7d65bac2e240b982b3fd27b0f09e60c9779742f10363710064d9e4b937b52cd7c7d1bce878fcf652de714e3a75e7436b55712a06df4586fd11b1151fb0c3f2d538c3ed3dd9c2806a5627c99c9ba39f9f7c16cace3a7b003a8937aac129ea41867430f83566871a49d1988ff359a5f802da72e87fb8795d4e7e77140c13f846a8d04434fb6524ec00dc4dfff4b5079c49a75f55b33c6071fd52fa9cfd6677dcd75b1e0174b88196e2c86e4d2b451869e9ea9bd13f436aa2d9fac6aa49fd8ecc3abfd1c1b47f592df6de931bd8d1aa1c2360e76156ce63faea2c25bd18c5019fe755df25ce87a5952cdfe77fdced1e9546643deda1a55c9fafaddc28456741ea877a063bf80bb379b01f76827882bb37426c5a20fbeee78d5f64aa2a7ccdb3f5bfe8bed79cd7ca9e7a5117e4b94bbd5182feb55cf77e4fa8c3332baaed9a4aabb3493ea15cc2ef35b52b680094b2aebacc75e659e5809f9f548278af0256a06a801a840e27548886b4a01a34adcb33a76ecb11465155ab8cbbcfcc3626a59d1ad9af8944ffa94564f679a2ec297f7995ab80978794f56fe68f5b11ecf60d46a36756ff7348da29c6261f164f5f0cabeb9ad1459d97aca708c56c10a70d6abced2aab1525aa172acdbeadc243e612a5e5197b3b822470a7aaeaacdf9072ddb190063db0d7bce649e4c5909f7d80c166c3d9f58792e2406ebe9c70ca91e25c6efcd8b71abf2b04e868d21e2cb7112e53f8982d72ab250db49dd9f21be14b1f39ee33a49ccdb7977fd1124a05fb2830215ff502caeb955c2ccc431764befa1404e3fc721090e78c54792bdc1847dab50bf7cde72beea5c4f9b5f7d2c7f72df4f2dc37312fa93c263a215251aa299fa0b669e1175d75128ac689eb8e85d46b63f70b6f4087fabe4e4cfd6b2c1d07ab0de8086f4bda9023442f4276a78ec19ced714ecd6f6ed5605675da3cb725ad879aade51f7e20cdaec4db634f5dc9d8794a4e325fcac97a031ec7f0d95efc0300b362bec79d9494de2374784c35c1cf56df594db65eb037e8495ca88637abd3457979fa37669364131d584637bf2c9de4f79e3d1ef8f6fc4a64d750870bbdf6d7fbc657e774885a0295a6c16399c875b49ffa8db86aee272a7e3bab7b6d0ef3b2f53b5c4e1b06f39b1a9169fe37071ec12acf08b4d52798733bf159ab2a9740ac18a94b483960b235442b042708045eaf1ca09271d32223fa593da9d56d554079e92c354891522b9723b49986fd7c26f6539576529feef94ddd2940da03723f1f28b47a0a249d7f780ef6103196d70aa2f6b99c51aeed3652137ae56edfa823744ba73ec3b4c9545600f6c95cb566270428042d00a48c4722374a8f046a9277a3adf2bdfd71101bd0aeab82c0a69422a89ecd3c6e51e1933e24886af1ee22eb4ecf7405ce4ee5442d572fec049824a2e08b1de05136d9db3f3de37e654d0f8ba98fe3390e64958da9f16c9cbd97b3cb6093e9f002fd9933712c63656f25dcaf8859851409f4ec1397d12925575afd80d16385429afff3c2d9e4ff57f99eb587e027eda9fe3b670ad9e1f98ec976bc7a9d1a15820262f98cb71eadfe2253bf168d021539bfe47e4831aff7179cf04ea15fb2d75fdae55f09c216f5c6e38cf8a45718b38b791c8b84567aa96c583fc16c53240cb1ed1ab5850bcd8722ec49ddb1c0adee86837d9d93fa4bc871b735d6d5176727de6ff35d057a9022491b06de06c7bb92e5455d199fd1e9c0351e8a3efdda9bb861fd856bcf691dac16aeddad403091a63d8749e105d86e67ff1280b0bed8c01e42743d23469ba2326ca32945ab3c8d703d5f710487a01aa133dc2f2689d6f7c24303d8df99ac70e246fbb99bb47fc252b18e97917857e5a5b09b30f5338ee1a63c72b92cd55cf47ab05d032e42fa4a5ebda82d6406e0322a3716253b997f7f650ca1f438b26fb0318099876c93766371fcf68bbcfc225ee01097ebc974b68890cea3ae0ca9c66c5a7384aae401969b0f257be0d8fa24547ff3feebaab9cf26216761a1b4febf48d35497f07f6d85fd6f54eb4dcdeac936d2af2af1a88cce61406059a5a097ed38f59ddf0d7650be449c7070c11ef4292e2aa846982dd55a5d32e4853357667cfb2a9b3890c95e268e16c2859b04e3dd5f2edeac86e84f37e92df8ec747f34185253d5debaa3240980fee2f63e917a46916c8e210a504ad341bb71e1ecb927beeaaaa59e6ea6c936c8b5bfb414f4b04857f3a2ec8fdc43524dffc1026f2bd09ce04f979ebd1c430303e7758a58fd592c8be07e4881a50fcd172baff48209a344c4b0908526b1e42962b874703782e1a3db4def184c53cd275f5474f98fbe2e2885c34f36739a52cd3b9c99c290c1a37bf091b1cd822bb5651cddaa256ea3b2de23ab7991b4728be1bccf1fa3c8ab8ee0b9d79ccb546a1c879b7f72b7e4d984097635f402ea07358fe49a0045d8eed146e44f928e2eaed60396a37655cfcae10b1ef50d343f3c84ed0de9ab0011b8aee0256782dafafd1d83323f03dd3a200fb165811b278a38a8fd256fb07589087a7fe0c40a0bb590bb8c315e6dd554430c0b69da8895ff111805652700cefa8b8b107f20c830dd6b8165ef29b2451fe45dcdf56da28099d00cd5f88a860ae374033e03e061184f7cf40421455cb2ae9e98fc5ff784a78e2ce29c3e548a21f80aa9bee5f78dc0abaf87dceba5bc4c4fd02e51852148a8b300d28f7a10e20b8b071613ce355f802ba7293474770f53ee651e97f5a0eeb5fcc52500c3d986d78a7583e4095ac29ecc4ef20a46c87113db7a1a3e1239712437e8e080f99875fd74e0fbe3ea87ccdfcc5ebebd1fb23eaf5181b43da158d43d722f447112bb1f562ecaee368a11f3f9dff80bab0e744a4db51077f6b37aff735967831af3872a51ab25e9468314ac0cd01706093e86c9561520f5b3757ea31781054eff28a1cf2ff4496d3a35112020c3d46b76374aad34266108863a1a5959fa3b910f7bb2ae4d4903c2bdfbd31a2868e907f603f176fb8a178c5691d8bf1cbc73867402043c9a4428e52a68ed198ff8d8002358af3676da1fc994698b96fb6674e64f91ab59d04000198544280ed784f7531f8f3b1251375ca4f66365d41d9c6faa2c1be90167504792a97873e96f5a0b933d2c73ce08e12db947959adfe84fb07754c2ba39a896bd1ef68b0152be78040f40d46e9204bca20981a739bd3f7a1e2bf95ab975cf70f4fca5cf532656682794614fbce18df9e0a912e103a2a76b6adac87a2d1813f844f031ce504554dd76ef1e99653f0f2b2f2e607c7817961405a6eba43ecba144e767da02070cd1c65708e5a39ff79efad6548b2f43455f5d47c27860e34bbeecd4422deebdf4535718bfc44f7f8fe96d59b4273f16fba46011e72d66b466ff0305976d1a9ce474ac7700b7d370da90de50334e04f08318a010dd664b587e3002653048b432bb7367e7dad57844f078b49ecd0ef3e7a8a7a891cd4baa1546f6c63b9aa7d6c57d23999173cc71779cb006e943f1a1fd1a779c3da8d191b794c6128aec9e3f225a8a98d78d63fa7e078979c50ea418d4a905be4a948950b67a1d0cd2b6d7b706bae9e6a353a071690c63348e8cf145be08221b8e28583bd5946b037dc5b26da4a26ef55e752091ec41f48e1382036b3f757d3cbef6e8b60e63b3ef261319e74858e4f4d2c3c69ee3ed1c23f9250932d6457e000ac91ba0c3f52568e80ddf9c233c255868f3d0edab3001cf64cbf6a8ee304ebadb32b24b7ad03a0e57a0383ceb23cbbc671b25b42f0b7c20f9b80decbdb4657afa772859a2a0cfd94b8b6960251147ed0b8715b0f88ca4920aec6b620d8cb5aff8f7568727913a7b775bc9e10d0f1091b087d03c2111d00e52912b8095e13997200676d0ad11e0d8eb13acdfba8c134f9d610081c72e6fe6db1e5529d51dc1ff7e261f0e534f4789934b53cc26ac2efc126a23c56308b179b0c91a3d8b23575891cf6e8a73d05dabc73805652e2e632daecb54cc09dd7599bcc45a4d4d8cf21f6db238dbca94d8b1ac0a0e04bdfded824bfecb5648131f56f9a8ba53a588d20320cc1d7f13b25e111f9ef55c582dada6956c18d88250ef0511fbefe33fcba89032316dfe05be2945bf959947ee420ec5a9f9cc188b89fb6a3db81cb0548238d06252bf647fd0506388d3ba14f88e7abd83df1bc750419aa62dd7bbaca5846e8faf83e7f8fcb77979d438da285660e3cd6ebd47d61711ff93309e9be0dcb26f2279deed85a32114d5a5c0acc8640a8db197d7d9e7ab3ef0300c3a189d63d32c242d04ac5800f830d51724d388e54884a9da539f63ffcc04e657a13e3a74ce54bfc95e14390b5aceec14589fdfbbaebde8cc5d41e52623d646efb9da0280a6cba0d5805d0b60d0f000865b047da7d824c9add1adb7e2530e9dc05123e3aec2bc3817d54f82d06620f20dd05fc10d8e6f7656c13d868b77e7ed9e11e4b3647a493cceeea7ed6dee546dcbc4699385aec0060553c2593ffa4d3dc8c200d8bc6c7eccbb92b0db7c3f79227e56a0650838760a9328f1a3519cf349899105915a778f85869e80debd75aa83b30c74dee8caddd78280719328fd86de44cae1c958a51bbe002109c1a65220573468db8603a76ed73d9e921c901f410d8eb2ac6a7cca858829bf317c877a173cbb759a3daeaac037ab42b5a4e5a58a3ac18286e0149bf77da131dbc7f539487b4120834b4a856005479a9b354adc68217d3fd835c0f446ddee422e", 0x2000, &(0x7f0000003500)={&(0x7f00000003c0)={0x50, 0x0, 0x7fffffff, {0x7, 0x29, 0x4, 0x400000, 0x7, 0x80, 0x8, 0x9, 0x0, 0x0, 0x10, 0x247}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.759248855s ago: executing program 1 (id=983):
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000240))
syz_open_dev$mouse(0x0, 0x1, 0x2000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000400)={0xf6, 0x2})

8.666128893s ago: executing program 0 (id=985):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000300), 0x100)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)={0x3, 0x0, 0x1, 0x1, 0x10800f61})

7.678858592s ago: executing program 0 (id=988):
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8841}, 0x40804)
prlimit64(0x0, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
socket$kcm(0x29, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1ff, 0x20000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='rpc_pipefs\x00', 0x10, 0x0)
chroot(&(0x7f0000000180)='./file0\x00')
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

7.370665847s ago: executing program 3 (id=990):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)

7.297724213s ago: executing program 4 (id=991):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x5}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x9}, @TCA_ACT_BPF_FD={0x0, 0x5, r1}]}, {0x4}, {0xffffffffffffffae}, {0xc}}}]}]}, 0x64}}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r5}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

7.296701513s ago: executing program 0 (id=1001):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
removexattr(&(0x7f0000000200)='./cgroup\x00', 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r2, r1, 0x0, 0x578410eb)
syz_open_dev$hiddev(0x0, 0x7, 0x20000)

6.71484893s ago: executing program 1 (id=992):
mkdirat(0xffffffffffffff9c, 0x0, 0x200)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
epoll_create1(0x0)
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207f0455c000d3d000000109022d0001000060020904000407030003000921000007012205000905810300040c020609050203"], 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="000e57"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

6.71442889s ago: executing program 3 (id=993):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
stat(0x0, 0x0)

3.675871804s ago: executing program 4 (id=994):
socket$nl_route(0x10, 0x3, 0x0)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x15, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0xfffffffffffffffc, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)
unshare(0x2000400)
pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x10001}, 0x0, &(0x7f0000000180)={0x1ff, 0x1000000000, 0x8, 0x2a03, 0x4000400000000000, 0xfffffffffffffffc, 0x6a1}, 0x0, 0x0)

3.674598334s ago: executing program 0 (id=1005):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000180))

3.614531429s ago: executing program 7 (id=995):
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000900)={@fallback, r0, 0xd, 0x2022}, 0x20)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)

3.572676183s ago: executing program 4 (id=996):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)

3.553502974s ago: executing program 1 (id=997):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3.376957609s ago: executing program 4 (id=998):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @loopback, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, 0xffffffffffffffff, 0x7}}, 0x48)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000003740)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@cswp={0x58, 0x114, 0x7, {{0x0, 0x9}, &(0x7f00000000c0)=0x4, 0x0, 0x606, 0x400000006, 0xf, 0x40, 0x72, 0x8000000000000000}}], 0x58, 0x90}, 0x0)

3.376174179s ago: executing program 3 (id=1010):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x400448e6, 0x0)
ioctl$sock_bt_hci(r1, 0x400448e6, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$sock_bt_hci(r1, 0x400448e7, &(0x7f0000000080))
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000180)='./bus\x00', 0x1, &(0x7f0000000100)=ANY=[], 0xfd, 0x1f8, &(0x7f0000000380)="$eJzsmb1uE0EQx/+792EnAiQaChqQiESQkvPdGVAaivACICV8dVjkiAKXGF2uSCIhYdHQ8Bi8AkWqFHR0tFAAEhIFLqkX7e7kbiG2hTGGIvOTvP7f7Nzszuh2LPnAMMyx5fOn7x9fXl9aXQBwIphDg+xfvdpHOv4fmiTev3qzderp/q/xtK+w8uB393Cw7KEkrZRS7twcfa9CVvoWJC6RvgOBiPR9SNwmnUHg3kmrH2lN9u4MiTyLHnTztYcbeRbrIdFDqoe2u74PoN8TWAPQpP0JZ357d+9xJ8+zwghZWwJ1uE7xs8/4YlTtfMDvL0tcc+qnd3H3xfOevj6sTezUL4FEQroNgRXSS2ggiiL9CNiSOPmf9ev43tD8HeFj/PxvBJMXS4sQVpxeHOW88FfW+kMRAviHi+pzOUmc3n8r1BSEcCwzWugDXVnO9PffHr3ryzQ3dn66KYN69pGpd7OTRQ7pjA/0qfunbrkXnf7kw6/6R6vcfNLa3t1b3NjsrGfr2Vaatq/Gl+P4StoyvdmOI/pf0/SnWSd+MMQ3FCF2OmVZJDtAWSTVdWpHp+OuvO5+M/dI0/8k5i/YGPpRMWk3Bq8h6GN/B7Wa94ZunmEYhmEYhmEYhmEYhmEYZizOQZh/QelFlVIKz+yMcklvGtuPAAAA//8nSFCd")

3.192869623s ago: executing program 1 (id=999):
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x20008001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffff9, 0x3, 0x0, 0x1, 0x100, 0x2, 0x1, 0x1, 0xfffffffe, 0x4, 0xe1cb, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]})

3.165706415s ago: executing program 3 (id=1000):
socket$tipc(0x1e, 0x5, 0x0)
keyctl$read(0xb, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x14, 0x0, 0x10, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4040000)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000000040)={&(0x7f0000001800)=[{0x8, 0x2800, 0x18, &(0x7f0000000180)="6a76c1b175920a71f6191f9737343e385b6d1ff480e12dd6"}], 0x1})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r2=>0x0})
r3 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r4=>0x0})
bind$can_raw(r3, &(0x7f0000000000)={0x1d, r4}, 0x10)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x0)

2.399375467s ago: executing program 4 (id=1002):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)

2.387952938s ago: executing program 7 (id=1003):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0xb4, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0xa0, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x16, 0xf2, 0x3, 0x7}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x44, 0x2, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x2, 0x0, 0x6, 0x80}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814)

2.074653813s ago: executing program 1 (id=1004):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
capset(0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x1)

1.686858605s ago: executing program 4 (id=1006):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'wg0\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0x8000, 0x4)
sendto$packet(r3, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)

1.180134085s ago: executing program 7 (id=1007):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x200}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000002000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x20)

646.543638ms ago: executing program 3 (id=1008):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close(0x3)
close(0x4)

385.140389ms ago: executing program 3 (id=1009):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000100), 0x7663, 0x8002)
ioctl$VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f00000001c0)={0xb2, 0x34324142, 0x1, @stepwise={0x0, 0x2, 0x1, 0x2000000, 0x4, 0x3}})
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=1011):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
syz_usbip_server_init(0x3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x100000000000000, 0x20000000000, 0x1, 0x4, 0x0, 0x71e, 0x4a}, 0x0, &(0x7f0000000000)={0x3ff, 0x4, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x8, 0xfffffffffffffffe}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ansport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.766798][ T4462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.781483][ T4462] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.788935][ T4462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.816171][ T4462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.957691][ T4462] device hsr_slave_0 entered promiscuous mode
[   80.973071][ T4462] device hsr_slave_1 entered promiscuous mode
[   80.991783][ T4462] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.011679][ T4462] Cannot create hsr debugfs directory
[   81.441190][ T4324] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   81.450336][ T4562] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   81.509698][ T4324] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   81.528041][ T4569] loop1: detected capacity change from 0 to 1024
[   81.578214][ T4569] EXT4-fs: Ignoring removed nomblk_io_submit option
[   81.648212][ T4569] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   81.698704][ T4462] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   81.714157][ T4569] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   81.748024][ T4462] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   81.778463][ T4551] loop0: detected capacity change from 0 to 32768
[   81.784470][ T4462] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   81.817988][ T4462] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   81.858164][ T4569] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   82.120184][ T4551] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   82.131928][ T4264] EXT4-fs (loop1): unmounting filesystem.
[   82.417575][   T26] audit: type=1800 audit(1755594844.871:3): pid=4551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.43" name="file1" dev="loop0" ino=17058 res=0 errno=0
[   82.797529][ T4268] Bluetooth: hci0: command 0x0419 tx timeout
[   82.800780][ T4462] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.855907][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   82.874942][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   82.906880][ T4595] program syz.4.52 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   82.945335][ T4462] 8021q: adding VLAN 0 to HW filter on device team0
[   82.990599][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   83.030341][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.054949][ T4381] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.062156][ T4381] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.069314][ T4574] loop3: detected capacity change from 0 to 32768
[   83.127297][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   83.154295][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   83.164130][ T4574] XFS (loop3): Mounting V5 Filesystem
[   83.190160][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.228164][ T4422] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.235372][ T4422] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.314136][ T4551] syz.0.43 (4551) used greatest stack depth: 18504 bytes left
[   83.337257][ T4574] XFS (loop3): Ending clean mount
[   83.383353][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   83.403405][   T26] audit: type=1800 audit(1755594845.851:4): pid=4574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.49" name="file1" dev="loop3" ino=9286 res=0 errno=0
[   83.474236][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   83.506427][   T26] audit: type=1800 audit(1755594845.851:5): pid=4574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.49" name="file1" dev="loop3" ino=9286 res=0 errno=0
[   83.557853][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   83.593030][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.604377][ T4277] ocfs2: Unmounting device (7,0) on (node local)
[   83.632308][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   83.666148][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.692247][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   83.707387][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.744148][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   83.763487][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.786421][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   83.824477][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   84.043363][ T4272] XFS (loop3): Unmounting Filesystem
[   84.271518][ T4614] loop4: detected capacity change from 0 to 32768
[   84.315491][ T4614] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.54 (4614)
[   84.433586][ T4617] loop1: detected capacity change from 0 to 32768
[   84.437083][ T4614] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   84.479345][ T4617] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.56 (4617)
[   84.514068][ T4614] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[   84.566746][ T4614] BTRFS info (device loop4): setting nodatacow, compression disabled
[   84.603664][ T4614] BTRFS info (device loop4): max_inline at 0
[   84.606639][ T4617] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   84.646756][ T4617] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[   84.648320][ T4614] BTRFS info (device loop4): enabling disk space caching
[   84.692535][ T4462] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.726309][ T4617] BTRFS info (device loop1): using free space tree
[   84.734384][ T4614] BTRFS info (device loop4): turning off barriers
[   84.755902][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   84.765766][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   84.771404][ T4614] BTRFS info (device loop4): turning on flush-on-commit
[   84.807345][ T4614] BTRFS info (device loop4): doing ref verification
[   84.834332][ T4614] BTRFS info (device loop4): force clearing of disk cache
[   84.879363][ T4614] BTRFS info (device loop4): enabling ssd optimizations
[   84.887677][ T4614] BTRFS info (device loop4): max_inline at 4096
[   84.901037][ T4634] loop0: detected capacity change from 0 to 8192
[   84.904194][ T4614] BTRFS info (device loop4): disk space caching is enabled
[   85.066691][ T3597] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   85.134913][ T4614] BTRFS info (device loop4): rebuilding free space tree
[   85.149836][ T4617] BTRFS info (device loop1): enabling ssd optimizations
[   85.208647][   T26] audit: type=1800 audit(1755594847.661:6): pid=4617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.56" name="file1" dev="loop1" ino=260 res=0 errno=0
[   85.258872][ T3597] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.298717][ T3597] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   85.307953][ T4614] BTRFS info (device loop4): disabling free space tree
[   85.317202][ T4614] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   85.326724][ T3597] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.347600][ T4614] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   85.367702][ T3597] usb 4-1: config 0 descriptor??
[   85.484983][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   85.512579][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   85.572644][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   85.591407][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   85.601834][ T3597] usbhid 4-1:0.0: can't add hid device: -71
[   85.613765][ T3597] usbhid: probe of 4-1:0.0 failed with error -71
[   85.629945][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   85.651932][ T3597] usb 4-1: USB disconnect, device number 2
[   85.652716][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   85.683714][ T4462] device veth0_vlan entered promiscuous mode
[   85.712891][ T4462] device veth1_vlan entered promiscuous mode
[   85.740089][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   85.794086][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   85.837630][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   85.845245][ T4266] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   85.855356][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.871393][ T4264] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   85.884767][ T4462] device veth0_macvtap entered promiscuous mode
[   85.908315][ T4462] device veth1_macvtap entered promiscuous mode
[   86.009008][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.042581][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.066193][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.093807][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.113961][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.136198][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.155883][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.176767][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.205922][ T3597] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   86.208695][ T4462] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.232564][ T4347] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   86.257033][ T4347] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   86.280461][ T4347] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.293714][ T4347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.328033][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.381720][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.396677][ T3597] usb 4-1: Using ep0 maxpacket: 32
[   86.403630][ T3597] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   86.406593][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.436922][ T3597] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[   86.439580][ T4688] loop0: detected capacity change from 0 to 32768
[   86.460635][ T3597] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.466599][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.480891][ T4688] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.61 (4688)
[   86.481277][ T4716] loop1: detected capacity change from 0 to 512
[   86.505505][ T3597] usb 4-1: config 0 descriptor??
[   86.506614][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.512721][ T3597] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   86.544339][ T3597] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   86.546721][ T4688] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   86.563576][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.576103][ T4688] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   86.580088][ T4716] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.63: corrupted in-inode xattr
[   86.585062][ T4688] BTRFS info (device loop0): setting nodatacow, compression disabled
[   86.604860][ T4688] BTRFS info (device loop0): enabling auto defrag
[   86.611393][ T4688] BTRFS info (device loop0): max_inline at 0
[   86.618406][ T4688] BTRFS info (device loop0): using free space tree
[   86.625403][ T4462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.652135][ T4462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.668641][ T4462] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.672987][ T4716] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.63: couldn't read orphan inode 15 (err -117)
[   86.681361][ T4462] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.696528][ T4462] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.706361][ T4462] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.746942][ T4462] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.764151][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.782894][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.784376][ T4716] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   86.921266][ T4347] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.960061][ T4381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.968841][ T4347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.983661][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.998894][ T4381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.011990][ T4277] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   87.012231][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   87.105185][ T4708] usb 4-1: USB disconnect, device number 3
[   87.116522][ T4708] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[   87.315904][ T4746] netlink: 8 bytes leftover after parsing attributes in process `syz.5.24'.
[   87.332748][ T4746] netlink: 'syz.5.24': attribute type 30 has an invalid length.
[   87.355491][ T4746] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   87.365766][ T4746] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   87.374608][ T4746] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   87.383419][ T4746] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   87.410979][ T4264] EXT4-fs (loop1): unmounting filesystem.
[   87.435238][ T4748] loop0: detected capacity change from 0 to 4096
[   87.447034][ T4746] netlink: 8 bytes leftover after parsing attributes in process `syz.5.24'.
[   87.463010][ T4746] netlink: 'syz.5.24': attribute type 30 has an invalid length.
[   87.487704][ T4746] Zero length message leads to an empty skb
[   87.644701][ T4750] loop1: detected capacity change from 0 to 8192
[   87.655837][ T4750] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   87.674475][ T4750] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[   87.691614][ T4750] REISERFS (device loop1): using ordered data mode
[   87.698980][ T4750] reiserfs: using flush barriers
[   87.706838][ T4750] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   87.780047][ T4750] REISERFS (device loop1): checking transaction log (loop1)
[   87.958691][ T4750] REISERFS (device loop1): Using r5 hash to sort names
[   88.127045][ T4750] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[   88.913171][ T4766] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   89.216422][ T4759] loop5: detected capacity change from 0 to 32768
[   89.293506][ T4759] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[   89.293699][ T4763] loop4: detected capacity change from 0 to 32768
[   89.325253][   T26] audit: type=1800 audit(1755594851.771:7): pid=4759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.71" name="file1" dev="loop5" ino=17058 res=0 errno=0
[   89.353463][ T4763] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.73 (4763)
[   89.406864][ T4763] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   89.417524][ T4763] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[   89.429221][ T4763] BTRFS info (device loop4): using free space tree
[   89.561031][ T4763] BTRFS info (device loop4): enabling ssd optimizations
[   89.615015][   T26] audit: type=1800 audit(1755594852.061:8): pid=4763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.73" name="file1" dev="loop4" ino=260 res=0 errno=0
[   89.635272][    C0] vkms_vblank_simulate: vblank timer overrun
[   89.898117][ T4462] ocfs2: Unmounting device (7,5) on (node local)
[   90.019185][ T4804] loop3: detected capacity change from 0 to 64
[   90.041306][ T4778] loop1: detected capacity change from 0 to 32768
[   90.099134][ T4778] XFS (loop1): Mounting V5 Filesystem
[   90.111390][ T4266] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   90.195259][ T4778] XFS (loop1): Ending clean mount
[   90.340216][ T4345] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   90.428787][   T26] audit: type=1800 audit(1755594852.871:9): pid=4778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.76" name="file1" dev="loop1" ino=9286 res=0 errno=0
[   90.449045][    C0] vkms_vblank_simulate: vblank timer overrun
[   90.455680][   T26] audit: type=1800 audit(1755594852.871:10): pid=4826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.76" name="file1" dev="loop1" ino=9286 res=0 errno=0
[   90.550928][ T4345] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.564928][ T4345] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   90.581517][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.602333][ T4345] usb 1-1: config 0 descriptor??
[   90.703394][ T4833] loop4: detected capacity change from 0 to 4096
[   90.775155][ T4264] XFS (loop1): Unmounting Filesystem
[   90.815806][ T4345] usbhid 1-1:0.0: can't add hid device: -71
[   90.823342][ T4345] usbhid: probe of 1-1:0.0 failed with error -71
[   90.845397][ T4345] usb 1-1: USB disconnect, device number 3
[   90.943530][ T4833] EXT4-fs (loop4): Test dummy encryption mode enabled
[   91.005907][ T4833] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   91.034396][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.034396][   T75] loop3: rw=1, sector=4169, nr_sectors = 1 limit=64
[   91.059073][ T4833] System zones: 0-5
[   91.076734][ T4833] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   91.096123][   T75] Buffer I/O error on dev loop3, logical block 4169, lost async page write
[   91.118142][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.118142][   T75] loop3: rw=1, sector=4170, nr_sectors = 1 limit=64
[   91.155682][   T75] Buffer I/O error on dev loop3, logical block 4170, lost async page write
[   91.179004][ T4831] loop5: detected capacity change from 0 to 32768
[   91.193083][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.193083][   T75] loop3: rw=1, sector=4172, nr_sectors = 1 limit=64
[   91.196670][ T4831] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.85 (4831)
[   91.243557][   T75] Buffer I/O error on dev loop3, logical block 4172, lost async page write
[   91.256855][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.256855][   T75] loop3: rw=1, sector=4173, nr_sectors = 1 limit=64
[   91.274600][ T4831] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   91.292654][ T4831] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[   91.298226][   T75] Buffer I/O error on dev loop3, logical block 4173, lost async page write
[   91.316691][ T4831] BTRFS info (device loop5): enabling disk space caching
[   91.323760][ T4831] BTRFS info (device loop5): enabling auto defrag
[   91.331554][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.331554][   T75] loop3: rw=1, sector=4174, nr_sectors = 1 limit=64
[   91.358527][ T4831] BTRFS info (device loop5): doing ref verification
[   91.367403][ T4831] BTRFS info (device loop5): use no compression
[   91.378814][   T75] Buffer I/O error on dev loop3, logical block 4174, lost async page write
[   91.391826][ T4831] BTRFS info (device loop5): force clearing of disk cache
[   91.414552][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.414552][   T75] loop3: rw=1, sector=4175, nr_sectors = 1 limit=64
[   91.420092][ T4345] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   91.435676][ T4831] BTRFS info (device loop5): enabling free space tree
[   91.435754][ T4831] BTRFS info (device loop5): using free space tree
[   91.506959][   T75] Buffer I/O error on dev loop3, logical block 4175, lost async page write
[   91.523287][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.523287][   T75] loop3: rw=1, sector=4176, nr_sectors = 1 limit=64
[   91.537793][   T75] Buffer I/O error on dev loop3, logical block 4176, lost async page write
[   91.546813][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.546813][   T75] loop3: rw=1, sector=4177, nr_sectors = 1 limit=64
[   91.563651][   T75] Buffer I/O error on dev loop3, logical block 4177, lost async page write
[   91.586670][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.586670][   T75] loop3: rw=1, sector=4178, nr_sectors = 16 limit=64
[   91.607160][   T75] kworker/u4:4: attempt to access beyond end of device
[   91.607160][   T75] loop3: rw=1, sector=4196, nr_sectors = 1 limit=64
[   91.620975][   T75] Buffer I/O error on dev loop3, logical block 4196, lost async page write
[   91.622576][ T4833] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   91.629854][   T75] Buffer I/O error on dev loop3, logical block 4197, lost async page write
[   92.002422][ T4831] BTRFS info (device loop5): enabling ssd optimizations
[   92.048985][ T4831] BTRFS info (device loop5): rebuilding free space tree
[   92.056728][ T4345] usb 1-1: Using ep0 maxpacket: 32
[   92.068486][ T4345] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.086849][ T4345] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[   92.096030][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.114542][ T4345] usb 1-1: config 0 descriptor??
[   92.137816][ T4345] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   92.168197][ T4345] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   92.256843][   T26] audit: type=1326 audit(1755594854.701:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4869 comm="syz.1.88" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a4998ebe9 code=0x0
[   92.473576][ T4462] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   92.586791][ T4345] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   92.700680][ T4324] usb 1-1: USB disconnect, device number 4
[   92.711181][ T4324] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[   92.805393][ T4873] loop1: detected capacity change from 0 to 32768
[   92.815601][ T4345] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   92.832525][ T4873] XFS: ikeep mount option is deprecated.
[   92.838393][ T4345] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   92.857881][ T4345] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   92.874135][ T4345] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.893992][ T4878] loop5: detected capacity change from 0 to 4096
[   92.904974][ T4833] fscrypt (loop4): Error allocating 'xts(aes)' transform: -4
[   92.920157][ T4878] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   92.921293][ T4833] overlayfs: upper fs does not support tmpfile.
[   92.939621][ T4872] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   92.950185][ T4833] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   92.959529][ T4873] XFS (loop1): Mounting V5 Filesystem
[   92.974032][ T4833] overlayfs: conflicting lowerdir path
[   93.087951][ T4873] XFS (loop1): Ending clean mount
[   93.109151][ T4873] XFS (loop1): Quotacheck needed: Please wait.
[   93.130889][ T4266] EXT4-fs (loop4): unmounting filesystem.
[   93.186365][ T4873] XFS (loop1): Quotacheck: Done.
[   93.300336][ T4345] usb 4-1: USB disconnect, device number 4
[   93.366096][ T4462] EXT4-fs (loop5): unmounting filesystem.
[   93.488650][ T4264] XFS (loop1): Unmounting Filesystem
[   94.569911][ T4820] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   94.767228][ T4908] loop0: detected capacity change from 0 to 32768
[   94.776805][ T4820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.791273][ T4820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.801765][ T4820] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[   94.811255][ T4908] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.94 (4908)
[   94.827706][ T4820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.834571][ T4422] tipc: Subscription rejected, illegal request
[   94.837678][ T4820] usb 6-1: config 0 descriptor??
[   94.873543][ T4908] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   94.894150][ T4908] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[   94.907124][ T4908] BTRFS info (device loop0): using free space tree
[   94.963370][ T4915] loop1: detected capacity change from 0 to 32768
[   95.002189][ T4915] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   95.035371][   T26] audit: type=1800 audit(1755594857.481:12): pid=4915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.91" name="file1" dev="loop1" ino=17058 res=0 errno=0
[   95.067102][ T4908] BTRFS info (device loop0): enabling ssd optimizations
[   95.096453][   T26] audit: type=1800 audit(1755594857.541:13): pid=4908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.94" name="file1" dev="loop0" ino=260 res=0 errno=0
[   95.761464][ T4820] hid-led 0003:1D34:0004.0002: hidraw0: USB HID v0.06 Device [HID 1d34:0004] on usb-dummy_hcd.5-1/input0
[   95.831770][ T4820] hid-led 0003:1D34:0004.0002: Dream Cheeky Webmail Notifier initialized
[   95.887689][ T4820] usb 6-1: USB disconnect, device number 2
[   95.920267][ T4264] ocfs2: Unmounting device (7,1) on (node local)
[   96.309211][ T4277] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   97.056287][ T4952] loop3: detected capacity change from 0 to 64
[   99.151563][ T4998] loop3: detected capacity change from 0 to 2048
[   99.182934][ T4998] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  101.885728][ T5022] loop4: detected capacity change from 0 to 32768
[  101.996834][ T5022] XFS (loop4): Mounting V5 Filesystem
[  102.071082][ T5022] XFS (loop4): Ending clean mount
[  102.431088][ T4266] XFS (loop4): Unmounting Filesystem
[  105.022279][ T5084] loop0: detected capacity change from 0 to 4096
[  105.170999][ T5090] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  105.528487][ T5100] netlink: 60 bytes leftover after parsing attributes in process `syz.0.155'.
[  105.606705][ T4710] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  105.676342][ T5088] loop3: detected capacity change from 0 to 32768
[  105.690927][ T5088] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.151 (5088)
[  105.706979][ T5091] loop4: detected capacity change from 0 to 32768
[  105.723565][ T5088] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  105.739081][ T5088] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  105.750764][ T5103] loop1: detected capacity change from 0 to 128
[  105.764165][ T5088] BTRFS info (device loop3): using free space tree
[  105.780520][ T5103] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  105.790373][ T5103] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  105.807162][ T4710] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  105.825306][ T5103] EXT4-fs (loop1): shut down requested (1)
[  105.833839][ T4710] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.834145][ T5103] fscrypt (loop1, inode 12): Error -5 getting encryption context
[  105.842103][ T4710] usb 6-1: Product: syz
[  105.842121][ T4710] usb 6-1: Manufacturer: syz
[  105.842134][ T4710] usb 6-1: SerialNumber: syz
[  105.868912][ T4710] usb 6-1: config 0 descriptor??
[  105.938504][ T4264] EXT4-fs (loop1): unmounting filesystem.
[  106.023930][ T5088] BTRFS info (device loop3): enabling ssd optimizations
[  106.081726][ T4710] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  106.138821][ T5131] syz.1.160 uses obsolete (PF_INET,SOCK_PACKET)
[  106.294515][ T4381] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  106.371443][ T4272] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  107.043504][ T5157] loop3: detected capacity change from 0 to 128
[  107.121403][ T5157] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  107.135663][ T5157] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  107.243556][ T5157] syz.3.166 (pid 5157) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  107.268129][ T5157] EXT4-fs (loop3): shut down requested (1)
[  107.312521][ T5157] fscrypt (loop3, inode 12): Error -5 getting encryption context
[  107.365374][ T5166] vivid-000: disconnect
[  107.386180][ T5162] vivid-000: reconnect
[  107.386250][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  107.496233][ T5168] loop3: detected capacity change from 0 to 8192
[  107.505489][ T5168] FAT-fs (loop3): Unrecognized mount option "A" or missing value
[  107.530619][ T4710] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -71
[  107.545353][ T4710] usb 6-1: USB disconnect, device number 3
[  108.820990][ T5181] loop3: detected capacity change from 0 to 16
[  108.845275][ T5181] erofs: (device loop3): mounted with root inode @ nid 36.
[  108.937269][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  108.948079][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 47 @ nid 36
[  108.957385][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  108.966903][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 46 @ nid 36
[  108.976191][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 45 @ nid 36
[  108.987493][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  108.997109][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 43 @ nid 36
[  109.006468][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  109.016044][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 42 @ nid 36
[  109.025680][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  109.035330][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 41 @ nid 36
[  109.045806][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  109.055317][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 40 @ nid 36
[  109.065457][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 39 @ nid 36
[  109.074739][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 38 @ nid 36
[  109.084382][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 36 @ nid 36
[  109.094280][ T5184] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  109.104076][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 31 @ nid 36
[  109.113745][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 25 @ nid 36
[  109.123322][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 24 @ nid 36
[  109.134864][ T5184] erofs: (device loop3): z_erofs_readahead: readahead error at page 19 @ nid 36
[  109.148243][ T5184] bio_check_eod: 71 callbacks suppressed
[  109.148272][ T5184] syz.3.175: attempt to access beyond end of device
[  109.148272][ T5184] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16
[  109.168091][ T5184] syz.3.175: attempt to access beyond end of device
[  109.168091][ T5184] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  109.184070][ T5184] syz.3.175: attempt to access beyond end of device
[  109.184070][ T5184] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  109.199089][ T5184] syz.3.175: attempt to access beyond end of device
[  109.199089][ T5184] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16
[  111.766804][ T4708] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  111.967255][ T4708] usb 5-1: Using ep0 maxpacket: 16
[  111.991418][ T4708] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.008675][ T4708] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  112.022176][ T4708] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  112.032485][ T4708] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  112.042335][ T4708] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  112.068522][ T4708] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  112.114950][ T4708] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  112.126032][ T4708] usb 5-1: Manufacturer: syz
[  112.136939][ T4708] usb 5-1: config 0 descriptor??
[  112.413343][ T4710] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  112.426805][   T41] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  112.456687][ T4708] rc_core: IR keymap rc-hauppauge not found
[  112.462657][ T4708] Registered IR keymap rc-empty
[  112.468430][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.496808][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.530185][ T4708] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  112.557576][ T4708] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5
[  112.573420][ T5227] device vlan1 entered promiscuous mode
[  112.590801][ T5227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.191'.
[  112.605974][ T4710] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.619234][   T41] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  112.642856][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.650341][   T41] usb 6-1: config 0 interface 0 has no altsetting 0
[  112.664884][ T4710] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.689640][   T41] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  112.706882][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.721720][ T4710] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  112.745858][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.770909][   T41] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  112.847616][ T4710] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  112.856966][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.864365][   T41] usb 6-1: Product: syz
[  112.868918][   T41] usb 6-1: Manufacturer: syz
[  112.873603][   T41] usb 6-1: SerialNumber: syz
[  112.879927][ T4710] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.891094][   T41] usb 6-1: config 0 descriptor??
[  112.900314][ T4710] usb 4-1: config 0 descriptor??
[  112.906792][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.917340][   T41] usb 6-1: selecting invalid altsetting 0
[  112.956801][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  112.996846][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  113.026765][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  113.066702][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  113.106685][ T4708] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  113.140119][ T4708] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  113.149883][ T4708] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  113.161109][ T4708] usb 5-1: USB disconnect, device number 2
[  113.194295][ T4316] usb 6-1: USB disconnect, device number 4
[  113.328259][ T4710] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  113.342031][ T4710] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  113.573466][ T5241] overlayfs: statfs failed on './file0'
[  114.039642][    C0] plantronics 0003:047F:FFFF.0003: hid_field_extract() called with n (132) > 32! (syz.4.198)
[  114.085874][ T5253] loop1: detected capacity change from 0 to 512
[  114.181577][ T5253] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  114.193919][ T5253] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  114.237763][ T5253] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #2: comm syz.1.200: corrupted inode contents
[  114.253047][ T5146] usb 4-1: USB disconnect, device number 5
[  114.283407][ T5253] EXT4-fs error (device loop1): ext4_dirty_inode:6119: inode #2: comm syz.1.200: mark_inode_dirty error
[  114.331025][ T5253] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #2: comm syz.1.200: corrupted inode contents
[  114.381504][ T5261] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #2: comm syz.1.200: corrupted inode contents
[  114.400282][ T5264] netlink: 'syz.0.202': attribute type 10 has an invalid length.
[  114.469059][ T5264] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.478995][ T5264] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.565208][ T4264] EXT4-fs (loop1): unmounting filesystem.
[  114.620895][ T5264] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.628522][ T5264] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.637554][ T5264] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.644719][ T5264] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.756170][ T5264] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  114.794552][ T5265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.202'.
[  114.818238][ T5265] device bridge_slave_1 left promiscuous mode
[  114.846107][ T5265] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.901328][ T5265] device bridge_slave_0 left promiscuous mode
[  114.915043][ T5265] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.053808][ T5269] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  115.123118][ T5265] bond0: (slave bridge0): Releasing backup interface
[  115.276139][ T5276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.206'.
[  115.303835][ T5276] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.319169][ T5276] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.342938][ T5276] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.360125][ T5276] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.418637][ T5282] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  115.435440][ T5282] batman_adv: batadv0: Adding interface: ip6gretap1
[  115.443891][ T5282] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.475678][ T5282] batman_adv: batadv0: Interface activated: ip6gretap1
[  115.681709][ T5288] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'.
[  115.732204][ T5288] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  115.849898][ T5280] loop1: detected capacity change from 0 to 40427
[  115.880281][ T5280] F2FS-fs (loop1): invalid crc value
[  115.905295][ T5280] F2FS-fs (loop1): Found nat_bits in checkpoint
[  116.486853][ T5280] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  116.652598][ T5312] loop3: detected capacity change from 0 to 64
[  116.680005][ T4264] syz-executor: attempt to access beyond end of device
[  116.680005][ T4264] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  117.984252][ T5327] loop4: detected capacity change from 0 to 8192
[  119.413596][ T5336] loop1: detected capacity change from 0 to 32768
[  119.447941][ T5336] 
[  119.447941][ T5336]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  119.447941][ T5336] 
[  121.337626][ T5381] 9ýÝÕ»¶öo
[  121.352752][ T4264] 
[  121.352752][ T4264]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  121.352752][ T4264] 
[  121.401508][ T4264] 
[  121.401508][ T4264]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  121.401508][ T4264] 
[  121.645770][ T5390] serio: Serial port ptm0
[  122.284780][ T5407] loop1: detected capacity change from 0 to 2048
[  122.554033][ T5387] syz.4.241 (5387): drop_caches: 2
[  122.594482][ T5407] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  122.813114][ T5421] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  122.846793][ T5421] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 238 with error 28
[  122.907113][ T5421] EXT4-fs (loop1): This should not happen!! Data will be lost
[  122.907113][ T5421] 
[  122.942599][ T5421] EXT4-fs (loop1): Total free blocks count 0
[  122.952249][ T5421] EXT4-fs (loop1): Free/Dirty block details
[  122.959007][ T5421] EXT4-fs (loop1): free_blocks=2415919104
[  122.964984][ T5421] EXT4-fs (loop1): dirty_blocks=240
[  122.972907][ T5421] EXT4-fs (loop1): Block reservation details
[  122.984744][ T5421] EXT4-fs (loop1): i_reserved_data_blocks=15
[  123.014138][ T5422] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  123.802269][ T5451] xt_NFQUEUE: number of total queues is 0
[  124.625011][ T4710] syzkaller0: tun_net_xmit 76
[  124.630826][ T4710] syzkaller0: tun_net_xmit 48
[  124.646816][ T4316] syzkaller0: tun_net_xmit 76
[  124.660975][ T5457] syzkaller0: create flow: hash 2613930293 index 1
[  124.737596][ T5456] syzkaller0: delete flow: hash 2613930293 index 1
[  124.804375][ T5464] binder: 5463:5464 ioctl c0306201 200000000080 returned -14
[  124.945053][ T5466] user requested TSC rate below hardware speed
[  125.678690][ T5485] overlayfs: failed to clone upperpath
[  125.880483][ T5489] Driver unsupported XDP return value 0 on prog  (id 23) dev N/A, expect packet loss!
[  126.606905][   T26] audit: type=1326 audit(1755594889.051:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5494 comm="syz.0.277" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff14338ebe9 code=0x0
[  127.320883][ T5504] loop1: detected capacity change from 0 to 512
[  127.380840][ T5504] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  127.393404][ T5504] ext4 filesystem being mounted at /49/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.431523][ T5504] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #4: comm syz.1.281: corrupted inode contents
[  127.475689][ T5504] EXT4-fs error (device loop1): ext4_dirty_inode:6119: inode #4: comm syz.1.281: mark_inode_dirty error
[  127.556342][ T5504] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #4: comm syz.1.281: corrupted inode contents
[  127.593274][ T5504] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #4: comm syz.1.281: mark_inode_dirty error
[  127.620341][ T5504] Quota error (device loop1): write_blk: dquota write failed
[  127.638221][ T5504] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  127.656481][ T5509] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #4: comm syz.1.281: corrupted inode contents
[  127.671817][ T5504] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.281: Failed to acquire dquot type 1
[  127.683842][ T5509] EXT4-fs error (device loop1): ext4_dirty_inode:6119: inode #4: comm syz.1.281: mark_inode_dirty error
[  127.718608][ T5509] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #4: comm syz.1.281: corrupted inode contents
[  127.734639][ T5509] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #4: comm syz.1.281: mark_inode_dirty error
[  127.785444][ T5509] Quota error (device loop1): write_blk: dquota write failed
[  127.806711][ T5509] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5
[  127.823736][ T5509] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  127.874569][ T5509] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.281: Failed to acquire dquot type 1
[  127.928921][ T5508] Quota error (device loop1): write_blk: dquota write failed
[  127.951977][ T5508] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  128.132257][ T4264] EXT4-fs (loop1): unmounting filesystem.
[  128.152594][ T5179] Quota error (device loop1): do_check_range: Getting block 324362 out of range 1-7
[  128.526662][ T5146] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  128.546754][ T4332] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  128.716643][ T5146] usb 2-1: Using ep0 maxpacket: 32
[  128.729444][ T5146] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  128.739310][ T4332] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  128.761470][ T4332] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  128.773250][ T5146] usb 2-1: config 0 has no interface number 0
[  128.806956][ T5146] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  128.823476][ T4332] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  128.834813][ T5146] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.856623][ T4332] usb 4-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  128.869601][ T5146] usb 2-1: Product: syz
[  128.873776][ T5146] usb 2-1: Manufacturer: syz
[  128.886629][ T4332] usb 4-1: config 0 interface 0 has no altsetting 0
[  128.893376][ T5146] usb 2-1: SerialNumber: syz
[  128.911800][ T4332] usb 4-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice=d3.00
[  128.922998][ T5146] usb 2-1: config 0 descriptor??
[  128.936785][ T4332] usb 4-1: New USB device strings: Mfr=208, Product=0, SerialNumber=0
[  128.946490][ T5146] smsc95xx v2.0.0
[  128.950383][ T4332] usb 4-1: Manufacturer: syz
[  128.957767][ T4332] usb 4-1: config 0 descriptor??
[  128.963707][ T5526] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  129.180788][ T5526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.198956][ T5526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.233615][ T4332] usbhid 4-1:0.0: can't add hid device: -71
[  129.246703][ T4332] usbhid: probe of 4-1:0.0 failed with error -71
[  129.270308][ T4332] usb 4-1: USB disconnect, device number 6
[  129.365387][ T5146] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  129.386630][ T5146] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  129.806871][ T4332] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  129.996769][ T4332] usb 4-1: Using ep0 maxpacket: 32
[  130.006239][ T4332] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  130.031891][ T4332] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  130.042199][ T4332] usb 4-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  130.055458][ T4332] usb 4-1: config 0 interface 0 has no altsetting 0
[  130.067519][ T4332] usb 4-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice=d3.00
[  130.076811][ T4332] usb 4-1: New USB device strings: Mfr=208, Product=0, SerialNumber=0
[  130.085056][ T4332] usb 4-1: Manufacturer: syz
[  130.118107][ T4332] usb 4-1: config 0 descriptor??
[  130.125623][ T4332] hub 4-1:0.0: bad descriptor, ignoring hub
[  130.139354][ T4332] hub: probe of 4-1:0.0 failed with error -5
[  130.601055][ T4332] plantronics 0003:047F:C055.0004: unknown main item tag 0x0
[  130.668186][ T4332] plantronics 0003:047F:C055.0004: unknown main item tag 0x0
[  130.747121][ T4332] plantronics 0003:047F:C055.0004: unknown main item tag 0x0
[  130.836652][ T5146] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71
[  130.847879][ T4332] plantronics 0003:047F:C055.0004: unknown main item tag 0x0
[  130.856121][ T5146] smsc95xx: probe of 2-1:0.67 failed with error -71
[  130.863372][ T4332] plantronics 0003:047F:C055.0004: unknown main item tag 0x0
[  130.874245][ T5146] usb 2-1: USB disconnect, device number 3
[  130.881480][ T4332] plantronics 0003:047F:C055.0004: No inputs registered, leaving
[  130.897890][ T4332] plantronics 0003:047F:C055.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  130.985318][ T4332] usb 4-1: USB disconnect, device number 7
[  131.168497][ T5550] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.217733][ T5548] loop4: detected capacity change from 0 to 32768
[  131.232127][ T5548] XFS (loop4): Mounting V5 Filesystem
[  131.268022][ T5550] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.299493][ T5548] XFS (loop4): Ending clean mount
[  131.306202][ T5548] XFS (loop4): Quotacheck needed: Please wait.
[  131.346213][ T5548] XFS (loop4): Quotacheck: Done.
[  131.381747][ T5550] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.505180][ T5550] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.508936][ T5561] binder: 5560:5561 unknown command 0
[  131.524340][ T5563] loop3: detected capacity change from 0 to 128
[  131.546131][ T5561] binder: 5560:5561 ioctl c0306201 200000000080 returned -22
[  131.630198][ T5565] syz.3.299: attempt to access beyond end of device
[  131.630198][ T5565] loop3: rw=2049, sector=145, nr_sectors = 344 limit=128
[  131.673673][ T5550] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.701734][ T4266] XFS (loop4): Unmounting Filesystem
[  131.729066][ T5550] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.745109][ T5563] syz.3.299: attempt to access beyond end of device
[  131.745109][ T5563] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128
[  131.774332][ T5550] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.811352][ T5550] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.822948][ T5563] syz.3.299: attempt to access beyond end of device
[  131.822948][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.856846][ T5563] syz.3.299: attempt to access beyond end of device
[  131.856846][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.871758][ T5563] syz.3.299: attempt to access beyond end of device
[  131.871758][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.894464][ T5563] syz.3.299: attempt to access beyond end of device
[  131.894464][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.935223][ T5563] syz.3.299: attempt to access beyond end of device
[  131.935223][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.954026][ T5563] syz.3.299: attempt to access beyond end of device
[  131.954026][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.968049][ T5563] syz.3.299: attempt to access beyond end of device
[  131.968049][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  131.982572][ T5563] syz.3.299: attempt to access beyond end of device
[  131.982572][ T5563] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  132.462189][ T5576] kvm: pic: non byte read
[  132.469445][ T5576] kvm: pic: non byte read
[  132.474344][ T5576] kvm: pic: single mode not supported
[  132.474425][ T5576] kvm: pic: non byte read
[  132.484618][ T5576] kvm: pic: non byte read
[  132.492833][ T5576] kvm: pic: single mode not supported
[  132.492874][ T5576] kvm: pic: non byte read
[  132.503053][ T5576] kvm: pic: non byte read
[  132.507904][ T5576] kvm: pic: single mode not supported
[  132.507960][ T5576] kvm: pic: non byte read
[  132.518002][ T5576] kvm: pic: single mode not supported
[  132.518057][ T5576] kvm: pic: non byte read
[  132.528121][ T5576] kvm: pic: non byte read
[  132.720483][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  132.726884][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  132.781595][ T5586] netlink: 'syz.3.308': attribute type 10 has an invalid length.
[  132.895665][ T5586] team0: Port device dummy0 added
[  132.905137][ T5587] netlink: 'syz.3.308': attribute type 10 has an invalid length.
[  132.935018][ T5587] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  133.001949][ T5587] team0: Failed to send options change via netlink (err -105)
[  133.028050][ T5587] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  133.061147][ T5587] team0: Port device dummy0 removed
[  133.094256][ T5587] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  133.436705][  T127] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  133.638225][  T127] usb 5-1: config 0 has no interfaces?
[  133.643769][  T127] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  133.666675][  T127] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.687444][  T127] usb 5-1: config 0 descriptor??
[  134.321348][ T5626] overlayfs: failed to clone upperpath
[  135.840528][ T5638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.327'.
[  135.875218][ T5638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.327'.
[  136.289358][ T5642] loop1: detected capacity change from 0 to 8192
[  136.345069][ T5642] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  136.358364][ T5642] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  136.368182][ T5642] REISERFS (device loop1): using ordered data mode
[  136.374731][ T5642] reiserfs: using flush barriers
[  136.388469][ T5642] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  136.406446][ T5642] REISERFS (device loop1): checking transaction log (loop1)
[  136.661239][ T5642] REISERFS (device loop1): Using tea hash to sort names
[  136.670306][ T5642] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  136.886313][ T4710] usb 5-1: USB disconnect, device number 3
[  137.526383][ T4268] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  137.538784][ T4268] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  137.547938][ T4268] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  137.556045][ T4268] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  137.564003][ T4268] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  137.571480][ T4268] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  138.074744][ T5668] loop1: detected capacity change from 0 to 128
[  138.141616][   T26] audit: type=1804 audit(1755594900.591:15): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.335" name="/newroot/67/file1" dev="fuse" ino=1 res=1 errno=0
[  138.192091][ T5665] kvm: emulating exchange as write
[  138.223630][   T26] audit: type=1800 audit(1755594900.611:16): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.335" name="/" dev="fuse" ino=1 res=0 errno=0
[  138.321582][   T26] audit: type=1804 audit(1755594900.611:17): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.335" name="/newroot/67/file1" dev="fuse" ino=1 res=1 errno=0
[  138.382420][ T5657] chnl_net:caif_netlink_parms(): no params data found
[  138.402496][ T5678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.338'.
[  138.438494][   T26] audit: type=1800 audit(1755594900.611:18): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.335" name="/" dev="fuse" ino=1 res=0 errno=0
[  139.042960][ T4332] usb 4-1: new low-speed USB device number 8 using dummy_hcd
[  139.405454][ T5657] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.418974][ T5657] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.441718][ T5657] device bridge_slave_0 entered promiscuous mode
[  139.466414][ T5657] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.488215][ T4332] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  139.497897][ T4332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.507935][ T5657] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.509460][ T4332] usb 4-1: config 0 descriptor??
[  139.554535][ T5657] device bridge_slave_1 entered promiscuous mode
[  139.573154][   T26] audit: type=1326 audit(1755594902.021:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  139.596729][ T4268] Bluetooth: hci5: command 0x0409 tx timeout
[  140.160953][   T26] audit: type=1326 audit(1755594902.611:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  140.267455][ T5657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.314225][ T5657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.641028][   T26] audit: type=1326 audit(1755594902.701:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  140.691936][ T5657] team0: Port device team_slave_0 added
[  140.712533][ T5657] team0: Port device team_slave_1 added
[  140.736729][   T26] audit: type=1326 audit(1755594902.701:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  140.776942][   T26] audit: type=1326 audit(1755594902.701:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  140.799021][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.809482][ T5657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.815816][   T26] audit: type=1326 audit(1755594902.701:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5691 comm="syz.0.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14338ebe9 code=0x7fc00000
[  140.816438][ T5657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.816460][ T5657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.958738][ T5657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.975519][ T5657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.003300][ T5657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  141.074645][ T5657] device hsr_slave_0 entered promiscuous mode
[  141.088966][ T5657] device hsr_slave_1 entered promiscuous mode
[  141.132523][ T5657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  141.156684][ T5657] Cannot create hsr debugfs directory
[  141.227000][ T5713] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  141.312629][ T5657] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  141.324570][ T5657] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  141.345105][ T5657] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  141.356322][ T5657] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  141.677174][ T4268] Bluetooth: hci5: command 0x041b tx timeout
[  141.955384][ T4332] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  142.354967][ T4332] asix: probe of 4-1:0.0 failed with error -71
[  142.363224][ T5657] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.364358][ T4332] usb 4-1: USB disconnect, device number 8
[  142.421222][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.439869][ T4515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.459736][ T5657] 8021q: adding VLAN 0 to HW filter on device team0
[  142.476265][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  142.492973][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  142.512791][ T5185] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.519972][ T5185] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.569896][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  142.600010][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  142.610004][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.620568][ T5185] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.627720][ T5185] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.648965][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  142.668709][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  142.704686][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  142.740382][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  142.753626][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  142.764861][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  142.779037][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  142.792208][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  142.808276][ T5657] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  142.824909][ T5657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  142.836052][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  142.847911][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  142.862488][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  143.672284][ T5751] loop1: detected capacity change from 0 to 8192
[  143.757207][ T4268] Bluetooth: hci5: command 0x040f tx timeout
[  144.524418][ T5751] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  144.537716][ T5751] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  144.548469][ T5751] REISERFS (device loop1): using ordered data mode
[  144.555010][ T5751] reiserfs: using flush barriers
[  144.570460][ T5751] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  144.589834][ T5751] REISERFS (device loop1): checking transaction log (loop1)
[  144.607288][ T5751] REISERFS (device loop1): Using r5 hash to sort names
[  144.615519][ T5751] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  145.878610][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  145.893031][ T4268] Bluetooth: hci5: command 0x0419 tx timeout
[  145.914315][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  146.001830][ T5657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.694108][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  148.710046][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  148.751771][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  148.765189][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  148.791711][ T5657] device veth0_vlan entered promiscuous mode
[  148.804112][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  148.809490][  T127] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  148.814325][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  148.839822][  T127] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  148.843135][ T5657] device veth1_vlan entered promiscuous mode
[  148.888727][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  148.903496][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  148.912131][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  148.926446][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  148.938497][ T5657] device veth0_macvtap entered promiscuous mode
[  148.959851][ T5657] device veth1_macvtap entered promiscuous mode
[  148.987969][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.998807][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.009632][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.020719][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.030935][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.042277][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.052874][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.065521][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.078550][ T5657] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.089190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  149.103746][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  149.112614][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  149.128081][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  149.144603][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.155673][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.175943][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.187876][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.199078][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.209944][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.220358][ T5657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.231950][ T5657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.243795][ T5657] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.251770][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  149.270895][ T5185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  149.296444][ T5657] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.313552][ T5657] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.326130][ T5657] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.339320][ T5657] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.473589][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.503484][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.863133][ T4517] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  150.119853][ T5185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.140125][ T5185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.152865][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  150.342466][ T5816] netlink: 4 bytes leftover after parsing attributes in process `syz.6.326'.
[  150.381050][ T5816] device gre0 entered promiscuous mode
[  150.755244][   T26] kauditd_printk_skb: 62 callbacks suppressed
[  150.755259][   T26] audit: type=1804 audit(1755594913.201:87): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.380" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0
[  150.789582][   T26] audit: type=1800 audit(1755594913.201:88): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.380" name="/" dev="fuse" ino=1 res=0 errno=0
[  150.842484][   T26] audit: type=1804 audit(1755594913.231:89): pid=5832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.380" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0
[  150.864315][   T26] audit: type=1800 audit(1755594913.241:90): pid=5832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.380" name="/" dev="fuse" ino=1 res=0 errno=0
[  151.213548][ T5850] loop1: detected capacity change from 0 to 512
[  151.220974][ T5850] EXT4-fs: Ignoring removed oldalloc option
[  151.255281][ T5850] EXT4-fs (loop1): 1 truncate cleaned up
[  151.286893][ T5850] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  151.672299][ T4264] EXT4-fs (loop1): unmounting filesystem.
[  151.694253][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'.
[  151.704082][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'.
[  151.713227][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'.
[  151.723559][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'.
[  151.732536][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'.
[  153.201934][ T5871] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  156.806801][ T4708] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  157.004355][ T4708] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.031614][ T4708] usb 2-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  157.066499][ T4708] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.087714][ T4708] usb 2-1: config 0 descriptor??
[  159.887512][ T5922] loop3: detected capacity change from 0 to 1024
[  159.914031][ T5922] EXT4-fs: Ignoring removed oldalloc option
[  159.931603][ T5922] EXT4-fs: Ignoring removed bh option
[  159.971891][ T5922] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  160.047356][ T5922] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  160.177932][   T26] audit: type=1804 audit(1755594922.611:91): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.406" name="/newroot/85/file1/bus" dev="loop3" ino=18 res=1 errno=0
[  160.855076][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  161.056237][ T4708] usbhid 2-1:0.0: can't add hid device: -71
[  161.081442][ T4708] usbhid: probe of 2-1:0.0 failed with error -71
[  161.082855][ T4332] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  161.108504][ T4708] usb 2-1: USB disconnect, device number 4
[  161.139760][ T4332] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  165.044801][ T5967] loop4: detected capacity change from 0 to 32768
[  165.114417][ T5983] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0)
[  165.187770][ T5967] XFS (loop4): Mounting V5 Filesystem
[  165.266777][ T5967] XFS (loop4): Ending clean mount
[  165.299337][ T5967] XFS (loop4): Quotacheck needed: Please wait.
[  165.376844][ T5967] XFS (loop4): Quotacheck: Done.
[  165.571201][ T6007] tipc: Failed to remove unknown binding: 66,1,1/0:2054988758/2054988760
[  165.597808][ T6007] tipc: Failed to remove unknown binding: 66,1,1/0:2054988758/2054988760
[  165.966381][ T4266] XFS (loop4): Unmounting Filesystem
[  166.708384][ T4268] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  166.946404][ T4268] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  167.287151][ T4274] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  167.308927][ T4274] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  167.318481][ T4274] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  167.327507][ T4274] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  167.525482][ T6024] sch_tbf: burst 1023 is lower than device lo mtu (65550) !
[  167.819809][ T6019] chnl_net:caif_netlink_parms(): no params data found
[  167.871761][ T6033] loop4: detected capacity change from 0 to 2048
[  167.939607][ T6033] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  167.978219][ T6033] EXT4-fs error (device loop4): ext4_find_extent:936: inode #2: comm syz.4.439: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  168.028226][ T6047] EXT4-fs error (device loop4): ext4_ext_precache:627: inode #2: comm syz.4.439: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  168.072760][ T6033] EXT4-fs (loop4): Remounting filesystem read-only
[  168.105444][ T6047] EXT4-fs (loop4): Remounting filesystem read-only
[  168.134866][ T6019] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.166691][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.185624][ T6019] device bridge_slave_0 entered promiscuous mode
[  168.221951][ T6019] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.239493][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.267809][ T6019] device bridge_slave_1 entered promiscuous mode
[  168.282236][ T4266] EXT4-fs (loop4): unmounting filesystem.
[  168.343300][ T6019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.379422][ T6019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.508131][ T6019] team0: Port device team_slave_0 added
[  168.534714][ T6019] team0: Port device team_slave_1 added
[  168.626529][ T6019] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.633686][ T6019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.708519][ T6019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.729252][ T6019] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.770000][ T6019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.816784][ T6019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  169.000380][ T6019] device hsr_slave_0 entered promiscuous mode
[  169.021383][ T6019] device hsr_slave_1 entered promiscuous mode
[  169.036616][ T6019] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  169.060599][ T6019] Cannot create hsr debugfs directory
[  169.117316][ T6053] loop4: detected capacity change from 0 to 128
[  169.159458][ T6053] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  169.204638][ T6053] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  169.356763][ T4279] Bluetooth: hci6: command 0x0409 tx timeout
[  169.534114][ T4266] EXT4-fs (loop4): unmounting filesystem.
[  169.609281][ T6019] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  169.639235][ T6019] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  169.671707][ T6019] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  169.706409][ T6019] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  169.925338][ T6019] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.987398][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  170.001279][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  170.021003][ T6019] 8021q: adding VLAN 0 to HW filter on device team0
[  170.041254][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  170.059643][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  170.394545][ T4546] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.402096][ T4546] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.575519][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  170.627106][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  170.645939][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  170.688570][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.695714][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.747059][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  170.777707][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  170.926778][ T6019] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  171.106767][ T6019] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  171.447017][ T4279] Bluetooth: hci6: command 0x041b tx timeout
[  172.006572][    C0] sched: RT throttling activated
[  172.014365][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.032285][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.077211][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.122824][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.183238][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.213548][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.252925][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.314456][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.367140][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.397446][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.416660][ T5145] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  172.455247][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  172.477974][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  172.512416][ T6019] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.608110][ T5145] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  172.654287][ T5145] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  172.712743][ T5145] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  172.752505][ T5145] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.781313][ T5145] usb 5-1: config 0 descriptor??
[  172.883209][ T6015] Set syz1 is full, maxelem 65536 reached
[  173.401791][ T5145] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  173.410030][ T5145] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  173.428230][ T5145] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  173.526885][ T4279] Bluetooth: hci6: command 0x040f tx timeout
[  174.660681][ T4708] usb 5-1: USB disconnect, device number 4
[  174.693980][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  174.715004][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  174.804773][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  174.829266][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  174.868262][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  174.876197][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  174.925670][ T6019] device veth0_vlan entered promiscuous mode
[  175.051804][ T6019] device veth1_vlan entered promiscuous mode
[  175.626681][ T4279] Bluetooth: hci6: command 0x0419 tx timeout
[  176.153942][ T6146] loop3: detected capacity change from 0 to 262144
[  176.194425][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  176.220185][ T6146] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by syz.3.472 (6146)
[  176.258269][ T6146] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  176.268996][ T6146] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  176.278096][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  176.278334][ T6146] BTRFS info (device loop3): using free space tree
[  176.327005][ T6019] device veth0_macvtap entered promiscuous mode
[  176.354948][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  176.369423][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  176.387712][ T6019] device veth1_macvtap entered promiscuous mode
[  176.412497][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  176.438414][ T6146] BTRFS info (device loop3): enabling ssd optimizations
[  176.446743][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  176.485017][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.508258][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.532304][   T26] audit: type=1804 audit(1755594938.981:92): pid=6146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.472" name="/newroot/101/bus/bus" dev="loop3" ino=263 res=1 errno=0
[  176.584325][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.614110][ T6146] BTRFS info (device loop3): balance: start -d -m -s
[  176.615690][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.640064][ T6146] BTRFS info (device loop3): relocating block group 30408704 flags metadata|dup
[  176.702011][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.726758][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.782738][ T6146] BTRFS info (device loop3): found 3 extents, stage: move data extents
[  176.791374][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.819922][ T6137] loop1: detected capacity change from 0 to 40427
[  176.840255][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.851430][ T6146] BTRFS info (device loop3): relocating block group 22020096 flags system|dup
[  176.879509][ T6146] BTRFS info (device loop3): balance: canceled
[  176.885599][ T6137] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  176.895904][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.916853][ T6137] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  176.934468][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.964738][ T4272] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  176.989109][ T6019] batman_adv: batadv0: Interface activated: batadv_slave_0
[  177.039189][ T6137] F2FS-fs (loop1): Found nat_bits in checkpoint
[  177.052144][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  177.061788][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  177.105471][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.151582][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.180611][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.223057][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.305504][ T6137] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  177.306672][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.323537][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.771699][ T6137] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  177.787317][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.798093][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.812606][ T6019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.823420][ T6019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.847383][ T6019] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.945065][ T6019] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.978576][ T6019] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.012057][ T6019] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.081724][ T6019] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.114880][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  178.142184][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  178.401363][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.439991][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.507693][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  178.521125][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.530857][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.604506][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  178.808457][ T6187] loop7: detected capacity change from 0 to 512
[  178.919659][ T6187] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  178.946975][ T6187] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  179.001679][ T6194] loop1: detected capacity change from 0 to 256
[  179.008780][ T6194] exfat: Deprecated parameter 'namecase'
[  179.014492][ T6194] exfat: Deprecated parameter 'utf8'
[  180.149989][ T6194] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  181.700374][ T6019] EXT4-fs (loop7): unmounting filesystem.
[  181.793675][ T6198] loop1: detected capacity change from 0 to 2048
[  181.873850][ T6198] Alternate GPT is invalid, using primary GPT.
[  181.896903][ T6198]  loop1: p2 p3 p7
[  185.456409][ T6249] loop3: detected capacity change from 0 to 16
[  185.489806][ T6249] erofs: (device loop3): mounted with root inode @ nid 36.
[  186.113511][ T4279] Bluetooth: hci1: command 0x0406 tx timeout
[  186.123566][ T4268] Bluetooth: hci2: command 0x0406 tx timeout
[  186.124383][ T4274] Bluetooth: hci4: command 0x0406 tx timeout
[  186.129642][ T4268] Bluetooth: hci3: command 0x0406 tx timeout
[  186.131885][ T6249] bio_check_eod: 7873 callbacks suppressed
[  186.131899][ T6249] syz.3.495: attempt to access beyond end of device
[  186.131899][ T6249] loop3: rw=0, sector=8, nr_sectors = 32 limit=16
[  189.049466][ T6293] capability: warning: `syz.3.509' uses deprecated v2 capabilities in a way that may be insecure
[  189.582478][ T6296] overlayfs: failed to clone upperpath
[  191.068721][ T6318] overlayfs: failed to resolve './file1': -2
[  192.594560][ T6327] loop4: detected capacity change from 0 to 4096
[  192.885634][ T6342] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  193.774189][ T6350] loop7: detected capacity change from 0 to 512
[  193.819526][ T6350] EXT4-fs error (device loop7): ext4_xattr_ibody_find:2195: inode #15: comm syz.7.526: corrupted in-inode xattr
[  193.861815][ T6350] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.526: couldn't read orphan inode 15 (err -117)
[  193.896147][ T6350] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  194.084239][ T6358] loop1: detected capacity change from 0 to 2048
[  194.214742][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  194.221161][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  194.288996][ T6355] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.331960][ T6358] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  194.461333][ T6019] EXT4-fs (loop7): unmounting filesystem.
[  194.517964][ T6355] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.704849][ T6355] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.908152][ T6355] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.132122][ T6355] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  195.157196][ T6355] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  195.177461][ T6355] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  195.198925][ T6355] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  195.225808][ T4264] EXT4-fs (loop1): unmounting filesystem.
[  195.652902][ T6396] loop7: detected capacity change from 0 to 256
[  195.745872][ T6396] FAT-fs (loop7): Directory bread(block 64) failed
[  195.768839][ T6396] FAT-fs (loop7): Directory bread(block 65) failed
[  195.834522][ T6396] FAT-fs (loop7): Directory bread(block 66) failed
[  195.850816][ T6396] FAT-fs (loop7): Directory bread(block 67) failed
[  195.892816][ T6396] FAT-fs (loop7): Directory bread(block 68) failed
[  195.904218][ T6396] FAT-fs (loop7): Directory bread(block 69) failed
[  195.939190][ T6396] FAT-fs (loop7): Directory bread(block 70) failed
[  195.966216][ T6396] FAT-fs (loop7): Directory bread(block 71) failed
[  195.966784][   T41] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  196.011467][ T6396] FAT-fs (loop7): Directory bread(block 72) failed
[  196.042288][ T6396] FAT-fs (loop7): Directory bread(block 73) failed
[  196.196782][   T41] usb 2-1: Using ep0 maxpacket: 8
[  196.204083][   T41] usb 2-1: unable to get BOS descriptor or descriptor too short
[  196.233713][   T41] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[  196.263627][   T41] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[  196.295639][   T41] usb 2-1: config 17 has no interface number 0
[  196.320008][   T41] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 170, changing to 7
[  196.361656][   T41] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid maxpacket 33185, setting to 1024
[  196.381533][   T41] usb 2-1: config 17 interface 8 has no altsetting 0
[  196.432862][   T41] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  196.444010][   T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.458611][   T41] usb 2-1: Product: syz
[  196.473579][   T41] usb 2-1: Manufacturer: syz
[  196.503755][   T41] usb 2-1: SerialNumber: syz
[  196.751744][   T41] usb 2-1: selecting invalid altsetting 0
[  196.781099][   T41] usb 2-1: 8:6 : no UAC_FORMAT_TYPE desc
[  196.820763][   T41] usb 2-1: selecting invalid altsetting 0
[  196.851890][   T41] usb 2-1: USB disconnect, device number 5
[  196.890083][ T6412] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.182994][ T6412] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.286330][ T6412] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.379226][ T6412] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.048924][ T6412] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.070395][ T6412] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.118850][ T6412] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.143850][ T6412] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.059071][ T6439] netem: change failed
[  199.177906][ T6441] overlayfs: failed to clone upperpath
[  199.429972][ T6447] loop7: detected capacity change from 0 to 40427
[  199.475902][ T6447] F2FS-fs (loop7): build fault injection attr: rate: 691, type: 0x3ffff
[  199.487370][ T6447] F2FS-fs (loop7): invalid crc value
[  199.497831][ T6447] F2FS-fs (loop7): Found nat_bits in checkpoint
[  199.544053][ T6447] F2FS-fs (loop7): Start checkpoint disabled!
[  199.570449][ T6447] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  199.660034][ T6447] F2FS-fs (loop7) : inject dquot initialize in f2fs_dquot_initialize of f2fs_create+0x13b/0x9e0
[  199.708600][ T6447] F2FS-fs (loop7): access invalid blkaddr:4043309056
[  199.716211][ T6447] CPU: 1 PID: 6447 Comm: syz.7.562 Not tainted 6.1.148-syzkaller #0
[  199.724229][ T6447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.734288][ T6447] Call Trace:
[  199.737567][ T6447]  <TASK>
[  199.740488][ T6447]  dump_stack_lvl+0x168/0x22e
[  199.745161][ T6447]  ? show_regs_print_info+0x12/0x12
[  199.750353][ T6447]  ? f2fs_get_next_page_offset+0x6a0/0x6a0
[  199.756166][ T6447]  f2fs_is_valid_blkaddr+0xc7e/0x1250
[  199.761535][ T6447]  f2fs_map_blocks+0xd37/0x3840
[  199.766419][ T6447]  ? f2fs_do_map_lock+0x70/0x70
[  199.771274][ T6447]  ? xa_load+0x60/0x2e0
[  199.775437][ T6447]  ? page_index+0xe7/0x470
[  199.779939][ T6447]  f2fs_mpage_readpages+0xa58/0x27e0
[  199.785240][ T6447]  ? dquot_release_reservation_block+0xa0/0xa0
[  199.791403][ T6447]  ? f2fs_is_compress_backend_ready+0x97/0x120
[  199.797558][ T6447]  ? f2fs_readahead+0x180/0x380
[  199.802401][ T6447]  ? blk_start_plug+0x94/0x110
[  199.807154][ T6447]  read_pages+0x173/0x840
[  199.811561][ T6447]  ? lru_add_drain_cpu+0x8c0/0x8c0
[  199.816671][ T6447]  ? page_cache_ra_unbounded+0x770/0x770
[  199.822297][ T6447]  ? filemap_add_folio+0x188/0x3c0
[  199.827403][ T6447]  page_cache_ra_unbounded+0x690/0x770
[  199.832861][ T6447]  f2fs_readdir+0x468/0x990
[  199.837370][ T6447]  ? f2fs_fill_dentries+0xcb0/0xcb0
[  199.842558][ T6447]  ? end_current_label_crit_section+0x14b/0x170
[  199.848793][ T6447]  ? preempt_count_add+0x8d/0x190
[  199.853819][ T6447]  ? down_read_killable+0x1cc/0x340
[  199.859006][ T6447]  ? fsnotify_perm+0x248/0x550
[  199.863759][ T6447]  iterate_dir+0x218/0x560
[  199.868169][ T6447]  ? f2fs_fill_dentries+0xcb0/0xcb0
[  199.873360][ T6447]  __se_sys_getdents64+0xe5/0x260
[  199.878377][ T6447]  ? __x64_sys_getdents64+0x80/0x80
[  199.883570][ T6447]  ? filldir+0x700/0x700
[  199.887813][ T6447]  ? lockdep_hardirqs_on+0x94/0x140
[  199.893015][ T6447]  do_syscall_64+0x4c/0xa0
[  199.897426][ T6447]  ? clear_bhb_loop+0x60/0xb0
[  199.902088][ T6447]  ? clear_bhb_loop+0x60/0xb0
[  199.906752][ T6447]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.912653][ T6447] RIP: 0033:0x7f0469d8ebe9
[  199.917072][ T6447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.936946][ T6447] RSP: 002b:00007f046ab52038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  199.945467][ T6447] RAX: ffffffffffffffda RBX: 00007f0469fb5fa0 RCX: 00007f0469d8ebe9
[  199.953459][ T6447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  199.961438][ T6447] RBP: 00007f0469e11e19 R08: 0000000000000000 R09: 0000000000000000
[  199.969414][ T6447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.977382][ T6447] R13: 00007f0469fb6038 R14: 00007f0469fb5fa0 R15: 00007fffa073b848
[  199.985365][ T6447]  </TASK>
[  200.030118][ T6447] syz.7.562: attempt to access beyond end of device
[  200.030118][ T6447] loop7: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  200.044742][ T6447] syz.7.562: attempt to access beyond end of device
[  200.044742][ T6447] loop7: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  200.403256][   T11] kworker/u4:1: attempt to access beyond end of device
[  200.403256][   T11] loop7: rw=2049, sector=40960, nr_sectors = 40 limit=40427
[  200.802166][ T6472] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.906756][ T6472] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.192287][ T6472] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.356956][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  201.499442][ T6472] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.636969][ T6472] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.682897][ T6472] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.770846][ T6472] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.882358][ T6472] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.326252][ T6489] loop7: detected capacity change from 0 to 1024
[  202.376324][ T6489] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:477: comm syz.7.580: Invalid block bitmap block 0 in block_group 0
[  202.449602][ T6489] Quota error (device loop7): write_blk: dquota write failed
[  202.486890][ T6489] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  202.534628][ T6489] EXT4-fs error (device loop7): ext4_acquire_dquot:6814: comm syz.7.580: Failed to acquire dquot type 0
[  203.484523][ T6489] EXT4-fs error (device loop7): ext4_free_blocks:6210: comm syz.7.580: Freeing blocks not in datazone - block = 0, count = 4096
[  203.543504][ T6507] loop1: detected capacity change from 0 to 256
[  203.553499][ T6489] EXT4-fs error (device loop7): ext4_read_inode_bitmap:140: comm syz.7.580: Invalid inode bitmap blk 0 in block_group 0
[  203.567754][ T6507] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  203.580170][ T6507] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  203.580807][ T5965] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-7
[  203.608079][ T6507] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  203.631723][ T5965] EXT4-fs error (device loop7): ext4_release_dquot:6850: comm kworker/u4:19: Failed to release dquot type 0
[  203.659312][ T6489] EXT4-fs error (device loop7) in ext4_free_inode:362: Corrupt filesystem
[  203.675446][ T6489] EXT4-fs (loop7): 1 orphan inode deleted
[  203.683195][ T6489] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  203.855855][ T6514] netlink: 'syz.4.601': attribute type 10 has an invalid length.
[  203.868958][ T6517] overlayfs: failed to clone upperpath
[  203.880548][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.888042][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.945885][ T6514] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.953152][ T6514] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.960765][ T6514] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.968040][ T6514] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.994113][ T6514] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  204.013905][ T6518] netlink: 4 bytes leftover after parsing attributes in process `syz.4.601'.
[  204.025150][ T6518] device bridge_slave_1 left promiscuous mode
[  204.032929][ T6518] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.052282][ T6518] device bridge_slave_0 left promiscuous mode
[  204.089185][ T6019] EXT4-fs (loop7): unmounting filesystem.
[  204.095806][ T6518] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.179691][ T6518] bond0: (slave bridge0): Releasing backup interface
[  204.736650][ T5143] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  204.762277][ T6546] overlayfs: failed to clone upperpath
[  204.928943][ T5143] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  204.951909][ T5143] usb 2-1: config 0 interface 0 has no altsetting 0
[  204.971497][ T5143] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  204.992203][ T5143] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  205.010613][ T5143] usb 2-1: Product: syz
[  205.019393][ T5143] usb 2-1: Manufacturer: syz
[  205.029648][ T5143] usb 2-1: SerialNumber: syz
[  205.057690][ T5143] usb 2-1: config 0 descriptor??
[  205.115880][ T5143] usb 2-1: selecting invalid altsetting 0
[  205.198582][ T6566] loop7: detected capacity change from 0 to 64
[  205.432824][ T5143] usb 2-1: USB disconnect, device number 6
[  206.379173][   T14] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  206.568401][   T14] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  206.593910][   T14] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  206.769353][   T14] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  206.779430][   T14] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.799388][ T6576] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  207.658898][ T5143] usb 8-1: USB disconnect, device number 2
[  210.482233][ T6622] loop8: detected capacity change from 0 to 16384
[  211.368389][ T6626] loop8: detected capacity change from 16384 to 16383
[  212.503973][   T26] audit: type=1326 audit(1755594974.951:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6661 comm="syz.4.641" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76c638ebe9 code=0x0
[  212.621634][ T6658] loop7: detected capacity change from 0 to 32768
[  212.635086][ T6658] XFS (loop7): Mounting V5 Filesystem
[  212.664366][ T6658] XFS (loop7): Ending clean mount
[  212.676341][ T6658] XFS (loop7): Quotacheck needed: Please wait.
[  212.716116][ T6658] XFS (loop7): Quotacheck: Done.
[  213.164170][ T6019] XFS (loop7): Unmounting Filesystem
[  213.309083][ T5140] Process accounting resumed
[  214.667379][ T6702] overlayfs: failed to clone upperpath
[  215.999856][ T6726] device syz_tun entered promiscuous mode
[  216.005660][ T6726] device vlan2 entered promiscuous mode
[  216.395822][ T6737] netlink: 'syz.1.664': attribute type 10 has an invalid length.
[  216.836722][ T6737] team0: Port device dummy0 added
[  216.842290][ T6739] netlink: 'syz.1.664': attribute type 10 has an invalid length.
[  216.887612][ T6739] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  216.972347][ T6739] team0: Failed to send options change via netlink (err -105)
[  217.026977][ T6739] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  217.112717][ T6739] team0: Port device dummy0 removed
[  217.136179][ T6739] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  217.246083][ T6755] syz.0.672 sent an empty control message without MSG_MORE.
[  218.191074][ T6765] device syz_tun entered promiscuous mode
[  218.206756][ T6765] device vlan1 entered promiscuous mode
[  219.235358][ T5143] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  219.456784][ T5143] usb 2-1: Using ep0 maxpacket: 16
[  219.479087][ T5143] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  219.499668][ T5143] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.541811][ T5143] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  219.571645][ T5143] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  219.600641][ T5143] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  219.623317][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  219.641883][ T5143] usb 2-1: SerialNumber: syz
[  219.660378][ T5143] hub 2-1:1.0: bad descriptor, ignoring hub
[  219.678051][ T5143] hub: probe of 2-1:1.0 failed with error -5
[  219.694108][ T6799] overlayfs: failed to clone upperpath
[  219.704327][ T5143] cdc_ether: probe of 2-1:1.0 failed with error -22
[  221.677273][ T4712] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  221.897236][ T4712] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  222.183523][ T4712] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  222.239725][ T4712] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  222.256382][ T4712] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  222.265019][ T4712] usb 8-1: SerialNumber: syz
[  222.377830][ T5140] usb 2-1: USB disconnect, device number 7
[  222.481941][ T4712] usb 8-1: 0:2 : does not exist
[  222.515954][ T4712] usb 8-1: USB disconnect, device number 3
[  222.985424][ T6856] loop1: detected capacity change from 0 to 2048
[  223.058807][ T6856]  loop1: p1 < > p3
[  223.076154][ T6856] loop1: p3 size 134217728 extends beyond EOD, truncated
[  225.646705][ T4712] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  225.836726][ T4712] usb 8-1: Using ep0 maxpacket: 16
[  225.843705][ T4712] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  225.875071][ T4712] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  225.905057][ T4712] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  225.933251][ T4712] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.963704][ T4712] usb 8-1: Product: syz
[  225.981663][ T4712] usb 8-1: Manufacturer: syz
[  225.986184][ T6895] loop1: detected capacity change from 0 to 2048
[  225.996792][ T4712] usb 8-1: SerialNumber: syz
[  226.002146][ T6895] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  226.222293][ T4712] usb 8-1: 0:2 : does not exist
[  226.250761][ T4712] usb 8-1: 5:0: failed to get current value for ch 0 (-22)
[  226.279043][ T4712] usb 8-1: USB disconnect, device number 4
[  226.851188][ T6907] netlink: 'syz.1.722': attribute type 10 has an invalid length.
[  226.890202][ T6907] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.897711][ T6907] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.014936][ T6907] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.022128][ T6907] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.029779][ T6907] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.036913][ T6907] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.055417][ T6907] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  227.074665][ T6485] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  227.699464][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.722'.
[  227.717940][ T6909] device bridge_slave_1 left promiscuous mode
[  227.756905][ T6909] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.812705][ T6909] device bridge_slave_0 left promiscuous mode
[  227.930580][ T6909] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.048155][ T6909] bond0: (slave bridge0): Releasing backup interface
[  230.300107][ T6950] netlink: 64 bytes leftover after parsing attributes in process `syz.3.739'.
[  231.772923][ T6971] netlink: 'syz.7.745': attribute type 10 has an invalid length.
[  231.821469][ T6971] team0: Port device dummy0 added
[  231.838846][ T6972] netlink: 'syz.7.745': attribute type 10 has an invalid length.
[  231.870064][ T6972] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  231.977059][ T6972] team0: Failed to send options change via netlink (err -105)
[  232.033005][ T6972] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  232.084792][ T6972] team0: Port device dummy0 removed
[  232.134511][ T6972] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  239.005169][ T7060] overlayfs: failed to clone upperpath
[  239.144492][ T7066] tipc: Failed to remove unknown binding: 66,1,1/0:3025881468/3025881470
[  239.165845][ T7066] tipc: Failed to remove unknown binding: 66,1,1/0:3025881468/3025881470
[  239.457077][ T4820] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  239.648200][ T4820] usb 2-1: config 0 has no interfaces?
[  239.653835][ T4820] usb 2-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  239.703899][ T4820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.750515][ T4820] usb 2-1: config 0 descriptor??
[  239.935187][   T26] audit: type=1326 audit(1755595002.381:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7086 comm="syz.7.788" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0469d8ebe9 code=0x0
[  240.590733][ T7107] xt_NFQUEUE: number of total queues is 0
[  242.183951][ T4345] usb 2-1: USB disconnect, device number 8
[  244.867181][   T26] audit: type=1326 audit(1755595007.301:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7146 comm="syz.3.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec578ebe9 code=0x7fc00000
[  245.626892][ T4332] usb 8-1: new low-speed USB device number 5 using dummy_hcd
[  245.636419][ T7171] binder_alloc: 7166: binder_alloc_buf, no vma
[  245.818374][ T4332] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  245.831996][ T4332] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.854194][ T4332] usb 8-1: config 0 descriptor??
[  246.584936][   T26] audit: type=1804 audit(1755595009.031:96): pid=7193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.823" name="/newroot/141/file1" dev="fuse" ino=1 res=1 errno=0
[  246.640405][   T26] audit: type=1800 audit(1755595009.031:97): pid=7193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.823" name="/" dev="fuse" ino=1 res=0 errno=0
[  246.662799][   T26] audit: type=1804 audit(1755595009.051:98): pid=7193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.823" name="/newroot/141/file1" dev="fuse" ino=1 res=1 errno=0
[  246.684940][   T26] audit: type=1800 audit(1755595009.051:99): pid=7193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.823" name="/" dev="fuse" ino=1 res=0 errno=0
[  248.057670][ T7215] netlink: 64 bytes leftover after parsing attributes in process `syz.4.830'.
[  249.554332][ T4332] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  249.591629][ T4332] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  249.780159][ T4332] asix: probe of 8-1:0.0 failed with error -71
[  249.902418][ T4332] usb 8-1: USB disconnect, device number 5
[  251.440709][ T7312] loop7: detected capacity change from 0 to 1024
[  251.490382][ T7312] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  251.900799][ T6019] EXT4-fs (loop7): unmounting filesystem.
[  253.878866][ T7351] overlayfs: failed to clone upperpath
[  255.600823][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  255.607972][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  258.169416][ T7389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.874'.
[  260.066661][   T41] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  260.271300][   T41] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  260.299796][   T41] usb 8-1: config 220 has 1 interface, different from the descriptor's value: 3
[  260.326163][   T41] usb 8-1: config 220 interface 0 has no altsetting 0
[  260.368459][   T41] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  260.392623][   T41] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.421701][   T41] usb 8-1: Product: syz
[  260.434772][   T41] usb 8-1: Manufacturer: syz
[  260.453523][   T41] usb 8-1: SerialNumber: syz
[  261.518118][ T7403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.562162][ T7403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.363867][   T41] usb 8-1: Found UVC 7.01 device syz (8086:0b07)
[  262.372494][   T41] usb 8-1: No valid video chain found.
[  262.380716][   T41] usb 8-1: USB disconnect, device number 6
[  262.572539][   T26] audit: type=1326 audit(1755595025.011:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.1.886" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a4998ebe9 code=0x0
[  263.014257][ T7458] loop7: detected capacity change from 0 to 128
[  263.054633][ T7458] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  263.067301][ T7458] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.517116][ T4270] Bluetooth: hci5: command 0x0406 tx timeout
[  263.986677][ T6019] EXT4-fs (loop7): unmounting filesystem.
[  268.460345][ T7429] Set syz1 is full, maxelem 65536 reached
[  271.210780][ T7595] atomic_op ffff88807ab99198 conn xmit_atomic 0000000000000000
[  273.608246][ T7612] loop1: detected capacity change from 0 to 40427
[  273.625163][ T7612] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff
[  273.634886][ T7612] F2FS-fs (loop1): invalid crc value
[  273.713840][ T7612] F2FS-fs (loop1): Found nat_bits in checkpoint
[  273.753242][ T7612] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  273.821143][ T7621] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  274.305278][ T7629] syz.1.919: attempt to access beyond end of device
[  274.305278][ T7629] loop1: rw=2049, sector=53248, nr_sectors = 256 limit=40427
[  275.764298][ T7639] vxcan1: tx drop: invalid da for name 0x0000000000000003
[  276.573284][ T7645] loop7: detected capacity change from 0 to 128
[  276.632073][ T7645] affs: No valid root block on device loop7
[  277.183343][ T7651] loop7: detected capacity change from 0 to 8
[  277.276809][ T7651] SQUASHFS error: xz decompression failed, data probably corrupt
[  277.285244][ T7651] SQUASHFS error: Failed to read block 0x108: -5
[  277.292047][ T7651] SQUASHFS error: Unable to read metadata cache entry [106]
[  277.299584][ T7651] SQUASHFS error: Unable to read inode 0x11f
[  282.316777][ T4711] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  282.506691][ T4711] usb 2-1: Using ep0 maxpacket: 8
[  282.515479][ T4711] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  282.557726][ T4711] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  282.576776][ T4711] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.605892][ T4711] usb 2-1: Product: syz
[  282.625444][ T4711] usb 2-1: Manufacturer: syz
[  282.649539][ T4711] usb 2-1: SerialNumber: syz
[  282.673921][ T4711] usb 2-1: config 0 descriptor??
[  283.614420][ T4332] usb 2-1: USB disconnect, device number 9
[  284.567890][ T7713] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  285.662760][ T7722] kvm: pic: non byte read
[  285.671884][ T7722] kvm: pic: level sensitive irq not supported
[  285.671957][ T7722] kvm: pic: non byte read
[  287.173757][ T4711] libceph: connect (1)[c::]:6789 error -101
[  287.197175][ T4711] libceph: mon0 (1)[c::]:6789 connect error
[  287.221696][ T4710] libceph: connect (1)[c::]:6789 error -101
[  287.228262][ T4710] libceph: mon0 (1)[c::]:6789 connect error
[  287.338036][ T7744] ceph: No mds server is up or the cluster is laggy
[  287.544149][ T4710] libceph: connect (1)[c::]:6789 error -101
[  287.591294][ T4710] libceph: mon0 (1)[c::]:6789 connect error
[  288.299737][ T4711] libceph: connect (1)[c::]:6789 error -101
[  288.305856][ T4711] libceph: mon0 (1)[c::]:6789 connect error
[  289.343124][ T7779] loop1: detected capacity change from 0 to 128
[  289.884329][ T4710] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  290.078394][ T4710] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.109996][ T4710] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  290.135066][ T4710] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.165456][ T4710] usb 8-1: config 0 descriptor??
[  290.212500][ T4710] pwc: Askey VC010 type 2 USB webcam detected.
[  292.353464][ T4710] pwc: recv_control_msg error -71 req 02 val 2b00
[  292.368555][ T4710] pwc: recv_control_msg error -71 req 02 val 2700
[  292.404139][ T4710] pwc: recv_control_msg error -71 req 02 val 2c00
[  292.411498][ T4710] pwc: recv_control_msg error -71 req 04 val 1000
[  292.506209][ T4332] syzkaller0: tun_net_xmit 76
[  292.633795][ T7809] atomic_op ffff888077070198 conn xmit_atomic 0000000000000000
[  292.646458][ T4710] pwc: recv_control_msg error -71 req 04 val 1300
[  292.978497][ T7813] syzkaller0: create flow: hash 2613930293 index 1
[  293.052266][ T4710] pwc: recv_control_msg error -71 req 04 val 1400
[  293.095386][ T4332] syzkaller0: tun_net_xmit 48
[  293.100793][ T4345] syzkaller0: tun_net_xmit 76
[  293.172881][ T4710] pwc: recv_control_msg error -71 req 02 val 2000
[  293.185173][ T4710] pwc: recv_control_msg error -71 req 02 val 2100
[  293.210959][ T4710] pwc: recv_control_msg error -71 req 04 val 1500
[  293.231928][ T4710] pwc: recv_control_msg error -71 req 02 val 2500
[  293.336717][ T4710] pwc: recv_control_msg error -71 req 02 val 2400
[  293.356778][ T4710] pwc: recv_control_msg error -71 req 02 val 2600
[  293.417322][ T4710] pwc: recv_control_msg error -71 req 02 val 2900
[  293.436834][ T4332] syzkaller0: tun_net_xmit 76
[  293.448506][ T4710] pwc: recv_control_msg error -71 req 02 val 2800
[  293.465930][ T4710] pwc: recv_control_msg error -71 req 04 val 1100
[  293.495661][ T4710] pwc: recv_control_msg error -71 req 04 val 1200
[  293.527457][ T4710] pwc: Registered as video103.
[  293.532771][ T4710] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input8
[  293.579063][ T4710] usb 8-1: USB disconnect, device number 7
[  293.624962][ T7813] syzkaller0: delete flow: hash 2613930293 index 1
[  294.288577][ T4270] Bluetooth: hci6: command 0x0406 tx timeout
[  295.877714][ T4332] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  296.068582][ T4332] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  296.110323][ T4332] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  296.123765][ T4332] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  296.134380][ T4332] usb 2-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  296.147746][ T4332] usb 2-1: config 0 interface 0 has no altsetting 0
[  296.172746][ T4332] usb 2-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice=d3.00
[  296.195234][ T4332] usb 2-1: New USB device strings: Mfr=208, Product=0, SerialNumber=0
[  296.203897][ T4332] usb 2-1: Manufacturer: syz
[  296.220806][ T4332] usb 2-1: config 0 descriptor??
[  296.243076][ T7854] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  296.466492][ T7854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.478765][ T7854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.512489][ T4332] usbhid 2-1:0.0: can't add hid device: -71
[  296.518545][ T4332] usbhid: probe of 2-1:0.0 failed with error -71
[  296.527078][ T4332] usb 2-1: USB disconnect, device number 10
[  297.096690][ T4332] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  297.291579][ T4332] usb 2-1: Using ep0 maxpacket: 32
[  297.307618][ T4332] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  297.322341][ T4332] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  297.332815][ T4332] usb 2-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  297.346063][ T4332] usb 2-1: config 0 interface 0 has no altsetting 0
[  297.372859][ T4332] usb 2-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice=d3.00
[  297.382005][ T4332] usb 2-1: New USB device strings: Mfr=208, Product=0, SerialNumber=0
[  297.390601][ T4332] usb 2-1: Manufacturer: syz
[  297.410902][ T4332] usb 2-1: config 0 descriptor??
[  297.429471][ T4332] hub 2-1:0.0: bad descriptor, ignoring hub
[  297.435437][ T4332] hub: probe of 2-1:0.0 failed with error -5
[  297.846847][ T4332] plantronics 0003:047F:C055.0008: unknown main item tag 0x0
[  297.856342][ T4332] plantronics 0003:047F:C055.0008: unknown main item tag 0x0
[  297.876695][ T4332] plantronics 0003:047F:C055.0008: unknown main item tag 0x0
[  297.884240][ T4332] plantronics 0003:047F:C055.0008: unknown main item tag 0x0
[  297.898220][ T4332] plantronics 0003:047F:C055.0008: unknown main item tag 0x0
[  297.906243][ T4332] plantronics 0003:047F:C055.0008: No inputs registered, leaving
[  297.933386][ T4332] plantronics 0003:047F:C055.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  298.197924][ T4711] usb 2-1: USB disconnect, device number 11
[  298.521585][ T7847] netlink: 28 bytes leftover after parsing attributes in process `syz.4.991'.
[  298.530665][ T7847] netlink: 28 bytes leftover after parsing attributes in process `syz.4.991'.
[  298.849943][ T7865] overlayfs: statfs failed on './file0'
[  299.143131][ T7873] atomic_op ffff8880273bb198 conn xmit_atomic 0000000000000000
[  299.974997][ T7877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1000'.
[  302.326302][   T27] INFO: task syz.6.382:5845 blocked for more than 143 seconds.
[  302.392558][   T27]       Not tainted 6.1.148-syzkaller #0
[  302.503557][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.630406][   T27] task:syz.6.382       state:D stack:27112 pid:5845  ppid:5657   flags:0x00004004
[  302.768203][   T27] Call Trace:
[  302.771623][   T27]  <TASK>
[  302.774662][   T27]  __schedule+0x10ec/0x40b0
[  302.789066][   T27]  ? release_firmware_map_entry+0x18a/0x18a
[  302.805416][   T27]  ? lock_chain_count+0x20/0x20
[  302.820568][   T27]  ? _raw_spin_lock_irq+0xab/0xe0
[  302.832553][ T7904] binder: 7898:7904 ioctl c0306201 0 returned -14
[  302.846866][   T27]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  303.467525][   T27]  ? rwsem_down_read_slowpath+0x50a/0x840
[  303.488316][   T27]  schedule+0xb9/0x180
[  303.597742][   T27]  schedule_preempt_disabled+0xf/0x20
[  303.608480][ T7904] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  303.615666][ T7904] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  303.633341][   T27]  rwsem_down_read_slowpath+0x4f4/0x840
[  303.651269][   T27]  ? down_write_killable_nested+0x90/0x90
[  303.673853][   T27]  ? read_lock_is_recursive+0x10/0x10
[  303.680084][ T7904] vhci_hcd vhci_hcd.0: Device attached
[  303.702736][   T27]  ? __rwlock_init+0x140/0x140
[  303.723842][   T27]  ? ksys_sync+0x150/0x150
[  303.745040][   T27]  down_read+0x94/0x2d0
[  303.763774][   T27]  ? ksys_sync+0x150/0x150
[  303.775253][ T7907] vhci_hcd: connection closed
[  303.789022][ T4385] vhci_hcd: stop threads
[  303.800474][   T27]  iterate_supers+0xa4/0x1d0
[  303.819267][   T27]  ksys_sync+0x91/0x150
[  303.830227][ T4385] vhci_hcd: release socket
[  303.840459][   T27]  ? sync_filesystem+0x220/0x220
[  303.859414][ T4385] vhci_hcd: disconnect device
[  303.864209][   T27]  ? syscall_enter_from_user_mode+0x21/0x80
[  303.883093][   T27]  ? lockdep_hardirqs_on+0x94/0x140
[  303.900572][   T27]  __ia32_sys_sync+0xa/0x10
[  303.915287][   T27]  do_syscall_64+0x4c/0xa0
[  303.935273][   T27]  ? clear_bhb_loop+0x60/0xb0
[  303.956271][   T27]  ? clear_bhb_loop+0x60/0xb0
[  303.972904][   T27]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  303.993179][   T27] RIP: 0033:0x7f3aa018ebe9
[  304.004420][   T27] RSP: 002b:00007f3aa0fec038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  304.034823][   T27] RAX: ffffffffffffffda RBX: 00007f3aa03b6090 RCX: 00007f3aa018ebe9
[  304.060914][   T27] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  304.083511][   T27] RBP: 00007f3aa03b6090 R08: 0000000000000000 R09: 0000000000000000
[  304.095208][   T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  304.110129][   T27] R13: 00007f3aa03b6128 R14: 00007f3aa03b6090 R15: 00007fff08eb33e8
[  304.122623][   T27]  </TASK>
[  304.125860][   T27] 
[  304.125860][   T27] Showing all locks held in the system:
[  304.136401][   T27] 1 lock held by rcu_tasks_kthre/12:
[  304.197666][   T27]  #0: ffffffff8cb2b770 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00
[  304.245654][   T27] 1 lock held by rcu_tasks_trace/13:
[  304.272202][   T27]  #0: ffffffff8cb2bf90 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00
[  304.304303][   T27] 1 lock held by khungtaskd/27:
[  304.310826][   T27]  #0: ffffffff8cb2ade0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290
[  304.325352][   T27] 2 locks held by getty/4028:
[  304.334726][   T27]  #0: ffff888030b45098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  304.351439][   T27]  #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x41b/0x1380
[  304.361695][   T27] 6 locks held by kworker/0:3/4332:
[  304.368121][   T27]  #0: ffff88801ded8938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160
[  304.379021][   T27]  #1: ffffc90004417d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160
[  304.390564][   T27]  #2: ffff8881463ed190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1a7/0x54e0
[  304.399732][   T27]  #3: ffff8881463f84f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x21bd/0x54e0
[  304.410037][   T27]  #4: ffff8881463a5568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x21ee/0x54e0
[  304.419795][   T27]  #5: ffffffff8d673df0 (ehci_cf_port_reset_rwsem){.+.+}-{3:3}, at: hub_port_reset+0x14f/0x1930
[  304.431983][   T27] 3 locks held by kworker/u4:7/4385:
[  304.437343][   T27]  #0: ffff8880b8e3aa98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa5/0x140
[  304.447410][   T27]  #1: ffff8880b8e27848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x398/0x6d0
[  304.459054][   T27]  #2: ffff88807e450d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xa0/0x10b0
[  304.469000][   T27] 2 locks held by kworker/u4:8/4386:
[  304.474291][   T27]  #0: ffff8880b8e3aa98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa5/0x140
[  304.484305][   T27]  #1: ffff8880b8e27848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x312/0x6d0
[  304.495847][   T27] 1 lock held by syz.5.236/5367:
[  304.500836][   T27]  #0: ffff8880571fe0e0 (&type->s_umount_key#79/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930
[  304.511085][   T27] 1 lock held by syz.6.382/5845:
[  304.516136][   T27]  #0: ffff8880571fe0e0 (&type->s_umount_key#80){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0
[  304.527387][   T27] 
[  304.529749][   T27] =============================================
[  304.529749][   T27] 
[  304.539692][   T27] NMI backtrace for cpu 1
[  304.544112][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.148-syzkaller #0
[  304.552019][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  304.562169][   T27] Call Trace:
[  304.565446][   T27]  <TASK>
[  304.568386][   T27]  dump_stack_lvl+0x168/0x22e
[  304.573071][   T27]  ? irq_work_queue+0xb8/0x140
[  304.577840][   T27]  ? show_regs_print_info+0x12/0x12
[  304.583050][   T27]  ? load_image+0x3b0/0x3b0
[  304.587567][   T27]  ? vprintk_emit+0x571/0x680
[  304.592271][   T27]  ? printk_sprint+0x460/0x460
[  304.597065][   T27]  nmi_cpu_backtrace+0x3f4/0x470
[  304.602026][   T27]  ? nmi_trigger_cpumask_backtrace+0x450/0x450
[  304.608208][   T27]  ? _printk+0xcc/0x110
[  304.612388][   T27]  ? load_image+0x3b0/0x3b0
[  304.616927][   T27]  ? load_image+0x3b0/0x3b0
[  304.621463][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  304.627664][   T27]  nmi_trigger_cpumask_backtrace+0x1d4/0x450
[  304.633753][   T27]  watchdog+0xeee/0xf30
[  304.637917][   T27]  ? watchdog+0x1ed/0xf30
[  304.642237][   T27]  kthread+0x29d/0x330
[  304.646296][   T27]  ? hungtask_pm_notify+0x40/0x40
[  304.651379][   T27]  ? kthread_blkcg+0xd0/0xd0
[  304.655967][   T27]  ret_from_fork+0x1f/0x30
[  304.660391][   T27]  </TASK>
[  304.664966][   T27] Sending NMI from CPU 1 to CPUs 0:
[  304.670739][    C0] NMI backtrace for cpu 0
[  304.670749][    C0] CPU: 0 PID: 4385 Comm: kworker/u4:7 Not tainted 6.1.148-syzkaller #0
[  304.670764][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  304.670773][    C0] Workqueue: phy8 ieee80211_iface_work
[  304.670793][    C0] RIP: 0010:unwind_next_frame+0x3ee/0x20b0
[  304.670812][    C0] Code: 03 42 0f b6 04 28 84 c0 0f 85 39 17 00 00 41 c6 06 01 49 c7 c4 c0 79 89 8a 49 8d 6c 24 04 4d 8d 7c 24 05 48 89 e8 48 c1 e8 03 <48> 89 44 24 48 42 0f b6 04 28 84 c0 0f 85 72 16 00 00 4c 89 f8 48
[  304.670824][    C0] RSP: 0018:ffffc900048f6d30 EFLAGS: 00000a03
[  304.670836][    C0] RAX: 1ffffffff1d3bc6e RBX: ffffc900048f6e68 RCX: ffffffff8e2e7414
[  304.670847][    C0] RDX: ffffffff8e9de340 RSI: ffffffff8e2e73f0 RDI: 0000000000000001
[  304.670863][    C0] RBP: ffffffff8e9de374 R08: 0000000000000009 R09: ffffc900048f6e68
[  304.670873][    C0] R10: fffff5200091edd9 R11: 1ffff9200091edcd R12: ffffffff8e9de370
[  304.670884][    C0] R13: dffffc0000000000 R14: ffffffff8e2e7410 R15: ffffffff8e9de375
[  304.670895][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  304.670907][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  304.670917][    C0] CR2: 00007f76c6583ad8 CR3: 0000000028dba000 CR4: 00000000003506f0
[  304.670930][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  304.670939][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  304.670948][    C0] Call Trace:
[  304.670952][    C0]  <TASK>
[  304.670962][    C0]  ? __unwind_start+0xee/0x740
[  304.670977][    C0]  ? get_stack_info_noinstr+0x17/0x130
[  304.670996][    C0]  __unwind_start+0x5bb/0x740
[  304.671012][    C0]  ? stack_trace_save+0xe0/0xe0
[  304.671028][    C0]  arch_stack_walk+0xda/0x140
[  304.671046][    C0]  ? __unwind_start+0xee/0x740
[  304.671062][    C0]  stack_trace_save+0x98/0xe0
[  304.671077][    C0]  ? stack_trace_snprint+0xf0/0xf0
[  304.671093][    C0]  ? mark_lock+0x94/0x320
[  304.671114][    C0]  kasan_save_stack+0x3a/0x60
[  304.671152][    C0]  ? __phys_addr+0xb6/0x170
[  304.671171][    C0]  __kasan_record_aux_stack+0xb2/0xc0
[  304.671190][    C0]  kvfree_call_rcu+0x108/0x870
[  304.671209][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x17b4/0x2b10
[  304.671227][    C0]  ? rcu_leak_callback+0x10/0x10
[  304.671246][    C0]  ? do_raw_spin_lock+0x11d/0x280
[  304.671264][    C0]  ? cmp_bss+0x27a/0xe00
[  304.671288][    C0]  cfg80211_update_known_bss+0x177/0x9d0
[  304.671311][    C0]  cfg80211_bss_update+0x15f/0x2250
[  304.671336][    C0]  ? __kmem_cache_alloc_node+0x140/0x260
[  304.671350][    C0]  ? cfg80211_inform_bss_frame_data+0x6a0/0x1370
[  304.671374][    C0]  ? rcu_is_watching+0x11/0xa0
[  304.671392][    C0]  ? cfg80211_inform_bss_frame_data+0x6a0/0x1370
[  304.671415][    C0]  cfg80211_inform_bss_frame_data+0x9f4/0x1370
[  304.671445][    C0]  ? cfg80211_parse_mbssid_data+0x2320/0x2320
[  304.671474][    C0]  ? __lock_acquire+0x7c50/0x7c50
[  304.671497][    C0]  ieee80211_bss_info_update+0x734/0xbc0
[  304.671521][    C0]  ? ieee80211_rx_bss_put+0x60/0x60
[  304.671545][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xdad/0x2b10
[  304.671561][    C0]  ? ieee80211_vif_get_shift+0x22b/0x290
[  304.671586][    C0]  ? ieee80211_mandatory_rates+0x1c8/0x230
[  304.671605][    C0]  ieee80211_ibss_rx_queued_mgmt+0x17b4/0x2b10
[  304.671628][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xdad/0x2b10
[  304.671645][    C0]  ? ieee80211_ibss_rx_no_sta+0x770/0x770
[  304.671659][    C0]  ? mark_lock+0x94/0x320
[  304.671680][    C0]  ? mark_lock+0x94/0x320
[  304.671698][    C0]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  304.671718][    C0]  ? lock_chain_count+0x20/0x20
[  304.671735][    C0]  ? __rwlock_init+0x140/0x140
[  304.671756][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  304.671774][    C0]  ? skb_dequeue+0x10a/0x140
[  304.671793][    C0]  ieee80211_iface_work+0x726/0xc80
[  304.671809][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  304.671829][    C0]  ? process_one_work+0x7a1/0x1160
[  304.671844][    C0]  process_one_work+0x898/0x1160
[  304.671871][    C0]  ? worker_detach_from_pool+0x240/0x240
[  304.671888][    C0]  ? _raw_spin_lock_irq+0xab/0xe0
[  304.671905][    C0]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  304.671923][    C0]  ? kthread_data+0x4b/0xc0
[  304.671947][    C0]  worker_thread+0xaa2/0x1250
[  304.671974][    C0]  kthread+0x29d/0x330
[  304.671991][    C0]  ? worker_clr_flags+0x1a0/0x1a0
[  304.672005][    C0]  ? kthread_blkcg+0xd0/0xd0
[  304.672025][    C0]  ret_from_fork+0x1f/0x30
[  304.672049][    C0]  </TASK>
[  304.674800][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  305.107166][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.148-syzkaller #0
[  305.115046][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.125093][   T27] Call Trace:
[  305.128360][   T27]  <TASK>
[  305.131278][   T27]  dump_stack_lvl+0x168/0x22e
[  305.135944][   T27]  ? memcpy+0x3c/0x60
[  305.139919][   T27]  ? show_regs_print_info+0x12/0x12
[  305.145209][   T27]  ? load_image+0x3b0/0x3b0
[  305.149728][   T27]  panic+0x2c9/0x710
[  305.153738][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  305.159368][   T27]  ? bpf_jit_dump+0xd0/0xd0
[  305.163865][   T27]  ? nmi_trigger_cpumask_backtrace+0x35b/0x450
[  305.170004][   T27]  ? nmi_trigger_cpumask_backtrace+0x360/0x450
[  305.176214][   T27]  watchdog+0xf2d/0xf30
[  305.180359][   T27]  ? watchdog+0x1ed/0xf30
[  305.184681][   T27]  kthread+0x29d/0x330
[  305.188743][   T27]  ? hungtask_pm_notify+0x40/0x40
[  305.193826][   T27]  ? kthread_blkcg+0xd0/0xd0
[  305.198471][   T27]  ret_from_fork+0x1f/0x30
[  305.202904][   T27]  </TASK>
[  305.206245][   T27] Kernel Offset: disabled
[  305.210561][   T27] Rebooting in 86400 seconds..