last executing test programs:

6m23.915440291s ago: executing program 1 (id=21):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf47, 0x9, 0xffff, 0x9dff, 0x7, "8003e3ffff072000"})
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"})
r1 = syz_open_pts(r0, 0x200)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0xff)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x3)

6m22.679104874s ago: executing program 1 (id=26):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r1, 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
flock(r2, 0x2)

6m21.625409961s ago: executing program 1 (id=28):
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x7, 0x2000, 0xffffffffffffffef, 0x7d, 0xfffffffffffffffc, 0x8000, 0xf, 0xfffffffffffff942}, 0x0, &(0x7f00000002c0)={0x3fe, 0x3ffffff, 0x397e, 0x9, 0x7fffffffffffffff, 0x4000000000f, 0x2, 0x7fffffffffffffff}, 0x0, 0x0)

6m20.383325243s ago: executing program 1 (id=30):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000740)=0xe)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f00000002c0)=0x18)

6m20.181483138s ago: executing program 1 (id=33):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x22000402, &(0x7f0000000240)={[{@noquota}, {@noblock_validity}, {@data_err_ignore}, {@discard}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x85, 0x4f1, &(0x7f0000000b00)="$eJzs3LtvHNUaAPBvxs887eRG99487o0hICwCduwESEEBCKQ0ICQoQmkcE4U4CUqMRKKIGIRCifgLAiUSEhUNFUgIAQ0gWuhRpAi5iaFAi87ujL221/b6FZPs7yft7jmzZ+bMNzNn5+ycnQ2gZfWlpyxie0T8EhE9tezcAn21l+mpq6N/TF0dzaJSeen3rFru9tTV0bJoOd+2ItOfR+TvZbG/Qb2XLl85OzI+PnaxyA9OnHtj8NLlK4+eOTdyeuz02Pnh48ePHR164vHhx5qK49oy76e4bu97+8KBvSde+fD50Uq8+t2naX23F+/Xx1HT21S9iyu3RqVqdnpn9fnBNS79n2ZHXTpr38QVYUXaIiLtro5q+++JtpjdeT3x3Lszma83aQWBDZPOTbsWTG0rXvPi7AXcmzJtHFpUecZP33/Lx53sf2y2W0+n57Fq/NPF44cXatsmT99le2vf2NvmzZcXr/9usMzuVL42Q6Vnmfq3R8TJyT9vpEc0vA6xhKzpkgAAM75M/Z9HGvX/8jl9m53FGEpvRByOiN0R8a+I2DPTE4r4T0T8d4X1983LL+z//LRlhYtckdT/e7IY2yoftXfKuLKZ3I5q/B3Za2fGx44U26Q/OrpSfmiJOr569ucPFnuvr67/lx6p/rIvWKzHzfbuufOcGpkYWUPIc9x6J2Jfe6P4s5mRgLQF9kbEvlUsP22zMw9/ciCld25b+P7y8S8iKwYu1qjyccRDtf0/GfPir6sq1bTY+ORgd4yPHRksj4qFvv/x+ov1+Y669Jz4u5uLqXu1wTaQ9v/Wecd/bflF/HlR4bzx2skV1HH91/cXjWpO/G1xY3oqi5PFwmtjivnN9q6I2DK72dLx35m9XE13FtPeGpmYuDgU0VlMmDN9eLa+Ml+WT/H3H2rc/ndH/PVRMd/+iEgH8f8i4v8RcbBY9/si4v6IOLRE/N8+88DrS2+hVRz/6yTFf6rh59/M8d+b1Y/XryLRdvabLxarv6nPv65j1VR/MaWZz79mV3At2w4AAADuFnl1DDrLB8p03cWpPbE1H79waeJwX7x5/lRtrLo3OvLySldP3fXQoeLacJkfTunO2fzRiNhV/aXRlmp+YPTC+I7NDByo3qtTtv+uYtrAQO31t/k/egHuPSsaR6v/0dlnn6//ygB3lPs1oXVp/9C6tH9oXdo/tK5G7f9axPQmrApwhzV3/q+43RzuQfr/0Lq0f2hds+3fL/6ghSy8Jb78u5XV3Ok/m9h9Yk2zb3ii0rMhS55c+VxtGxRp1P1px+KFs4hYXRWRL12mMy5f6V6ncNIZaqky5U0rTS8wX7bMU8ttlo41/SdGShwsEl0R0exc15rYp+t3/CSZy34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBd7e8AAAD//1I03Cw=")
mknod(&(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0xd)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x40, 0x0, &(0x7f0000000140))
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

6m18.059257994s ago: executing program 1 (id=40):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
getrlimit(0x9, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x14011, 0x0)
syz_mount_image$fuse(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x480a8, &(0x7f0000000340)=ANY=[], 0x21, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)

6m2.40912841s ago: executing program 32 (id=40):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
getrlimit(0x9, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x14011, 0x0)
syz_mount_image$fuse(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x480a8, &(0x7f0000000340)=ANY=[], 0x21, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)

4m28.93443107s ago: executing program 2 (id=267):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
fsopen(0x0, 0x1)
fchdir(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000001180)='.\x00', &(0x7f00000000c0), 0x10012, &(0x7f0000000100)={[{@name={'name', 0x3d, 'blk-\xe5Mio\x8e\xfb\x10\xff\'\x8dR\"\xc9\xad\x13\xc0\xff\xbd\x84\xa4\xbe\xe1\xfa\xdf\xc8\xde\x03\x1fHt\xb5\f*\\O7\xe3\x16\x15\'\xdd`@\xde\xf5\xda\xa6;\x14@\xb0g\x9cx\xdau1!\xe5\xe6\x99\xb5f\x89\xc0\x98%\xc0|\x1a\xa7]\x03\x00\x00\x00\x00\x00\x00\x00\x85\xdf\xa4C\x04\x03s\xa0f\x1btEE\xf8\x1e\xa2 \xe0\xa1\x8c\r\xcf\b\xce\x14/\xbc\xd4\xfc\xc7.H.\x9a\xb1I\x82@\xba\",\x14\x02\x11\xae\xa23\xa7\xee\xa47s\xf2\xaa\xda\x90\xbf\xa2g\x82_\x1c\xfco>kM\xed\xb83\x1a\xca_\xe0T\xb8f\xce\x00\xdfy\r\x1e\xc8\xa6U&\x8d\x85\x1eu\xc8d\x8eI8\x9b\xe2\xaa\xf5(\xbf\b\x81g\x8d\x90\x02\xc4\xd5T\xe0\x8c\xaa\x8brj\x1bv\xe3\xbbV\x16\xfc\'\xdc>+\xed\xe7\x98\x85N\x02x&Th\f\x9d\xa6\x9fP\xe1\r\x15\x00\x83\xe4FN\xbe\x1e\xd0\xd3a\xedLY\xeb\x19\xe7\x1eL\xb9\xb9\x04\xd3f\"\x18\x1c@K\xde\xeemj\x9d\x13T,\xbf\xc6A\x83\xcc\xba \'\x12\x9d:\xcem\x82\xcb\x18\x94\xd1\xaf7\x12s\xfc\x02\xe4v<\xa0\'\xa7\xc0nx\x13\x17\xa3\xe9\bA2\xdf\xd58\x82\x90\xaf\r\x96\xba\xd5\x1e\x99&\x00\xb9\xd6\xa2\"\xd7d\xde\a?y\xd1A\xdb\v\x8d\xdc\xdd\b\x05\xe3\v\x01h\xa3.s\xf2\xd0\xf3i\x87]\xd8\x1f\xbf\x1e\x95\xd2Y\xca&\xf4\xb5\x1aP\fR]2\xc7h5x\xdc\x9ex\x87\x05[\xb0{\x16\x88\xed\'lH\xc2\x93\xd3\xf2\x8a\x94\x8e(4Z/\xd5\xe4\xe6\x16\x13]\xf4\xcd?\xd2\xf9\x12m\xe4\x15o'}}]})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x400)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@empty, @broadcast}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)

4m27.945811566s ago: executing program 2 (id=269):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000240), 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3cFvG1kZAPDPTpw4aXaTXfYACHbL7kJBVZ3E3Y1We4DlhBBaCbFHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lANSgQjUIHEwmvEkdVO7iZrEzsa/nzSa9+ZN/L3XdN6rvyZ+AQytqxGxGxFjEXE7Iqaz67nsiE/aR3Lf0737S/t795dy0Wp99s9c2p5ci46vSVzJXrMYET/6XsRPcy/GbWzvrC1Wq5XNrD7brG3MNrZ3bqzWFlcqK5X1cnlhfmHuo5sfls9srO/UxrLSVx//cfdbP0+6NZVd6RzHWWoPvXAYJzEaET84j2ADMJKNZ2zQHeGV5CPizYh4N33+p2Mk/W4CAJdZqzUdrenOOgBw2eXTHFguX8pyAVORz5dK7RzeWzGZr9Ybzet36lvry+1c2UwU8ndWq5W5LFc4E4VcUp9Py8/q5SP1mxHxRkT8cnwirZeW6tXlQf7DBwCG2JUj6/9/xtvrPwBwyRUH3QEAoO+s/wAwfKz/ADB8rP8AMHza6//EoLsBAPSR9/8AMHys/wAwVH746afJ0drPPv96+e721lr97o3lSmOtVNtaKi3VNzdKK/X6SvqZPbXjXq9ar2/MfxBb92a+vdFozja2d27V6lvrzVvp53rfqhTSu3b7MDIAoJc33nn0l1yyIn88kR7RsZdDYaA9A85bftAdAAZmZNAdAAbGbl8wvE7xHl96AD7vuuzN202x2y8ItVqt1jl0CeiPa1+S/4dh1ZH/91PAMGTk/2F4yf/D8Gq1cifd8z9OeiMAcLHJ8QM9fgzgzez8u+w/B36yfPSOh+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwWETNRyN1ZrVbmIuL1iPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3+1HNNb185LI5FxM9+/dmv7i02m5t/ihjL/Wv84HrzYXa93P/eAwDHO1in03PHG/mne/eXDo5+9ufJdyOi2I6/vzcW+4fxR2M0PRejEBGT/85l9bZcR+7iNHYfRMQXu40/F1NpDqS98+nR+Ens1/oaP/9c/Hza1j4nfxZfOIO+wLB5lMw/n3R7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6LfzD/jfSY/66eNMYHf/h+uzSRffGz3Z6fPIj48mjEQez9jvnnIH6uR/z3Txj/r195+91eba3fRFyL7vE7Y802axuzje2dG6u1xZXKSmW9XF6YX5j76OaH5dk0Rz3bezX4x8fXX+/Vlox/skf84jHj//oJx//b/93+8ddeEv+b73WLn4+3XhI/WRO/ccL4i5O/L/ZqS+Iv9xj/cd//6yeM//hvOy9sGw4ADE5je2dtsVqtbCooXPxC8lf2AnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGWWTdgIvg8KGPiP8OujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvr/wEAAP//M+fPJQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
gettid()
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0xa, 0x7, 0xc, 0x40}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), 0x0, 0xce, r3}, 0x38)

4m26.444363555s ago: executing program 2 (id=271):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB="0201000000000010ac054182000000000001090224000100000000090400001103000000092100000001220500090581"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x5452, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x36})

4m20.766421582s ago: executing program 2 (id=280):
r0 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

4m19.727207369s ago: executing program 2 (id=283):
poll(&(0x7f0000000480)=[{0xffffffffffffffff, 0x1400}, {0xffffffffffffffff, 0x4098}, {0xffffffffffffffff, 0x101}], 0x3, 0xffff)
ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f0000000c40)=0x100)

4m18.199456419s ago: executing program 2 (id=288):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x800}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x102, 0x0)
close(r1)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x9, 0xfffffe0040000001, 0x892, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x1ff, 0x2, {0x4, @pix_mp={0xffffffff, 0xf, 0x31363553, 0x7, 0xd, [{0x9, 0x5}, {0x22955b83, 0x7f68}, {0x5, 0x4}, {0x28, 0x3}, {0x6, 0x5}, {0x800, 0x3}, {0x5, 0xb33b}, {0x3, 0x4}], 0x42, 0x6, 0x1, 0x2, 0x1}}, 0x9})
close(r4)

4m2.304837122s ago: executing program 33 (id=288):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x800}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x102, 0x0)
close(r1)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x9, 0xfffffe0040000001, 0x892, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x1ff, 0x2, {0x4, @pix_mp={0xffffffff, 0xf, 0x31363553, 0x7, 0xd, [{0x9, 0x5}, {0x22955b83, 0x7f68}, {0x5, 0x4}, {0x28, 0x3}, {0x6, 0x5}, {0x800, 0x3}, {0x5, 0xb33b}, {0x3, 0x4}], 0x42, 0x6, 0x1, 0x2, 0x1}}, 0x9})
close(r4)

3m45.275027765s ago: executing program 4 (id=348):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB="0201000000000010ac05418200000000000109022400010000000009040000110300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x5452, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x36})

3m38.484340351s ago: executing program 4 (id=356):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mounts\x00')
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f}}, 0x20)
read$FUSE(r0, &(0x7f0000000d80)={0x2020}, 0x2020)

3m34.505675915s ago: executing program 4 (id=360):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbffffc, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)

3m32.998994284s ago: executing program 4 (id=364):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x10)
r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa)
getdents64(r4, &(0x7f0000004440)=""/4096, 0x1000)

3m31.362203576s ago: executing program 4 (id=367):
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff3c, &(0x7f0000000100)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_open_dev$evdev(0x0, 0x0, 0x0)
ioctl$EVIOCGREP(r3, 0x80084523, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3, 0x20000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000})

3m29.109917555s ago: executing program 4 (id=370):
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x7, 0x2000, 0xffffffffffffffef, 0x7d, 0xfffffffffffffffc, 0x8000, 0xf, 0xfffffffffffff942}, 0x0, &(0x7f00000002c0)={0x3fe, 0x3ffffff, 0x397e, 0x9, 0x7fffffffffffffff, 0x4000000000f, 0x2, 0x7fffffffffffffff}, 0x0, 0x0)

3m13.813876192s ago: executing program 34 (id=370):
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x7, 0x2000, 0xffffffffffffffef, 0x7d, 0xfffffffffffffffc, 0x8000, 0xf, 0xfffffffffffff942}, 0x0, &(0x7f00000002c0)={0x3fe, 0x3ffffff, 0x397e, 0x9, 0x7fffffffffffffff, 0x4000000000f, 0x2, 0x7fffffffffffffff}, 0x0, 0x0)

1m0.309850892s ago: executing program 6 (id=731):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)
recvmsg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000780)}, 0x40)

58.603790666s ago: executing program 6 (id=737):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa)
getdents64(r5, &(0x7f0000004440)=""/4096, 0x1000)

57.446598197s ago: executing program 6 (id=741):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000000))

54.286971079s ago: executing program 6 (id=746):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"/34], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

53.126366529s ago: executing program 6 (id=751):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
openat$mice(0xffffffffffffff9c, 0x0, 0x101)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000001000)={0x73622a85, 0x10b, 0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x32}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000bc0)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x1000000000000, &(0x7f0000000340)})

51.959918879s ago: executing program 6 (id=754):
socket$kcm(0x10, 0x2, 0x0)
r0 = mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x200088c2)
socket(0x2, 0x80805, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
close(r0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6a)

36.808933243s ago: executing program 35 (id=754):
socket$kcm(0x10, 0x2, 0x0)
r0 = mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x200088c2)
socket(0x2, 0x80805, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
close(r0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6a)

8.917775068s ago: executing program 0 (id=879):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@mcast2, 0x4e24, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffff8001, 0xfffffffffffffffe}, {0x0, 0x0, 0x200000000000, 0xb}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1/file0\x00', 0x143042, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f00000006c0)=ANY=[], 0x841, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0xc80, 0x19)

8.030181341s ago: executing program 3 (id=880):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7.906135274s ago: executing program 0 (id=881):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40}}, 0x18}}, 0x0)
r0 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

7.836339876s ago: executing program 7 (id=882):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000000000000000000000000000000000000053a4157f3204f3b1000080290000", @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x10)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x4d, 0x0, 0x0)
r0 = syz_open_dev$hidraw(0x0, 0x0, 0x81)
ioctl$HIDIOCGRDESC(r0, 0x90044802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e33050910"], 0xd)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
socket(0x10, 0x3, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x2)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, 0x0)

7.69103885s ago: executing program 0 (id=883):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fd", 0x12c}, {&(0x7f0000000fc0)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295499abbcb388d291aa83e93db6cf9ab0954e6a8dfc19c3c1533a11d81e0382999bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1", 0xdd}], 0x2}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540", 0x6d}], 0x1}}], 0x2, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmmsg$inet_sctp(r0, &(0x7f0000000940)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000240)="056ce834bcdee9ea4065fb800f6496", 0xf}, {&(0x7f00000002c0)="7186fc715c350b41428d3f3de32ee502f81a0d21f9842162d75e2b0fefcc", 0x1e}, {&(0x7f0000000300)="5f9fccd87600e26bfc90f7de5d81e7853dd6db98c0dd471efd7a3b9737da9b11bec6dc77bcd7f3e1048b4ee8296ec9c6261685ab0124396ff69255e95514c255a915e9a120a57ac2b3795d27d721a22f5a9a441b99a9fa1b92669031cf339a8e01ab4fe1d3cc00c874fd8ded07aa0d56bfcc787e5133675244bfce51cd992a3d81adafa9aea942c983c71f", 0x8b}, {&(0x7f0000000400)="dccd23d613dca388b7a346c71a8c538c8246ad6c8ba4b1506682755cdbbb0a5336df7ac2e1759b7e3704850a01c6b841dda83bbcb1daafb7459719c305b8affde5bf4a1210a0732a626cd81367faa1e9d975ee60c55b4947d52f87ffd55a9b1e9e8f9e6a1ae23932c632babae6acf8773332e8dca9af310192f8a6e30fa0f0b5970c18f380264d3803fd325ddcf72b1458787d7ed87f1215dba64bdac06eab382a", 0xa1}, {&(0x7f0000000500)="913f62aa2ac9ff5b25483612c232247f48906e70b40ff6ce73d3ed1775e665256d5312e5193d7ad140398da4", 0x2c}], 0x5}], 0x1, 0x440d4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x1000803c, 0x0, 0x0)

7.480309795s ago: executing program 3 (id=884):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
openat$mice(0xffffffffffffff9c, 0x0, 0x101)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40080c4)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000001000)={0x73622a85, 0x10b, 0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x32}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000bc0)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x1000000000000, &(0x7f0000000340)})

7.364419538s ago: executing program 0 (id=886):
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0145b0e, &(0x7f0000000000))

6.350328714s ago: executing program 7 (id=887):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, 0x0)

6.349630184s ago: executing program 3 (id=888):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000000a03000000000000000000070000000900010073797a300008000068000000090a010400000000000000000700000208000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c001180090001006d657461000004001c000280080002400000001408000140000000040800"], 0xb0}, 0x1, 0x0, 0x0, 0x40014}, 0x40)

5.962745495s ago: executing program 3 (id=889):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f00000003c0)}, 0x2}, {{&(0x7f0000000b00)=@nfc_llcp, 0x80, 0x0, 0x0, &(0x7f0000000c80)=""/222, 0xde}, 0x8f4edc0f}, {{0x0, 0x0, &(0x7f0000001100), 0x0, &(0x7f0000001180)=""/229, 0xe5}, 0x6}], 0x3, 0x40010102, &(0x7f0000001380)={0x77359400})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

4.488799383s ago: executing program 0 (id=890):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@mcast2, 0x4e24, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffff8001, 0xfffffffffffffffe}, {0x0, 0x0, 0x200000000000, 0xb}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1/file0\x00', 0x143042, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f00000006c0)=ANY=[], 0x841, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0xc80, 0x19)

4.469891793s ago: executing program 3 (id=891):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0xff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x6, 0x0, 0x57c}]}, 0x10)
write$binfmt_aout(r3, &(0x7f0000000000)=ANY=[], 0xa052)

4.468231863s ago: executing program 5 (id=892):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000), 0x0)

4.046315344s ago: executing program 5 (id=894):
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000003c0)={'gre0\x00', &(0x7f00000005c0)=@ethtool_sset_info={0x37, 0x6}})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4d0, 0x338, 0x11, 0x148, 0x0, 0x0, 0x438, 0x2a8, 0x2a8, 0x438, 0x2a8, 0x3, 0x0, {[{{@ip={@loopback, @local, 0xffffffff, 0x0, 'bridge_slave_1\x00', 'rose0\x00', {}, {}, 0x84, 0x3, 0x8}, 0x0, 0x2f0, 0x338, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x2, 0x2, [0x4e24, 0x4e20, 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x4e21, 0x4e21, 0x4e24, 0x4e22, 0x4e21, 0x2, 0x4e20, 0x4e21, 0x4e23], [0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1], 0x1}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x28}, 0x0, 0x0, 'erspan0\x00', 'netdevsim0\x00', {}, {0xff}}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x530)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = io_uring_setup(0x5b89, &(0x7f0000000000)={0x0, 0x4efb, 0x10, 0x0, 0x3e6})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000000c0)=[0xffffffffffffffff, r2], 0x2)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000b80)=@security={'security\x00', 0x64, 0x4, 0x2c8, 0x100000c, 0x0, 0xe0, 0x178, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x98, 0xe0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@dscp={{0x28}, {0x10, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x42}}}, {{@ip={@multicast2, @private=0xa010101, 0xff000000, 0xff, 'veth0_macvtap\x00', 'vcan0\x00', {0xff}, {0xff}, 0x21}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x7}, {0x2, 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)

3.270083044s ago: executing program 0 (id=895):
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12015c0200000020ff11"], 0x0)
syz_emit_vhci(0x0, 0xec)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000200)=ANY=[])

3.207099866s ago: executing program 8 (id=896):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000001c0)=@x86={0x80, 0x4, 0x5, 0x0, 0x8, 0x5, 0x40, 0x7, 0x6, 0x4, 0xf9, 0x8, 0x0, 0x0, 0x5, 0x2, 0x84, 0x3, 0x4, '\x00', 0x4, 0x2})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x4c, 0x0, 0x0)

3.118004649s ago: executing program 7 (id=897):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cgroup.clone_children\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x10000008)

2.907760884s ago: executing program 7 (id=898):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000000a03000000000000000000070000000900010073797a300008000068000000090a010400000000000000000700000208000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c001180090001006d657461000004001c00028008000240000000140800014000000004080003"], 0xb0}, 0x1, 0x0, 0x0, 0x40014}, 0x40)

2.711081559s ago: executing program 8 (id=899):

2.642076721s ago: executing program 7 (id=900):
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0145b0e, &(0x7f0000000000))

2.378057438s ago: executing program 8 (id=901):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f00000003c0)}, 0x2}, {{&(0x7f0000000b00)=@nfc_llcp, 0x80, 0x0, 0x0, &(0x7f0000000c80)=""/222, 0xde}, 0x8f4edc0f}, {{0x0, 0x0, &(0x7f0000001100), 0x0, &(0x7f0000001180)=""/229, 0xe5}, 0x6}], 0x3, 0x40010102, &(0x7f0000001380)={0x77359400})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

2.047461636s ago: executing program 5 (id=902):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000007c0)={0x3, 'vlan1\x00'})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e5635", 0x46}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b", 0x51}, {&(0x7f0000000900)}], 0x5}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000ac0)}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c", 0x10}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}], 0x48}}], 0x2, 0x20000044)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e23, 0x101, @private2, 0x8e4}}, 0x0, 0x0, 0x2b, 0x0, "bb02a3c364ca41d6357e54452401400400941292f4925a1e1ea6324d6193fcf19b49f3eefb1f56c54dc46d8b6d2ccd118aa0cc1dc2767bbe000100060000010100"}, 0xd8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.778685283s ago: executing program 5 (id=903):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000005c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x540, 0x280, 0x1b0, 0x370, 0x370, 0x370, 0x470, 0x470, 0x470, 0x470, 0x470, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @HL={0x28, 'HL\x00', 0x0, {0x1, 0x84}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0xb}, [0x0, 0x0, 0x0, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xff], 'macvlan0\x00', 'veth1_vlan\x00', {}, {}, 0x6, 0x7f, 0x4}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff}, {0x1}, {0x87}, 0xfffffffd}}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x370}}, {{@ipv6={@empty, @private0, [0xff, 0x0, 0xffffff00, 0xffffffff], [0xffffff00, 0xffffff, 0x0, 0xffffffff], 'geneve0\x00', 'xfrm0\x00', {0xff}, {}, 0x3a, 0x5, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010100, @ipv4=@loopback, 0x0, 0x4}}}, {{@ipv6={@private1, @local, [0xffffff00, 0xff, 0xff000000, 0xff], [0xff, 0xff, 0xffffffff, 0xff], 'veth0_to_bridge\x00', 'dummy0\x00', {0xff}, {}, 0x0, 0x3, 0x2, 0x50}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}, {0x62, 0x8, 0x7, 0xb, 0x30ba, 0x222}}]}, @HL={0x28, 'HL\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0xe8b5c71a5eb6f040, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd7, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x9, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xf, 0x1a, 0xf4, 0x10, 0x9, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x1, 0x0, 0xff, 0x40000004, 0x4, 0x3, 0x0, 0xaa80, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x0, 0x10000, 0x405, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffc, 0x9, 0xb6eb, 0xc74, 0x77, 0x1, 0xc0000000, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x9a7f, 0xe665, 0x3c6e, 0x3, 0x7, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x8001, 0xfd, 0x101, 0x4, 0x0, 0xa, 0x1b, 0x202, 0x7ff, 0x9, 0x80000000, 0xffff, 0x9, 0x3, 0x6, 0x2, 0xffffff87, 0xe, 0xd, 0xf, 0x8, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x8, 0x1, 0x3, 0x664, 0x4, 0x9, 0x9, 0x2, 0x8, 0xfffffffd, 0xeb6, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x7ff, 0xe6, 0x6, 0x10001, 0x9, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0xa, 0x40, 0x18, 0x80, 0xb5f8, 0x8bc, 0x3, 0x8000103, 0x5, 0xfffffffc, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x6, 0x8, 0x6, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x7, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0x200000ce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37c, 0x10001, 0x8, 0x1, 0x5, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80002001, 0x8, 0x8000, 0x10004, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x5, 0x10000, 0x4, 0xffff, 0x2, 0x89, 0x2, 0x3, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x1, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x10000004, 0x0, 0x1, 0xce5fb90f, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x44, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0x6, 0x0, 0x8, 0x40, 0xd3, 0x7, 0xffffffff, 0x89aa, 0x8, 0x0, 0xf0ce, 0x2, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x800001, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x5, 0x7fff, 0x103, 0x7, 0x6, 0x709, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x3, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0x3, 0xffffa9b4, 0x1, 0x4, 0x5, 0x9, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0x88d, 0x1, 0xb, 0x8, 0x1, 0x89, 0x6, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0xfffffff7, 0x8000005, 0x4, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x0, 0x80000000, 0xd, 0x2, 0x1, 0x800000, 0x20000003, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xfffffffc, 0x9, 0xffffa0a6, 0xc, 0x11, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x98, 0x9, 0xb, 0x800, 0x4, 0x9, 0x8, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x6, 0x20080000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0xb, 0x0, 0x7, 0x8000000, 0x0, 0xfff, 0x8101, 0x4, 0x0, 0x6, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x4, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x2, 0x10001, 0x1, 0x7, 0x6, 0x5, 0x9, 0xffffc487, 0x204, 0x10002, 0x1000, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x0, 0x1000, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x5, 0x3, 0xffffffff, 0x2, 0x7f, 0x6, 0xd, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0x0, 0x5, 0x2, 0x2, 0x4, 0xfff9, 0x80000001, 0x5, 0x1, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0x0, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x197, 0x8, 0x0, 0x5, 0xf, 0x3, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x119, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x4007, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x1, 0x2, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x1, 0xf, 0x9, 0x1, 0x80000000, 0x9, 0x8001, 0x5, 0x800081, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0xfffffffa, 0x81, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x0, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x4, 0x6, 0x9, 0x0, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0x4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x91, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0xffffffff, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x103, 0x10000004, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0xffffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x1, 0x6, 0x14827783, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xa, 0x3, 0x9, 0x80000001, 0x81, 0x8, 0x14, 0x8, 0x9, 0x80, 0xd, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x3, 0x9, 0x2, 0x7, 0x4, 0x4, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0x200000b8, 0x1, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0xff, 0x6, 0xea, 0xbb2d, 0xfff, 0x7, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0xfffffffe, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x80, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0xf01, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x8, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0x10000c0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x20000000, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xa3, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x2, 0x1, 0xfffffffa, 0x2, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x42, 0xaa1, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x8, 0x7ff, 0x0, 0x40, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xde, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0x6, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0x3, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0xc, 0x401, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x7, 0x8]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

1.355077254s ago: executing program 8 (id=904):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0xffffffff}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

1.159248939s ago: executing program 5 (id=905):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@mcast2, 0x4e24, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffff8001, 0xfffffffffffffffe}, {0x0, 0x0, 0x200000000000, 0xb}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1/file0\x00', 0x143042, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f00000006c0)=ANY=[], 0x841, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0xc80, 0x19)

1.057576672s ago: executing program 8 (id=906):
r0 = socket$inet6(0xa, 0x2, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10002, 0x0, 0x0)
sendmsg$inet6(r0, &(0x7f0000002740)={&(0x7f0000000140)={0xa, 0x4e20, 0x2, @empty, 0xc}, 0x1c, 0x0}, 0x8004)
sendmmsg$inet6(r0, &(0x7f0000001580)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f00000001c0)="a79014fe490d23c8d98af1c8c2591852e18cbde86d9c4f054688bd871ab7b3b07932abacba6d3a71047d4e87e51cf1c16c0f87d280958532e09abb3b642a7a06801c7e2e6d", 0x45}], 0x1}}], 0x1, 0x4)

739.42291ms ago: executing program 3 (id=907):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000b7403340861a22753635f10203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000080)={0x20, 0xf, 0x2, "8c6e"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

78.902637ms ago: executing program 7 (id=908):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@riscv64_sbi_sta={0x803000000a000001, 0x0})
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f00000002c0)={0x1, 0x0, [{0xb, 0x901, 0x3, 0x8, 0x201, 0xc934, 0x1}]})

68.950148ms ago: executing program 8 (id=909):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000111c40)={0x3, [], 0x1c, "57ab05ce032627"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, 0x0)

0s ago: executing program 5 (id=910):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f00000039c0)=[{&(0x7f0000000600)="447df50ce4033a7b5ad00b83244c00b711803e7cca2504a2600da98efff9e7d67f87b17ffd582b04d632ebd866f28678899ae0d6306cd39420b7b7f78deaaf2908c2a5726f2c50c9eb720e93d3e5b49fae5ab325f9ef326cf8bad0db853cbb8235b0c803c417ede8f7b85eaad8aea5b2fe9813fee217a97a980d39d7a1efef815bf2bfe6823e664dc7dcd285d91c9e4ab6ee36a00b300ffd69f9eb85d6f8c7b5c176084b", 0xa4}, {&(0x7f00000006c0)="080c0434", 0x4}, {&(0x7f0000000780)="4274aa814c8f6ea8d8db43178dd2f41ef596a3ca465412910e05cba0f5d97e67886d55be18cac95a1aa093479596c3613670aaf2a3b1edc465bedfdb5156035719c0baa8bb8bf2a825ec04f424dda801fea000f41edc43511e9c8bf89656071e91ae4c356d6a9ca608af6b83cc9f3d9ae37c2bfab2e5708062c659e44272215dba2195d826f9fd", 0x87}, {&(0x7f0000000880)="a1755527af3bc7c4671ac86bf0a2338efb5db19ac572af50ea485d175761731e22c55a759161b4a9abe65d440cccf63983cbbcac2913f2df6e269ebe5875", 0x3e}], 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="ac1414bb0000000000000000140000000000000000000000020000000600000000000000d8000000000000000000000007000000072b52000000000a0101020a010100ac14141b640101020a010102ac1414bbac14143ee000000200000000071731ac14143cac1e0101e0000002ac1414aaffffffff442cdf11ac1e010100000005ffffffff00000002ac1414bb00000006ffffffff000000000000000000000003441435230a01010200000001ffffffff00000007444477937f00000100000007ac1e000100000008ac14143200000005e0000002000000f77f00000100000200ac1414bb00000401ac1414aa0000e7a6ac1414aa000000b6010014000000000000000000000002000000020000000000000014"], 0x1a0}, 0x41)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e33050910"], 0xd)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

nfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  274.071528][   T26] audit: type=1326 audit(1777733885.262:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0bdb15d60e code=0x7ffc0000
[  274.140290][ T5979] loop0: detected capacity change from 0 to 512
[  274.286288][ T5979] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.373: missing EA_INODE flag
[  274.308728][   T26] audit: type=1326 audit(1777733885.262:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  274.385823][ T5979] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.373: error while reading EA inode 12 err=-117
[  274.432855][ T5979] EXT4-fs (loop0): 1 orphan inode deleted
[  274.441555][ T5979] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  274.481514][   T26] audit: type=1326 audit(1777733885.262:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  274.650507][   T26] audit: type=1326 audit(1777733885.262:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  274.695186][   T26] audit: type=1326 audit(1777733885.262:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  274.720824][   T26] audit: type=1326 audit(1777733885.262:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  275.201511][   T26] audit: type=1326 audit(1777733885.262:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  275.311481][   T26] audit: type=1326 audit(1777733885.262:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.5.372" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  275.613356][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  276.576885][ T6010] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  276.588456][ T6010] binder: 6008:6010 ioctl 400c620e 2000000003c0 returned -22
[  276.683343][ T6011] loop0: detected capacity change from 0 to 512
[  276.692636][ T6011] ext4: Unknown parameter 'appraise_type'
[  280.141563][ T4316] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  280.341709][ T4316] usb 1-1: Using ep0 maxpacket: 16
[  280.348885][ T4316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.380579][ T4564] team0 (unregistering): Port device team_slave_1 removed
[  280.386558][ T4316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.425535][ T4316] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  280.455894][ T4316] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  280.472454][ T4316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.520022][ T4316] usb 1-1: config 0 descriptor??
[  280.533973][ T4564] team0 (unregistering): Port device team_slave_0 removed
[  280.715107][ T4564] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  280.879358][ T4564] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  280.967045][ T4316] usbhid 1-1:0.0: can't add hid device: -71
[  280.979007][ T4316] usbhid: probe of 1-1:0.0 failed with error -71
[  280.989494][ T4316] usb 1-1: USB disconnect, device number 7
[  281.341578][   T26] kauditd_printk_skb: 19 callbacks suppressed
[  281.341619][   T26] audit: type=1326 audit(1777733892.902:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  281.781336][   T26] audit: type=1326 audit(1777733892.902:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.039922][   T26] audit: type=1326 audit(1777733892.902:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0bdb15d60e code=0x7ffc0000
[  282.064385][   T26] audit: type=1326 audit(1777733892.902:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.088944][   T26] audit: type=1326 audit(1777733892.902:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.141102][ T6036] loop5: detected capacity change from 0 to 512
[  282.155364][   T26] audit: type=1326 audit(1777733892.902:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.384196][   T26] audit: type=1326 audit(1777733892.902:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.419189][   T26] audit: type=1326 audit(1777733892.902:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  282.422169][ T6036] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #12: comm syz.5.387: missing EA_INODE flag
[  282.710146][ T6036] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.387: error while reading EA inode 12 err=-117
[  282.798715][ T6036] EXT4-fs (loop5): 1 orphan inode deleted
[  282.853681][ T6036] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  282.917991][   T26] audit: type=1326 audit(1777733892.902:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  285.101622][   T26] audit: type=1326 audit(1777733892.902:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.5.384" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  285.128708][ T4564] bond0 (unregistering): Released all slaves
[  285.143593][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  285.454741][ T6058] loop0: detected capacity change from 0 to 128
[  286.221305][ T6046] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  286.231086][ T6046] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  286.240765][ T6046] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  286.411257][ T5741] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.519827][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  286.532585][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  286.580765][ T5741] 8021q: adding VLAN 0 to HW filter on device team0
[  286.662010][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  286.670910][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  286.800141][ T6067] xt_CONNSECMARK: invalid mode: 66
[  287.123580][ T6018] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.131127][ T6018] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.157529][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  287.166767][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  287.175652][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.182788][ T6018] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.192503][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  287.214064][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  287.255930][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  287.277848][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  287.289893][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  287.299385][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  287.323855][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  287.363655][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  287.384108][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  287.393759][ T4462] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  287.454681][ T4280] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  287.454747][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  287.486206][ T4280] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  287.495623][ T4280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  287.504921][ T4280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  287.515389][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  287.523802][ T4280] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  287.541875][ T4280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  287.542553][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  287.601502][ T4462] usb 6-1: Using ep0 maxpacket: 16
[  287.608984][ T4462] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.627822][ T4462] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.638542][ T4462] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  287.653523][ T4462] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  287.663297][ T4462] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.673647][ T4462] usb 6-1: config 0 descriptor??
[  287.674329][ T5741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  288.019884][   T26] kauditd_printk_skb: 19 callbacks suppressed
[  288.019904][   T26] audit: type=1326 audit(1777733899.632:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  288.726186][ T4462] usbhid 6-1:0.0: can't add hid device: -71
[  288.743952][ T4462] usbhid: probe of 6-1:0.0 failed with error -71
[  288.769011][ T4462] usb 6-1: USB disconnect, device number 6
[  288.851558][   T26] audit: type=1326 audit(1777733899.632:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  288.900765][ T6094] loop0: detected capacity change from 0 to 512
[  289.124569][   T26] audit: type=1326 audit(1777733899.642:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46d155d60e code=0x7ffc0000
[  289.342443][ T6094] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.399: missing EA_INODE flag
[  289.610846][ T6094] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.399: error while reading EA inode 12 err=-117
[  289.634538][ T4286] Bluetooth: hci0: command 0x0409 tx timeout
[  289.663066][   T26] audit: type=1326 audit(1777733899.642:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.688488][   T26] audit: type=1326 audit(1777733899.642:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.721593][   T26] audit: type=1326 audit(1777733899.642:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.745809][   T26] audit: type=1326 audit(1777733899.642:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.770531][   T26] audit: type=1326 audit(1777733899.642:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.796245][ T6094] EXT4-fs (loop0): 1 orphan inode deleted
[  289.802424][   T26] audit: type=1326 audit(1777733899.642:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  289.832180][ T6094] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  289.849184][   T26] audit: type=1326 audit(1777733899.642:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6078 comm="syz.0.396" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46d159cdd9 code=0x7ffc0000
[  290.456828][ T4564] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.804720][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  290.815534][ T4564] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.832586][ T4317] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  290.877724][ T6074] chnl_net:caif_netlink_parms(): no params data found
[  290.920880][ T5741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  290.960705][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  290.969254][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  290.995908][ T4564] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.041920][ T4317] usb 4-1: Using ep0 maxpacket: 8
[  291.066709][ T4317] usb 4-1: unable to get BOS descriptor or descriptor too short
[  291.113113][ T4317] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.152883][ T4317] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  291.197898][ T4317] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  291.286549][ T4317] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  291.314149][ T4317] usb 4-1: New USB device strings: Mfr=1, Product=232, SerialNumber=3
[  291.355079][ T4564] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.366241][ T4317] usb 4-1: Product: syz
[  291.370454][ T4317] usb 4-1: Manufacturer: syz
[  291.405201][ T4317] usb 4-1: SerialNumber: syz
[  291.592809][ T6074] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.629143][ T6074] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.660607][ T4317] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  291.680805][ T4317] cdc_ncm 4-1:1.0: bind() failure
[  291.689637][ T6137] xt_CONNSECMARK: invalid mode: 66
[  291.704700][ T6074] device bridge_slave_0 entered promiscuous mode
[  291.738128][ T4317] usb 4-1: USB disconnect, device number 9
[  291.751685][ T4286] Bluetooth: hci0: command 0x041b tx timeout
[  291.795447][ T6074] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.866664][ T6074] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.959076][ T6074] device bridge_slave_1 entered promiscuous mode
[  292.134838][ T6074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.175732][ T6074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.404794][ T6074] team0: Port device team_slave_0 added
[  292.452531][ T6074] team0: Port device team_slave_1 added
[  292.557476][ T6074] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.573814][ T6074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.681966][ T4612] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  292.710119][ T6156] Cannot find del_set index 1 as target
[  292.725082][ T6156] overlayfs: missing 'lowerdir'
[  292.778401][ T6074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.921926][ T4612] usb 4-1: Using ep0 maxpacket: 16
[  292.933169][ T4612] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.976650][ T4564] tipc: Left network mode
[  293.040873][ T6074] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.580130][ T4612] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.791530][ T4280] Bluetooth: hci0: command 0x040f tx timeout
[  294.223667][ T6074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.314255][ T4612] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  294.424563][ T6159] cgroup: Name too long
[  294.462207][ T4612] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  294.536711][ T6074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.587914][ T4612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.817272][ T4612] usb 4-1: config 0 descriptor??
[  295.466349][ T6074] device hsr_slave_0 entered promiscuous mode
[  295.482946][ T6074] device hsr_slave_1 entered promiscuous mode
[  295.499528][ T6074] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.507536][ T6074] Cannot create hsr debugfs directory
[  295.550022][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  295.569717][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  295.578385][ T4612] usbhid 4-1:0.0: can't add hid device: -71
[  295.591615][ T4612] usbhid: probe of 4-1:0.0 failed with error -71
[  295.610811][ T4612] usb 4-1: USB disconnect, device number 10
[  295.772553][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  295.783035][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  295.803732][ T5741] device veth0_vlan entered promiscuous mode
[  295.871639][ T4280] Bluetooth: hci0: command 0x0419 tx timeout
[  295.872291][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  295.896340][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  295.968155][ T6164] loop0: detected capacity change from 0 to 32768
[  295.998088][ T5741] device veth1_vlan entered promiscuous mode
[  296.041769][ T6164] JBD2: Ignoring recovery information on journal
[  296.184048][ T6164] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  296.186634][ T6179] loop5: detected capacity change from 0 to 1024
[  296.224468][ T6179] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  296.251826][ T6179] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  296.352363][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  296.391503][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  296.454646][ T5741] device veth0_macvtap entered promiscuous mode
[  296.563604][ T5741] device veth1_macvtap entered promiscuous mode
[  296.923422][ T4275] ocfs2: Unmounting device (7,0) on (node local)
[  297.132007][ T6074] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  297.236264][ T6074] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  297.362511][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  297.541618][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  297.570672][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  297.723394][ T6074] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  297.858306][ T6204] xt_CONNSECMARK: invalid mode: 66
[  297.970537][ T6206] cgroup: Name too long
[  298.550395][ T6074] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  298.851006][ T6215] Cannot find del_set index 1 as target
[  298.867263][ T6215] overlayfs: missing 'lowerdir'
[  299.839932][ T4286] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  299.849941][ T4286] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  299.859664][ T4286] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  299.867838][ T4286] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  299.891801][ T4286] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  299.900703][ T4286] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  300.081653][  T125] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  300.192672][ T4564] device hsr_slave_0 left promiscuous mode
[  300.209399][ T4564] device hsr_slave_1 left promiscuous mode
[  300.232368][ T4564] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.261663][ T4564] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.308314][  T125] usb 1-1: Using ep0 maxpacket: 16
[  300.317743][  T125] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.332358][ T4564] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.340103][ T4564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.362921][  T125] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.373391][  T125] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  300.386859][  T125] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  300.405174][  T125] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.421092][ T4564] device bridge_slave_1 left promiscuous mode
[  300.449252][  T125] usb 1-1: config 0 descriptor??
[  300.456265][ T4564] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.493207][ T4564] device bridge_slave_0 left promiscuous mode
[  300.499568][ T4564] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.579608][ T4564] device veth1_macvtap left promiscuous mode
[  300.585919][ T4564] device veth0_macvtap left promiscuous mode
[  300.602036][ T4564] device veth1_vlan left promiscuous mode
[  300.608264][ T4564] device veth0_vlan left promiscuous mode
[  300.928611][ T6229] loop3: detected capacity change from 0 to 32768
[  301.007106][ T6229] JBD2: Ignoring recovery information on journal
[  301.078861][  T125] usbhid 1-1:0.0: can't add hid device: -71
[  301.096129][ T6229] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  301.106021][  T125] usbhid: probe of 1-1:0.0 failed with error -71
[  301.118020][  T125] usb 1-1: USB disconnect, device number 8
[  301.391367][ T4283] ocfs2: Unmounting device (7,3) on (node local)
[  301.981609][ T4280] Bluetooth: hci3: command 0x0409 tx timeout
[  301.993472][ T6246] cgroup: Name too long
[  302.850057][ T6252] Cannot find del_set index 1 as target
[  302.874297][ T6252] overlayfs: missing 'lowerdir'
[  304.039831][ T4286] Bluetooth: hci3: command 0x041b tx timeout
[  304.387352][ T6266] xt_CONNSECMARK: invalid mode: 66
[  305.214574][ T4564] team0 (unregistering): Port device team_slave_1 removed
[  305.274753][ T4564] team0 (unregistering): Port device team_slave_0 removed
[  305.348300][ T4564] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.377559][ T6265] loop5: detected capacity change from 0 to 32768
[  305.420316][ T4564] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.454857][ T6265] JBD2: Ignoring recovery information on journal
[  305.461641][ T4276] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  305.501729][ T6265] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  305.646918][ T4672] ocfs2: Unmounting device (7,5) on (node local)
[  305.653438][ T4276] usb 4-1: Using ep0 maxpacket: 16
[  305.682349][ T4276] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.693938][ T4276] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.704335][ T4276] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  305.731366][ T4276] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  305.750741][ T4276] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.776081][ T4276] usb 4-1: config 0 descriptor??
[  306.111640][ T4286] Bluetooth: hci3: command 0x040f tx timeout
[  306.220408][ T6275] netlink: 'syz.5.438': attribute type 1 has an invalid length.
[  306.233098][ T6275] netlink: 'syz.5.438': attribute type 2 has an invalid length.
[  306.270786][ T4564] bond0 (unregistering): Released all slaves
[  306.484054][ T4276] usbhid 4-1:0.0: can't add hid device: -71
[  306.490790][ T4276] usbhid: probe of 4-1:0.0 failed with error -71
[  306.557031][ T6074] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.580029][ T4276] usb 4-1: USB disconnect, device number 11
[  306.769547][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  306.876427][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  306.918525][ T6074] 8021q: adding VLAN 0 to HW filter on device team0
[  307.059146][ T6281] loop0: detected capacity change from 0 to 512
[  307.144078][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  307.173790][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  307.260626][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.267896][ T4367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.307448][ T6281] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.439: missing EA_INODE flag
[  307.371938][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  307.396914][ T6281] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.439: error while reading EA inode 12 err=-117
[  307.410272][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  307.431929][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.437992][ T6281] EXT4-fs (loop0): 1 orphan inode deleted
[  307.439186][ T4367] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.481879][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  307.498394][ T6281] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  307.500705][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  307.552820][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  307.714202][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  307.748879][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  307.782863][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  308.217665][ T4286] Bluetooth: hci3: command 0x0419 tx timeout
[  308.220249][ T6294] cgroup: Name too long
[  308.431069][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  308.744316][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  308.863045][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  308.881202][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  308.929201][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  309.019846][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  309.072685][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  309.124963][ T6074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  309.413074][ T6218] chnl_net:caif_netlink_parms(): no params data found
[  309.825409][ T6218] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.837827][ T6218] bridge0: port 1(bridge_slave_0) entered disabled state
[  309.846387][ T6218] device bridge_slave_0 entered promiscuous mode
[  309.904424][ T6218] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.921863][ T6218] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.939990][ T6218] device bridge_slave_1 entered promiscuous mode
[  310.011926][  T125] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  310.013642][ T6218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.078936][ T6218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.160110][ T4462] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  310.163573][ T6218] team0: Port device team_slave_0 added
[  310.203315][ T6218] team0: Port device team_slave_1 added
[  310.222642][  T125] usb 4-1: Using ep0 maxpacket: 8
[  310.240345][ T6074] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.249745][  T125] usb 4-1: unable to get BOS descriptor or descriptor too short
[  310.262607][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  310.280670][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  310.293893][  T125] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  310.318666][  T125] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  310.338008][ T6218] batman_adv: batadv0: Adding interface: batadv_slave_0
[  310.348903][  T125] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  310.371573][ T6218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.393722][  T125] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  310.410380][ T4462] usb 6-1: Using ep0 maxpacket: 16
[  310.421898][ T4462] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.441463][  T125] usb 4-1: New USB device strings: Mfr=1, Product=232, SerialNumber=3
[  310.458684][ T4462] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.468114][ T6218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  310.469817][  T125] usb 4-1: Product: syz
[  310.491520][ T4462] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  310.509355][ T6218] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.516765][  T125] usb 4-1: Manufacturer: syz
[  310.516788][  T125] usb 4-1: SerialNumber: syz
[  310.524863][ T4462] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  310.547127][ T6218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.558538][ T4462] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.611699][ T6218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.624833][ T4462] usb 6-1: config 0 descriptor??
[  310.752667][  T125] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  310.769849][  T125] cdc_ncm 4-1:1.0: bind() failure
[  310.809497][  T125] usb 4-1: USB disconnect, device number 12
[  310.877018][ T6218] device hsr_slave_0 entered promiscuous mode
[  310.902427][ T6218] device hsr_slave_1 entered promiscuous mode
[  311.240701][ T4462] usbhid 6-1:0.0: can't add hid device: -71
[  311.247785][ T4462] usbhid: probe of 6-1:0.0 failed with error -71
[  311.281914][ T4462] usb 6-1: USB disconnect, device number 7
[  311.539015][ T6339] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.449'.
[  311.673381][ T6343] loop0: detected capacity change from 0 to 512
[  311.703201][ T6343] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.450: missing EA_INODE flag
[  311.788504][ T6343] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.450: error while reading EA inode 12 err=-117
[  311.822107][ T6343] EXT4-fs (loop0): 1 orphan inode deleted
[  311.828022][ T6343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  312.010478][ T6353] cgroup: Name too long
[  312.671691][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  312.697401][ T6018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  313.489855][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  313.626741][ T6349] netlink: 'syz.5.452': attribute type 1 has an invalid length.
[  313.708526][ T6349] netlink: 'syz.5.452': attribute type 2 has an invalid length.
[  313.719958][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  313.754424][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  313.801946][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  313.872792][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  313.935217][ T4564] device hsr_slave_0 left promiscuous mode
[  313.969141][ T4564] device hsr_slave_1 left promiscuous mode
[  313.996229][ T6366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.454'.
[  314.021858][ T4564] batman_adv: batadv0: Removing interface: batadv_slave_0
[  314.032590][ T4564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  314.059642][ T4564] device bridge_slave_1 left promiscuous mode
[  314.072982][ T4564] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.122434][ T4564] device bridge_slave_0 left promiscuous mode
[  314.142670][ T4564] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.247820][ T4564] device veth1_macvtap left promiscuous mode
[  314.318937][ T4564] device veth0_macvtap left promiscuous mode
[  314.345451][ T4564] device veth1_vlan left promiscuous mode
[  314.352547][ T4564] device veth0_vlan left promiscuous mode
[  314.611572][   T22] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  314.811772][   T22] usb 1-1: Using ep0 maxpacket: 8
[  314.831322][   T22] usb 1-1: unable to get BOS descriptor or descriptor too short
[  314.847628][   T22] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  314.875672][   T22] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  314.885066][   T22] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  314.911190][   T22] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  314.933370][   T22] usb 1-1: New USB device strings: Mfr=1, Product=232, SerialNumber=3
[  314.943383][   T22] usb 1-1: Product: syz
[  314.947598][   T22] usb 1-1: Manufacturer: syz
[  314.952866][   T22] usb 1-1: SerialNumber: syz
[  315.195046][   T22] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[  315.211750][   T22] cdc_ncm 1-1:1.0: bind() failure
[  315.244782][   T22] usb 1-1: USB disconnect, device number 9
[  315.363614][ T4564] team0 (unregistering): Port device team_slave_1 removed
[  315.436927][ T4564] team0 (unregistering): Port device team_slave_0 removed
[  315.493504][ T4564] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.589920][ T4564] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.602123][  T125] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  315.812513][  T125] usb 6-1: Using ep0 maxpacket: 16
[  315.820438][  T125] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.859786][  T125] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.871358][  T125] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  315.884130][ T6384] loop0: detected capacity change from 0 to 512
[  315.885627][  T125] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  315.903109][  T125] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.945528][  T125] usb 6-1: config 0 descriptor??
[  315.954083][ T6384] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.461: missing EA_INODE flag
[  315.992614][ T6384] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.461: error while reading EA inode 12 err=-117
[  316.046361][ T6384] EXT4-fs (loop0): 1 orphan inode deleted
[  316.069038][ T6384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  316.345489][ T6389] cgroup: Name too long
[  317.020094][  T125] usbhid 6-1:0.0: can't add hid device: -71
[  317.087385][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  317.096146][  T125] usbhid: probe of 6-1:0.0 failed with error -71
[  317.205304][  T125] usb 6-1: USB disconnect, device number 8
[  317.315151][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  317.391038][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  317.761045][ T4564] bond0 (unregistering): Released all slaves
[  317.778246][ T6399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[  317.942427][ T6400] netlink: 'syz.3.464': attribute type 1 has an invalid length.
[  317.951954][ T6400] netlink: 'syz.3.464': attribute type 2 has an invalid length.
[  318.108980][ T6074] device veth0_vlan entered promiscuous mode
[  318.273486][ T6074] device veth1_vlan entered promiscuous mode
[  318.645059][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  318.666605][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  318.714206][ T6218] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  318.742013][ T6074] device veth0_macvtap entered promiscuous mode
[  318.758161][ T6218] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  318.789755][ T6074] device veth1_macvtap entered promiscuous mode
[  318.798305][ T6218] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  318.854925][ T6218] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  318.887907][ T6074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.907970][ T6074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.931650][ T6074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.961183][ T6074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.993202][ T6074] batman_adv: batadv0: Interface activated: batadv_slave_0
[  319.018555][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  319.045518][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  319.065084][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  319.096355][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  319.123530][ T6074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.141840][ T6074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.161592][ T6074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.186030][ T6074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.199299][ T6074] batman_adv: batadv0: Interface activated: batadv_slave_1
[  319.282973][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  319.299440][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  319.350332][ T6074] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  319.362388][ T6074] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  319.377688][ T6074] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  319.388238][ T6074] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  319.515304][ T6426] loop5: detected capacity change from 0 to 512
[  319.556850][ T1076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.616631][ T4564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.659858][ T6426] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #12: comm syz.5.471: missing EA_INODE flag
[  319.686492][ T1076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.712522][ T6426] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.471: error while reading EA inode 12 err=-117
[  319.727148][ T6426] EXT4-fs (loop5): 1 orphan inode deleted
[  319.733603][ T6426] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  319.750344][ T4564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.768138][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  320.597929][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  320.601772][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  320.690074][ T6218] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.886913][ T6441] cgroup: Name too long
[  321.338214][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  321.414772][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  321.452261][ T6218] 8021q: adding VLAN 0 to HW filter on device team0
[  321.513083][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  321.528854][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  321.536033][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.474'.
[  321.550614][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.557918][ T4367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.600501][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  321.619519][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  321.634187][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  321.649745][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.654478][ T6450] loop7: detected capacity change from 0 to 512
[  321.656943][ T4367] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.687929][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  321.715978][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  321.751551][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  321.814404][ T6450] EXT4-fs error (device loop7): ext4_xattr_inode_iget:401: inode #12: comm syz.7.389: missing EA_INODE flag
[  321.831796][ T4316] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  321.845496][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  321.861114][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  321.891877][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  321.901135][ T6450] EXT4-fs error (device loop7): ext4_xattr_inode_iget:406: comm syz.7.389: error while reading EA inode 12 err=-117
[  321.907943][ T6218] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  321.925481][ T6218] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  321.949967][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  321.973888][ T6450] EXT4-fs (loop7): 1 orphan inode deleted
[  322.012500][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  322.030742][ T6450] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  322.041719][ T4316] usb 6-1: Using ep0 maxpacket: 16
[  322.055210][ T4316] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.055250][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  322.109581][ T4316] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.158524][ T4316] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  322.297377][ T4316] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  322.303979][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  322.314080][ T4316] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.409313][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  322.421339][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  323.110227][ T4316] usb 6-1: config 0 descriptor??
[  323.113250][ T6074] EXT4-fs (loop7): unmounting filesystem.
[  323.345386][ T6473] loop7: detected capacity change from 0 to 512
[  323.453403][ T6473] EXT4-fs error (device loop7): ext4_xattr_inode_iget:401: inode #12: comm syz.7.481: missing EA_INODE flag
[  323.501908][ T6473] EXT4-fs error (device loop7): ext4_xattr_inode_iget:406: comm syz.7.481: error while reading EA inode 12 err=-117
[  323.555489][ T6473] EXT4-fs (loop7): 1 orphan inode deleted
[  323.571069][ T6480] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  323.577667][ T6480] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  323.586349][ T6473] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  323.598601][ T6480] vhci_hcd vhci_hcd.0: Device attached
[  323.621703][ T4615] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  323.738130][ T4316] usbhid 6-1:0.0: can't add hid device: -71
[  323.751241][ T4316] usbhid: probe of 6-1:0.0 failed with error -71
[  323.796046][ T4316] usb 6-1: USB disconnect, device number 9
[  323.871696][ T5347] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  323.921530][ T4615] usb 1-1: Using ep0 maxpacket: 8
[  323.971715][ T4612] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  324.019991][ T4615] usb 1-1: unable to get BOS descriptor or descriptor too short
[  324.239257][ T4615] usb 1-1: unable to read config index 0 descriptor/start: -71
[  324.267808][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  324.286259][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  324.305770][ T4615] usb 1-1: can't read configurations, error -71
[  324.343171][ T6218] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.411795][ T4612] usb 4-1: Using ep0 maxpacket: 8
[  324.428565][ T4612] usb 4-1: config 0 has no interfaces?
[  324.471587][ T4612] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  324.521959][ T4612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.561907][ T4612] usb 4-1: config 0 descriptor??
[  324.594406][ T6074] EXT4-fs (loop7): unmounting filesystem.
[  324.742792][ T6497] cgroup: Name too long
[  325.069086][ T4612] usb 4-1: USB disconnect, device number 13
[  325.107839][ T6481] vhci_hcd: connection reset by peer
[  325.148098][   T46] vhci_hcd: stop threads
[  325.153147][   T46] vhci_hcd: release socket
[  325.223560][   T46] vhci_hcd: disconnect device
[  325.403709][ T6501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'.
[  325.899024][ T6518] netlink: 'syz.7.490': attribute type 21 has an invalid length.
[  325.932523][ T6518] netlink: 14548 bytes leftover after parsing attributes in process `syz.7.490'.
[  326.235562][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  326.266142][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  326.280543][ T6529] loop0: detected capacity change from 0 to 512
[  326.311724][ T4317] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  326.378494][ T6218] device veth0_vlan entered promiscuous mode
[  326.400838][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  326.451509][ T6535] cgroup: Name too long
[  326.518191][ T6529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #12: comm syz.0.494: missing EA_INODE flag
[  326.533939][ T4316] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  326.550327][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  326.550772][ T6529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.494: error while reading EA inode 12 err=-117
[  326.561664][ T4317] usb 6-1: Using ep0 maxpacket: 16
[  326.638596][ T4317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.648775][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  326.657460][ T4317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.667719][ T4317] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  326.681291][ T4317] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  326.690752][ T4317] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.711003][ T4317] usb 6-1: config 0 descriptor??
[  326.773884][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  326.854642][ T4316] usb 4-1: Using ep0 maxpacket: 8
[  327.069072][ T6529] EXT4-fs (loop0): 1 orphan inode deleted
[  327.075520][ T6529] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  327.084611][ T4316] usb 4-1: unable to get BOS descriptor or descriptor too short
[  327.087570][ T4316] usb 4-1: unable to read config index 0 descriptor/start: -71
[  327.119175][ T6218] device veth1_vlan entered promiscuous mode
[  327.132137][ T4316] usb 4-1: can't read configurations, error -71
[  327.320731][ T4317] appleir 0003:05AC:8241.0001: unknown main item tag 0x0
[  327.334378][ T4317] appleir 0003:05AC:8241.0001: unknown main item tag 0x0
[  327.341940][ T4317] appleir 0003:05AC:8241.0001: unknown main item tag 0x0
[  327.349296][ T4317] appleir 0003:05AC:8241.0001: unknown main item tag 0x0
[  327.358471][ T4317] appleir 0003:05AC:8241.0001: unknown main item tag 0x0
[  327.366959][ T4364] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  327.375820][ T4364] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  327.487667][ T4317] appleir 0003:05AC:8241.0001: No inputs registered, leaving
[  327.743809][ T4317] appleir 0003:05AC:8241.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  328.025126][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  328.026045][ T6218] device veth0_macvtap entered promiscuous mode
[  328.038758][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  328.068254][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  328.231072][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  328.269899][ T6218] device veth1_macvtap entered promiscuous mode
[  328.358646][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.372313][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.389863][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.401054][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.420130][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.431304][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.450445][ T6218] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.492177][ T4364] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  328.528505][ T4364] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  328.597912][ T4364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  328.672613][ T6563] input: syz0 as /devices/virtual/input/input8
[  329.404528][ T6566] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  329.411138][ T6566] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  329.431538][   T22] usb 6-1: reset high-speed USB device number 10 using dummy_hcd
[  329.517033][ T6566] vhci_hcd vhci_hcd.0: Device attached
[  329.651614][ T4317] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  329.781663][ T4612] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  329.861574][ T4317] usb 8-1: Using ep0 maxpacket: 8
[  329.868683][ T4317] usb 8-1: config 0 has no interfaces?
[  330.008435][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.019342][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.030226][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.152317][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.394475][ T5347] vhci_hcd: vhci_device speed not set
[  330.429967][ T4317] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  330.446118][ T4615] usb 6-1: USB disconnect, device number 10
[  330.471452][ T6218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.490339][ T6218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.515052][ T4317] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.516329][ T6218] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.546286][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  330.573751][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  330.587768][ T4317] usb 8-1: config 0 descriptor??
[  330.665155][ T6583] cgroup: Name too long
[  330.955948][   T32] usb 8-1: USB disconnect, device number 2
[  330.998033][ T6568] vhci_hcd: connection reset by peer
[  330.999537][ T6218] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.017602][ T4564] vhci_hcd: stop threads
[  331.194590][ T4564] vhci_hcd: release socket
[  331.216835][ T6218] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.223182][ T4564] vhci_hcd: disconnect device
[  331.251567][ T6218] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.271056][ T6218] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.398088][ T6592] loop0: detected capacity change from 0 to 1024
[  331.481789][ T4462] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  331.500352][ T6018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.513766][ T6018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.524803][ T6592] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  331.574373][ T6592] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.642688][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  331.681628][ T4462] usb 4-1: Using ep0 maxpacket: 8
[  331.700362][ T5976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.716261][ T4462] usb 4-1: unable to get BOS descriptor or descriptor too short
[  331.731785][ T5976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.745268][ T4462] usb 4-1: unable to read config index 0 descriptor/start: -71
[  331.761811][ T4462] usb 4-1: can't read configurations, error -71
[  331.866712][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  332.034565][ T6606] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.509: bg 0: block 112: padding at end of block bitmap is not set
[  332.052096][ T6606] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  332.064705][ T6606] EXT4-fs (loop0): This should not happen!! Data will be lost
[  332.064705][ T6606] 
[  332.075137][ T6606] EXT4-fs (loop0): Total free blocks count 0
[  332.081162][ T6606] EXT4-fs (loop0): Free/Dirty block details
[  332.087424][ T6606] EXT4-fs (loop0): free_blocks=0
[  332.093041][ T6606] EXT4-fs (loop0): dirty_blocks=64
[  332.098262][ T6606] EXT4-fs (loop0): Block reservation details
[  332.104532][ T6606] EXT4-fs (loop0): i_reserved_data_blocks=4
[  332.113653][ T6606] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: comm syz.0.509: lblock 0 mapped to illegal pblock 0 (length 1)
[  332.246724][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.5.511'.
[  332.713251][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  333.288739][ T6623] No buffer was provided with the request
[  334.365123][ T6636] cgroup: Name too long
[  335.476432][ T4612] vhci_hcd: vhci_device speed not set
[  336.734164][ T5347] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  337.471558][ T4276] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  337.485801][ T6647] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  337.492400][ T6647] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  337.523574][ T6647] vhci_hcd vhci_hcd.0: Device attached
[  339.821813][ T4612] usb 47-1: new low-speed USB device number 3 using vhci_hcd
[  339.992051][ T4276] usb 8-1: Using ep0 maxpacket: 8
[  340.143107][ T4276] usb 8-1: device descriptor read/all, error -71
[  340.162218][ T6650] vhci_hcd: connection reset by peer
[  340.168710][ T4475] vhci_hcd: stop threads
[  340.174192][ T4475] vhci_hcd: release socket
[  340.191853][ T4475] vhci_hcd: disconnect device
[  340.268775][ T6666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.523'.
[  340.630841][ T6681] netlink: 'syz.7.529': attribute type 21 has an invalid length.
[  344.031881][ T5353] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  344.221979][ T5353] usb 7-1: Using ep0 maxpacket: 16
[  344.273307][ T5353] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  344.311468][ T5353] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  344.367379][ T5353] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  344.381711][ T4358] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[  345.861606][ T4612] vhci_hcd: vhci_device speed not set
[  345.871567][ T4358] usb 8-1: device descriptor read/64, error -71
[  345.892176][ T5353] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  345.896049][ T6710] cgroup: Name too long
[  346.262427][ T4358] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  346.481706][ T6713] cgroup: Name too long
[  346.607258][ T5353] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.645786][ T4358] usb 8-1: device descriptor read/64, error -71
[  346.986953][ T5353] usb 7-1: config 0 descriptor??
[  347.029347][ T4358] usb usb8-port1: attempt power cycle
[  347.099334][ T5353] usb 7-1: can't set config #0, error -71
[  347.106116][ T6716] netlink: 8 bytes leftover after parsing attributes in process `syz.6.541'.
[  347.152313][ T5353] usb 7-1: USB disconnect, device number 2
[  347.186012][ T6712] device syzkaller0 entered promiscuous mode
[  347.505898][ T6724] Cannot find del_set index 1 as target
[  347.623299][ T6721] overlayfs: missing 'lowerdir'
[  348.569102][ T6754] loop6: detected capacity change from 0 to 512
[  350.319795][ T6754] EXT4-fs error (device loop6): ext4_orphan_get:1405: inode #15: comm syz.6.550: inode has both inline data and extents flags
[  350.336226][ T6754] EXT4-fs error (device loop6): ext4_orphan_get:1410: comm syz.6.550: couldn't read orphan inode 15 (err -117)
[  350.377219][ T6754] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  351.157686][ T6218] EXT4-fs (loop6): unmounting filesystem.
[  351.561652][ T4276] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  351.751613][ T4276] usb 7-1: Using ep0 maxpacket: 16
[  351.760526][ T4276] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  351.777483][ T4276] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.787795][ T4276] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  351.808523][ T4276] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  351.823038][ T4276] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.850388][ T4276] usb 7-1: config 0 descriptor??
[  352.273418][ T4276] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[  352.281060][ T4276] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[  352.298079][ T4276] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[  352.305792][ T4276] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[  352.320660][ T4276] appleir 0003:05AC:8241.0002: No inputs registered, leaving
[  352.342760][ T4276] appleir 0003:05AC:8241.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[  354.121619][ T4462] usb 7-1: reset high-speed USB device number 3 using dummy_hcd
[  355.309181][ T4276] usb 7-1: USB disconnect, device number 3
[  355.548341][ T4276] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  355.706008][ T4276] usb 7-1: device descriptor read/64, error -71
[  355.998275][ T4276] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  356.152523][ T4276] usb 7-1: device descriptor read/64, error -71
[  356.280448][ T4276] usb usb7-port1: attempt power cycle
[  356.333177][ T6726] netlink: 'syz.7.545': attribute type 22 has an invalid length.
[  356.378972][ T6766] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.553'.
[  356.635595][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.5.556'.
[  356.701573][ T4276] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  356.745273][ T6786] Cannot find del_set index 1 as target
[  356.759944][ T6786] overlayfs: missing 'lowerdir'
[  357.209779][ T6785] loop0: detected capacity change from 0 to 1024
[  357.361211][ T6785] EXT4-fs: Ignoring removed bh option
[  357.607157][ T6785] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  357.632199][ T4276] usb 7-1: device descriptor read/8, error -71
[  357.931904][ T4276] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  358.192122][ T6801] loop7: detected capacity change from 0 to 512
[  358.459650][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  358.528073][ T6801] EXT4-fs error (device loop7): ext4_orphan_get:1405: inode #15: comm syz.7.561: inode has both inline data and extents flags
[  358.544027][ T6801] EXT4-fs error (device loop7): ext4_orphan_get:1410: comm syz.7.561: couldn't read orphan inode 15 (err -117)
[  358.561455][ T6801] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  358.818605][ T4276] usb 7-1: device descriptor read/8, error -71
[  359.002602][ T4276] usb usb7-port1: unable to enumerate USB device
[  360.330894][ T6074] EXT4-fs (loop7): unmounting filesystem.
[  361.127619][ T4276] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  361.707340][ T4276] usb 7-1: Using ep0 maxpacket: 16
[  361.729214][ T4276] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.781451][ T4276] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.791873][ T4276] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  361.831522][ T4276] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  361.840788][ T4276] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.909368][ T4276] usb 7-1: config 0 descriptor??
[  362.421499][ T4317] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  362.699240][ T4317] usb 1-1: no configurations
[  362.704721][ T4317] usb 1-1: can't read configurations, error -22
[  363.701544][ T4317] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  363.743836][ T4276] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  363.751098][ T4276] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  363.760405][ T4276] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  363.767678][ T4276] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  363.776807][ T4276] appleir 0003:05AC:8241.0003: No inputs registered, leaving
[  363.791007][ T4276] appleir 0003:05AC:8241.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[  363.982458][ T4317] usb 1-1: no configurations
[  363.987181][ T4317] usb 1-1: can't read configurations, error -22
[  364.037229][ T4317] usb usb1-port1: attempt power cycle
[  364.079864][ T4615] usb 7-1: USB disconnect, device number 8
[  364.154225][ T6863] netlink: 14 bytes leftover after parsing attributes in process `syz.7.580'.
[  364.285834][ T6858] fido_id[6858]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  364.325803][ T6863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  364.398980][ T6863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  364.439410][ T6863] bond0 (unregistering): Released all slaves
[  364.467318][ T4317] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  364.513215][ T4317] usb 1-1: no configurations
[  364.525702][ T4317] usb 1-1: can't read configurations, error -22
[  364.707369][ T4317] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  364.947271][ T4317] usb 1-1: no configurations
[  364.953715][ T4317] usb 1-1: can't read configurations, error -22
[  364.960760][ T4317] usb usb1-port1: unable to enumerate USB device
[  365.026927][ T6882] input: syz0 as /devices/virtual/input/input9
[  368.135018][ T5353] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  368.351591][ T5353] usb 4-1: Using ep0 maxpacket: 16
[  368.375642][ T5353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.428084][ T5353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.461921][ T5353] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  368.526369][ T5353] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  368.552455][ T5353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.577252][ T5353] usb 4-1: config 0 descriptor??
[  368.602391][ T6924] loop6: detected capacity change from 0 to 1024
[  368.624244][ T6924] EXT4-fs: Ignoring removed bh option
[  368.727673][ T6924] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  368.854955][ T6935] Cannot find del_set index 1 as target
[  368.878789][ T6935] overlayfs: missing 'lowerdir'
[  369.068731][ T5353] appleir 0003:05AC:8241.0004: unknown main item tag 0x0
[  369.240830][ T5353] appleir 0003:05AC:8241.0004: unknown main item tag 0x0
[  369.377582][ T5353] appleir 0003:05AC:8241.0004: unknown main item tag 0x0
[  369.540085][ T5353] appleir 0003:05AC:8241.0004: unknown main item tag 0x0
[  369.730255][ T5353] appleir 0003:05AC:8241.0004: No inputs registered, leaving
[  370.264143][ T5353] appleir 0003:05AC:8241.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  370.862634][ T6218] EXT4-fs (loop6): unmounting filesystem.
[  370.903674][ T5353] usb 4-1: USB disconnect, device number 18
[  371.098600][ T6948] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  371.105211][ T6948] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  371.118555][ T6948] vhci_hcd vhci_hcd.0: Device attached
[  371.259382][ T6951] netlink: 'syz.5.606': attribute type 10 has an invalid length.
[  371.789714][ T6941] fido_id[6941]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  371.815903][ T6951] team0: Device xfrm0 is of different type
[  372.161680][ T4317] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  372.161731][ T4612] usb 47-1: new low-speed USB device number 4 using vhci_hcd
[  372.225204][ T6960] input: syz0 as /devices/virtual/input/input10
[  372.351755][ T4317] usb 8-1: Using ep0 maxpacket: 8
[  372.405581][ T4317] usb 8-1: config 0 has no interfaces?
[  372.589162][ T4317] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  372.964236][ T4317] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.295923][ T4317] usb 8-1: config 0 descriptor??
[  373.679165][ T6949] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 3
[  373.695628][ T4317] usb 8-1: USB disconnect, device number 8
[  373.729183][ T4546] vhci_hcd: stop threads
[  373.810428][ T4546] vhci_hcd: release socket
[  373.831609][ T4546] vhci_hcd: disconnect device
[  374.791258][ T6984] Cannot find del_set index 1 as target
[  375.205730][ T6990] netlink: 'syz.0.616': attribute type 25 has an invalid length.
[  375.249711][ T6990] netlink: 'syz.0.616': attribute type 12 has an invalid length.
[  377.085603][ T7007] loop0: detected capacity change from 0 to 1024
[  377.226652][ T7006] device syzkaller0 entered promiscuous mode
[  377.571730][ T4612] vhci_hcd: vhci_device speed not set
[  377.638844][ T7007] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  377.759368][ T7007] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  378.473209][ T7024] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.620: bg 0: block 112: padding at end of block bitmap is not set
[  378.488760][ T7024] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  378.501577][ T7024] EXT4-fs (loop0): This should not happen!! Data will be lost
[  378.501577][ T7024] 
[  378.511534][ T7024] EXT4-fs (loop0): Total free blocks count 0
[  378.517635][ T7024] EXT4-fs (loop0): Free/Dirty block details
[  378.523244][ T7025] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: comm syz.0.620: lblock 0 mapped to illegal pblock 0 (length 1)
[  378.523603][ T7024] EXT4-fs (loop0): free_blocks=0
[  378.541865][ T7024] EXT4-fs (loop0): dirty_blocks=64
[  378.547103][ T7024] EXT4-fs (loop0): Block reservation details
[  378.553154][ T7024] EXT4-fs (loop0): i_reserved_data_blocks=4
[  378.754728][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  378.761917][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  378.920744][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  379.793697][ T7052] Cannot find del_set index 1 as target
[  383.040222][ T7074] loop5: detected capacity change from 0 to 1024
[  383.074702][   T22] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  383.150012][ T7074] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  383.184493][ T7074] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  383.279237][   T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.304267][   T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.486320][   T22] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  383.496631][   T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.508623][   T22] usb 1-1: config 0 descriptor??
[  383.570708][ T7081] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.641: bg 0: block 112: padding at end of block bitmap is not set
[  383.586580][ T7081] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  383.599663][ T7081] EXT4-fs (loop5): This should not happen!! Data will be lost
[  383.599663][ T7081] 
[  383.609792][ T7081] EXT4-fs (loop5): Total free blocks count 0
[  383.615908][ T7081] EXT4-fs (loop5): Free/Dirty block details
[  383.620089][ T7085] EXT4-fs error (device loop5): ext4_map_blocks:747: inode #15: comm syz.5.641: lblock 0 mapped to illegal pblock 0 (length 1)
[  383.621951][ T7081] EXT4-fs (loop5): free_blocks=0
[  383.621972][ T7081] EXT4-fs (loop5): dirty_blocks=64
[  383.621987][ T7081] EXT4-fs (loop5): Block reservation details
[  383.622000][ T7081] EXT4-fs (loop5): i_reserved_data_blocks=4
[  383.660235][ T7085] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #15: comm syz.5.641: lblock 0 mapped to illegal pblock 0 (length 1)
[  383.984967][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  384.139797][ T7069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.149067][   T22] usbhid 1-1:0.0: can't add hid device: -32
[  384.157529][   T22] usbhid: probe of 1-1:0.0 failed with error -32
[  384.160080][ T7069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.212903][   T22] usb 1-1: USB disconnect, device number 16
[  385.958893][ T7096] Cannot find del_set index 1 as target
[  387.133140][ T7087] netlink: 'syz.6.645': attribute type 25 has an invalid length.
[  387.134009][ T7063] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  387.141104][ T7087] netlink: 'syz.6.645': attribute type 1 has an invalid length.
[  387.150617][ T7063] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  387.150645][ T7063] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  387.195979][ T7087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.211137][ T7089] netlink: 'syz.5.646': attribute type 13 has an invalid length.
[  387.230334][ T7089] netlink: 24643 bytes leftover after parsing attributes in process `syz.5.646'.
[  387.838738][ T7124] loop5: detected capacity change from 0 to 512
[  387.952164][ T7124] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #12: comm syz.5.656: missing EA_INODE flag
[  388.032151][ T7124] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.656: error while reading EA inode 12 err=-117
[  388.052040][ T7124] EXT4-fs (loop5): 1 orphan inode deleted
[  388.058025][ T7124] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  389.974549][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  391.724358][ T7155] netlink: 'syz.5.662': attribute type 7 has an invalid length.
[  394.247852][ T7184] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  394.254454][ T7184] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  394.291714][ T7184] vhci_hcd vhci_hcd.0: Device attached
[  394.315240][ T7185] vhci_hcd: connection closed
[  394.315661][ T4531] vhci_hcd: stop threads
[  394.334693][ T7190] loop3: detected capacity change from 0 to 1024
[  394.344084][ T4531] vhci_hcd: release socket
[  394.348679][ T4531] vhci_hcd: disconnect device
[  394.379671][ T7190] EXT4-fs: Ignoring removed bh option
[  394.534444][ T7190] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  395.069034][ T4283] EXT4-fs (loop3): unmounting filesystem.
[  396.071479][ T5353] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  396.283039][ T5353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.311451][ T5353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.371447][ T5353] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  396.380598][ T5353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.447542][ T5353] usb 4-1: config 0 descriptor??
[  397.082708][ T7212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.091559][ T5353] usbhid 4-1:0.0: can't add hid device: -32
[  397.097646][ T5353] usbhid: probe of 4-1:0.0 failed with error -32
[  397.144645][ T7212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.172438][ T7236] Cannot find del_set index 1 as target
[  397.182251][ T7236] overlayfs: missing 'lowerdir'
[  397.892843][ T5353] usb 4-1: USB disconnect, device number 19
[  397.979938][ T7240] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  397.986616][ T7240] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  398.081936][ T7240] vhci_hcd vhci_hcd.0: Device attached
[  398.099115][ T7241] vhci_hcd: connection closed
[  398.100389][ T4790] vhci_hcd: stop threads
[  398.140351][ T4790] vhci_hcd: release socket
[  398.147718][ T4790] vhci_hcd: disconnect device
[  399.056160][ T4314] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  399.261675][ T4314] usb 7-1: Using ep0 maxpacket: 16
[  399.268785][ T4314] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.317135][ T4314] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.364944][ T4314] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  399.435686][ T4314] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  399.476464][ T4314] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.524634][ T4314] usb 7-1: config 0 descriptor??
[  400.100645][ T4314] input: HID 05ac:8241 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:05AC:8241.0005/input/input11
[  400.199679][ T4314] appleir 0003:05AC:8241.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[  400.734808][ T7283] Cannot find del_set index 1 as target
[  400.745388][ T7283] overlayfs: missing 'lowerdir'
[  401.391543][ T4314] usb 7-1: reset high-speed USB device number 9 using dummy_hcd
[  401.820173][ T7294] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  401.831664][ T7294] binder: 7291:7294 ioctl 400c620e 2000000003c0 returned -22
[  401.935107][ T7294] loop3: detected capacity change from 0 to 512
[  401.948433][ T7294] ext4: Unknown parameter 'appraise_type'
[  402.021525][   T22] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  402.683708][ T4317] usb 7-1: USB disconnect, device number 9
[  402.823542][   T22] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.852811][   T22] usb 1-1: config 0 has no interfaces?
[  402.875037][   T22] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  402.919048][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.946533][   T22] usb 1-1: Product: syz
[  402.959349][   T22] usb 1-1: Manufacturer: syz
[  403.191194][ T4314] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  403.200169][   T22] usb 1-1: SerialNumber: syz
[  403.216540][   T22] usb 1-1: config 0 descriptor??
[  403.406615][ T4314] usb 4-1: Using ep0 maxpacket: 8
[  403.467477][ T4314] usb 4-1: config 0 has no interfaces?
[  403.625272][ T4314] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  403.855082][ T4314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.940140][ T4314] usb 4-1: config 0 descriptor??
[  404.222490][   T22] usb 4-1: USB disconnect, device number 20
[  404.905696][   T22] usb 1-1: USB disconnect, device number 17
[  405.390327][ T7321] cgroup: Name too long
[  406.397673][ T7329] loop5: detected capacity change from 0 to 128
[  406.872935][ T4814] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  409.072657][ T7340] Cannot find del_set index 1 as target
[  409.085332][ T7340] overlayfs: missing 'lowerdir'
[  409.626786][ T7345] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  409.638093][ T7345] binder: 7343:7345 ioctl 400c620e 2000000003c0 returned -22
[  409.700107][ T7345] loop5: detected capacity change from 0 to 512
[  409.710003][ T7345] ext4: Unknown parameter 'appraise_type'
[  410.511995][   T22] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  410.711534][   T22] usb 4-1: Using ep0 maxpacket: 16
[  410.720141][   T22] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.906245][   T22] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  410.916831][   T22] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  410.931171][   T22] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  410.940457][   T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.952132][   T22] usb 4-1: config 0 descriptor??
[  411.086734][ T7354] xt_CONNSECMARK: invalid mode: 66
[  411.498943][   T22] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0006/input/input12
[  411.551588][ T4286] Bluetooth: hci0: command 0x0406 tx timeout
[  411.619228][   T22] appleir 0003:05AC:8241.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  412.772406][   T32] usb 4-1: reset high-speed USB device number 21 using dummy_hcd
[  413.520329][ T7337] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  413.530029][ T7337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  413.540372][ T7337] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  413.634446][ T4317] usb 4-1: USB disconnect, device number 21
[  414.195995][ T7372] cgroup: Name too long
[  415.391561][   T32] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  415.701861][   T32] usb 4-1: Using ep0 maxpacket: 16
[  415.769942][   T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.972921][   T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.061473][   T32] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  416.151619][   T32] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  416.221872][   T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.297036][   T32] usb 4-1: config 0 descriptor??
[  416.744985][   T32] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0007/input/input13
[  416.886497][   T32] appleir 0003:05AC:8241.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  417.970986][ T7427] xt_CONNSECMARK: invalid mode: 66
[  418.694052][ T5353] usb 4-1: USB disconnect, device number 22
[  419.003511][ T7437] device syzkaller1 entered promiscuous mode
[  419.554953][ T7445] cgroup: Name too long
[  421.371479][ T4462] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  422.656826][ T7476] xt_CONNSECMARK: invalid mode: 66
[  422.685375][ T4317] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  422.881625][ T4317] usb 7-1: Using ep0 maxpacket: 8
[  422.888816][ T4317] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  422.946433][ T4317] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  423.001560][ T4317] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  423.054031][ T4317] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  423.135785][ T4317] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  423.199672][ T4317] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.438047][ T4462] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  423.494090][ T4317] usb 7-1: GET_CAPABILITIES returned 0
[  423.499880][ T4317] usbtmc 7-1:16.0: can't read capabilities
[  423.574809][ T4462] usb 8-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  423.584525][ T4462] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.598325][ T4462] gspca_main: stv0680-2.14.0 probing 041e:4007
[  423.720210][ T4317] usb 7-1: USB disconnect, device number 10
[  424.063447][ T7498] cgroup: Name too long
[  424.940536][ T4462] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -71
[  424.961450][ T4462] stv0680 8-1:4.0: Could not get descriptor 0200
[  425.002649][ T4462] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  425.010903][ T4462] stv0680 8-1:4.0: last error: 0,  command = 0x0
[  425.063589][ T4462] usb 8-1: USB disconnect, device number 9
[  426.911994][ T4280] Bluetooth: hci3: command 0x0406 tx timeout
[  427.452568][ T7544] xt_CONNSECMARK: invalid mode: 66
[  428.566062][ T7552] loop3: detected capacity change from 0 to 512
[  428.658043][ T7552] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #12: comm syz.3.757: missing EA_INODE flag
[  429.531431][ T7552] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.757: error while reading EA inode 12 err=-117
[  429.591816][ T7552] EXT4-fs (loop3): 1 orphan inode deleted
[  429.597765][ T7552] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  430.452002][ T4283] EXT4-fs (loop3): unmounting filesystem.
[  430.781686][ T4612] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  431.710408][ T7590] block nbd7: Unsupported socket: should be TCP or UNIX.
[  431.831602][ T4612] usb 1-1: Using ep0 maxpacket: 8
[  431.852262][ T4612] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  431.891494][ T4612] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.921466][ T4612] usb 1-1: Product: syz
[  431.925781][ T4612] usb 1-1: Manufacturer: syz
[  431.930434][ T4612] usb 1-1: SerialNumber: syz
[  431.952231][ T4612] usb 1-1: config 0 descriptor??
[  432.101512][ T5353] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  432.308087][ T4612] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  432.316394][ T5353] usb 4-1: Using ep0 maxpacket: 16
[  432.334729][ T5353] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  432.373864][ T5353] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  432.519443][ T4314] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  432.758094][ T4612] usb write operation failed. (-71)
[  432.827296][ T4314] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  433.059711][ T4612] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  433.078128][ T4314] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.111428][ T4314] usb 6-1: Product: syz
[  433.115755][ T4314] usb 6-1: Manufacturer: syz
[  433.120992][ T4612] dvbdev: DVB: registering new adapter (Terratec H7)
[  433.151138][ T4314] usb 6-1: SerialNumber: syz
[  433.156470][ T4612] usb 1-1: media controller created
[  433.208260][ T4314] usb 6-1: config 0 descriptor??
[  433.214220][ T4612] usb read operation failed. (-71)
[  433.231633][ T4612] usb write operation failed. (-71)
[  433.289704][ T4612] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5
[  433.407629][ T5353] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  433.416910][ T5353] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.420778][ T4612] usb 1-1: USB disconnect, device number 18
[  433.425050][ T5353] usb 4-1: Product: syz
[  433.425070][ T5353] usb 4-1: Manufacturer: syz
[  433.425085][ T5353] usb 4-1: SerialNumber: syz
[  433.459988][ T4314] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  433.841644][ T7613] loop0: detected capacity change from 0 to 1024
[  433.950973][ T7613] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  434.000801][ T7613] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  434.150092][ T7613] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: comm syz.0.771: lblock 0 mapped to illegal pblock 0 (length 1)
[  434.226080][ T7613] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  434.303352][ T7613] EXT4-fs (loop0): This should not happen!! Data will be lost
[  434.303352][ T7613] 
[  434.588772][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  434.613963][ T5353] usb 4-1: 0:2 : does not exist
[  434.643099][ T5353] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  434.764004][ T5353] usb 4-1: USB disconnect, device number 23
[  435.033274][ T4814] udevd[4814]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  435.085059][ T4314] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -71
[  435.105661][ T4314] usb 6-1: USB disconnect, device number 12
[  435.182505][ T7632] loop7: detected capacity change from 0 to 512
[  435.202928][ T4462] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  435.286000][ T7632] EXT4-fs error (device loop7): ext4_xattr_inode_iget:401: inode #12: comm syz.7.775: missing EA_INODE flag
[  435.312277][ T7632] EXT4-fs error (device loop7): ext4_xattr_inode_iget:406: comm syz.7.775: error while reading EA inode 12 err=-117
[  435.362328][ T7632] EXT4-fs (loop7): 1 orphan inode deleted
[  435.368421][ T7632] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  435.414750][ T4462] usb 1-1: Using ep0 maxpacket: 8
[  435.554736][ T4462] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  435.668275][ T4462] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  435.690163][ T4462] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  435.739044][ T4462] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  435.837600][ T4462] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  435.918708][ T4462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.152125][ T6074] EXT4-fs (loop7): unmounting filesystem.
[  436.180638][ T4462] usb 1-1: GET_CAPABILITIES returned 0
[  436.186532][ T4462] usbtmc 1-1:16.0: can't read capabilities
[  436.392228][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  436.461643][   T32] usb 1-1: USB disconnect, device number 19
[  436.590526][ T7653] loop5: detected capacity change from 0 to 512
[  436.880548][ T7653] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #12: comm syz.5.780: missing EA_INODE flag
[  437.100606][ T7653] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.780: error while reading EA inode 12 err=-117
[  437.433152][ T7653] EXT4-fs (loop5): 1 orphan inode deleted
[  437.439191][ T7653] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  439.285469][ T7678] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  439.299925][ T7678] binder: 7670:7678 ioctl 400c620e 2000000003c0 returned -22
[  439.409198][ T7680] loop7: detected capacity change from 0 to 512
[  439.419300][ T7680] ext4: Unknown parameter 'appraise_type'
[  439.560487][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  440.194659][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  440.201176][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  440.517472][ T7691] binder: 7690:7691 ioctl c0306201 200000000080 returned -14
[  440.592098][ T7691] binder: 7690:7691 ioctl c0306201 2000000003c0 returned -14
[  440.751478][ T4316] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  440.770521][ T7699] Cannot find del_set index 1 as target
[  440.782196][ T7699] overlayfs: missing 'lowerdir'
[  441.723098][ T4316] usb 8-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  441.801410][ T4316] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 253
[  441.852390][ T4316] usb 8-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  441.879693][ T4316] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.918610][ T4316] usb 8-1: Product: syz
[  441.970078][ T4316] usb 8-1: Manufacturer: syz
[  442.011757][ T4316] usb 8-1: SerialNumber: syz
[  442.018535][ T4316] usb 8-1: config 0 descriptor??
[  442.037120][ T4316] gspca_main: sunplus-2.14.0 probing 055f:c630
[  442.362199][ T4260] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  442.596386][ T4260] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  442.654381][ T4260] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.754668][ T4260] usb 6-1: Product: syz
[  442.813490][ T4260] usb 6-1: Manufacturer: syz
[  442.868433][ T4260] usb 6-1: SerialNumber: syz
[  443.170401][ T4260] usb 6-1: config 0 descriptor??
[  443.612141][ T4260] usb 6-1: Firmware: major: 9, minor: 0, hardware type: ATUSB (0)
[  443.813921][ T4260] usb 6-1: Read permanent extended address 00:00:00:00:00:00:ae:20 from device
[  443.913261][ T4286] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  443.925101][ T4286] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  443.935501][ T4287] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  443.947160][ T4286] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  443.955315][ T4287] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  443.972566][ T4286] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  444.044547][ T4260] usb 6-1: USB disconnect, device number 13
[  444.951459][ T4314] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  445.040781][ T6642] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.064721][ T4316] gspca_sunplus: reg_r err -71
[  445.070014][ T4316] sunplus: probe of 8-1:0.0 failed with error -71
[  445.142447][ T4316] usb 8-1: USB disconnect, device number 10
[  445.148346][ T4314] usb 1-1: Using ep0 maxpacket: 8
[  445.188447][ T4314] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  445.208284][ T4314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.231702][   T32] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  445.248473][ T4314] usb 1-1: Product: syz
[  445.256765][ T4314] usb 1-1: Manufacturer: syz
[  445.264484][ T4314] usb 1-1: SerialNumber: syz
[  445.285566][ T4314] usb 1-1: config 0 descriptor??
[  445.310040][ T4314] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  445.421589][   T32] usb 4-1: Using ep0 maxpacket: 8
[  445.450114][   T32] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  445.486092][   T32] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  445.530739][   T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.588153][   T32] usb 4-1: config 0 descriptor??
[  445.608874][ T7732] chnl_net:caif_netlink_parms(): no params data found
[  445.676576][   T32] gspca_main: vc032x-2.14.0 probing 046d:0892
[  445.794034][ T6642] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.947783][ T6642] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.039807][ T4280] Bluetooth: hci1: command 0x0409 tx timeout
[  446.050074][ T6642] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.075940][ T7732] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.090313][ T7732] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.099380][ T7732] device bridge_slave_0 entered promiscuous mode
[  446.141454][ T4316] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  446.166715][ T7732] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.198589][ T7732] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.211062][ T7732] device bridge_slave_1 entered promiscuous mode
[  446.317904][ T4314] usb 1-1: USB disconnect, device number 20
[  446.329286][ T7732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  446.375196][ T4316] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  446.398141][ T7732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  446.408010][ T4316] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.452983][ T4316] usb 6-1: config 0 descriptor??
[  446.467594][ T4316] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  446.506911][ T7732] team0: Port device team_slave_0 added
[  446.604186][ T7732] team0: Port device team_slave_1 added
[  446.668270][ T4316] gp8psk: usb in 128 operation failed.
[  446.691789][ T7732] batman_adv: batadv0: Adding interface: batadv_slave_0
[  446.698837][ T7732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.739315][ T7732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.756054][ T7732] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.775319][ T7732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.819338][ T7732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  446.899866][ T4316] gp8psk: usb in 146 operation failed.
[  446.905591][ T4316] gp8psk: failed to get FW version
[  446.938896][ T4316] gp8psk: usb in 149 operation failed.
[  446.944495][ T4316] gp8psk: failed to get FPGA version
[  447.016560][ T7788] cgroup: Name too long
[  447.055515][ T7732] device hsr_slave_0 entered promiscuous mode
[  447.077438][ T7732] device hsr_slave_1 entered promiscuous mode
[  447.110419][ T7732] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  447.148131][ T7732] Cannot create hsr debugfs directory
[  447.154661][ T4358] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  447.162699][ T4316] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  447.181424][ T4316] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  447.285856][   T32] gspca_vc032x: reg_w err -71
[  447.292403][   T32] vc032x: probe of 4-1:0.0 failed with error -71
[  447.316935][   T32] usb 4-1: USB disconnect, device number 24
[  447.363578][ T4358] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  447.394209][ T4358] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  447.405486][ T4358] usb 8-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  447.415505][ T4358] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.435669][ T4316] usb 6-1: USB disconnect, device number 14
[  447.443944][ T4358] usb 8-1: config 0 descriptor??
[  447.870048][ T4358] arvo 0003:1E7D:30D4.0008: bogus close delimiter
[  447.877404][ T4358] arvo 0003:1E7D:30D4.0008: item 0 0 2 10 parsing failed
[  447.887591][ T4358] arvo 0003:1E7D:30D4.0008: parse failed
[  447.939096][ T4358] arvo: probe of 0003:1E7D:30D4.0008 failed with error -22
[  448.081251][ T4358] usb 8-1: USB disconnect, device number 11
[  448.121483][ T4280] Bluetooth: hci1: command 0x041b tx timeout
[  448.499275][ T7732] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  448.818921][ T7732] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  448.886211][ T7826] cgroup: Name too long
[  448.962388][ T7732] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  449.188351][ T7732] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  450.191479][ T4287] Bluetooth: hci1: command 0x040f tx timeout
[  451.265277][ T7840] Cannot find del_set index 1 as target
[  451.286899][ T7840] overlayfs: missing 'lowerdir'
[  451.474996][ T6642] device hsr_slave_0 left promiscuous mode
[  451.771543][ T6642] device hsr_slave_1 left promiscuous mode
[  452.152182][   T26] kauditd_printk_skb: 19 callbacks suppressed
[  452.152324][   T26] audit: type=1326 audit(1777734063.712:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  452.281731][ T4287] Bluetooth: hci1: command 0x0419 tx timeout
[  452.542298][   T26] audit: type=1326 audit(1777734063.712:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  452.668628][   T26] audit: type=1326 audit(1777734063.712:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0bdb15d60e code=0x7ffc0000
[  452.707981][ T6642] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  452.757942][ T6642] batman_adv: batadv0: Removing interface: batadv_slave_0
[  452.812612][ T6642] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  452.820222][ T6642] batman_adv: batadv0: Removing interface: batadv_slave_1
[  452.861495][   T26] audit: type=1326 audit(1777734063.712:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  452.912185][ T6642] device bridge_slave_1 left promiscuous mode
[  452.918502][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.962213][ T6642] device bridge_slave_0 left promiscuous mode
[  452.968553][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.971428][   T26] audit: type=1326 audit(1777734063.712:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  453.087817][ T7860] xt_CONNSECMARK: invalid mode: 66
[  453.119062][   T26] audit: type=1326 audit(1777734063.712:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  453.239240][ T7870] cgroup: Name too long
[  453.343727][   T26] audit: type=1326 audit(1777734063.712:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  453.629341][   T26] audit: type=1326 audit(1777734063.712:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  453.795911][   T26] audit: type=1326 audit(1777734063.712:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  453.880774][   T26] audit: type=1326 audit(1777734063.712:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.5.830" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bdb19cdd9 code=0x7ffc0000
[  454.174622][ T7880] binder_alloc: 7877: binder_alloc_buf, no vma
[  454.982101][ T7891] Cannot find del_set index 1 as target
[  454.991648][ T7891] overlayfs: missing 'lowerdir'
[  455.063926][ T6642] device veth1_macvtap left promiscuous mode
[  455.070080][ T6642] device veth0_macvtap left promiscuous mode
[  455.152528][ T6642] device veth1_vlan left promiscuous mode
[  455.158567][ T6642] device veth0_vlan left promiscuous mode
[  456.625337][ T7921] cgroup: Name too long
[  457.387595][ T7930] binder_alloc: 7927: binder_alloc_buf, no vma
[  458.351649][ T7935] Cannot find del_set index 1 as target
[  458.368574][ T7935] overlayfs: missing 'lowerdir'
[  458.499343][ T7938] loop5: detected capacity change from 0 to 1024
[  458.599698][ T7938] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  458.640927][ T7938] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  459.072231][ T7951] loop0: detected capacity change from 0 to 128
[  459.645265][ T7952] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.852: bg 0: block 112: padding at end of block bitmap is not set
[  459.724554][ T7952] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  459.809563][ T7956] EXT4-fs error (device loop5): ext4_map_blocks:747: inode #15: comm syz.5.852: lblock 0 mapped to illegal pblock 0 (length 1)
[  459.914395][ T7959] cgroup: Name too long
[  459.945405][ T7952] EXT4-fs (loop5): This should not happen!! Data will be lost
[  459.945405][ T7952] 
[  459.957472][ T7952] EXT4-fs (loop5): Total free blocks count 0
[  459.971389][ T7952] EXT4-fs (loop5): Free/Dirty block details
[  460.041541][ T4317] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  460.082042][ T7952] EXT4-fs (loop5): free_blocks=0
[  460.087074][ T7952] EXT4-fs (loop5): dirty_blocks=64
[  460.134405][ T7952] EXT4-fs (loop5): Block reservation details
[  460.151530][ T7952] EXT4-fs (loop5): i_reserved_data_blocks=4
[  460.230429][ T7956] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #15: comm syz.5.852: lblock 0 mapped to illegal pblock 0 (length 1)
[  460.291494][ T4317] usb 1-1: Using ep0 maxpacket: 8
[  460.300754][ T4317] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  460.341452][ T4317] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  460.371507][ T4317] usb 1-1: Product: syz
[  460.697696][ T6642] team0 (unregistering): Port device team_slave_1 removed
[  461.013855][ T6642] team0 (unregistering): Port device team_slave_0 removed
[  461.118935][ T4317] usb 1-1: Manufacturer: syz
[  461.123718][ T4317] usb 1-1: SerialNumber: syz
[  461.201086][ T7954] xt_CONNSECMARK: invalid mode: 66
[  461.371801][ T6642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.435145][ T4317] usb 1-1: config 0 descriptor??
[  461.446210][ T4317] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  461.620224][ T6642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  462.078266][ T4317] gspca_zc3xx: reg_w_i err -71
[  462.095161][ T4317] gspca_zc3xx: probe of 1-1:0.0 failed with error -71
[  462.107494][ T4317] usb 1-1: USB disconnect, device number 21
[  462.222021][ T6642] bond0 (unregistering): Released all slaves
[  462.350986][ T4672] EXT4-fs (loop5): unmounting filesystem.
[  462.566295][ T7976] binder_alloc: 7971: binder_alloc_buf, no vma
[  463.418358][ T7978] loop3: detected capacity change from 0 to 512
[  463.481809][ T7978] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #12: comm syz.3.864: missing EA_INODE flag
[  463.519594][ T7978] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.864: error while reading EA inode 12 err=-117
[  463.607645][ T7978] EXT4-fs (loop3): 1 orphan inode deleted
[  463.648430][ T7978] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  463.765583][ T7732] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.781540][ T5353] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  463.810094][ T1076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  463.825904][ T4283] EXT4-fs (loop3): unmounting filesystem.
[  463.828948][ T1076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  463.858027][ T7732] 8021q: adding VLAN 0 to HW filter on device team0
[  463.925335][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  463.944136][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  463.973743][ T5353] usb 6-1: unable to get BOS descriptor or descriptor too short
[  463.988848][ T5353] usb 6-1: not running at top speed; connect to a high speed hub
[  464.017286][ T4399] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.020936][ T5353] usb 6-1: New USB device found, idVendor=1235, idProduct=8014, bcdDevice= 0.40
[  464.024481][ T4399] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.069934][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  464.079496][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  464.091178][ T5353] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.107996][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  464.110192][ T5353] usb 6-1: Product: syz
[  464.131483][ T5353] usb 6-1: Manufacturer: syz
[  464.136344][ T5353] usb 6-1: SerialNumber: syz
[  464.162520][ T4399] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.169714][ T4399] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.261298][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  464.316926][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  464.326248][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  464.355553][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  464.642528][ T8000] No buffer was provided with the request
[  465.493463][ T5353] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  465.571531][ T5353] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  465.745511][ T5353] usb 6-1: USB disconnect, device number 15
[  466.071771][ T8009] loop0: detected capacity change from 0 to 1024
[  466.250886][ T8009] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  466.304225][ T8009] ext4 filesystem being mounted at /204/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  466.413098][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  466.421289][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  466.442516][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  466.500884][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  466.984736][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  467.084886][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  467.190658][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  467.267313][ T8023] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.871: bg 0: block 112: padding at end of block bitmap is not set
[  467.283968][ T7999] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  467.284367][ T7732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  467.293754][ T7999] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  467.311756][ T7999] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  467.401537][ T8012] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  467.431988][ T8023] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  467.520499][ T8023] EXT4-fs (loop0): This should not happen!! Data will be lost
[  467.520499][ T8023] 
[  467.572896][ T8024] EXT4-fs error (device loop0): ext4_map_blocks:747: inode #15: comm syz.0.871: lblock 0 mapped to illegal pblock 0 (length 1)
[  467.663910][ T8023] EXT4-fs (loop0): Total free blocks count 0
[  467.705097][ T8023] EXT4-fs (loop0): Free/Dirty block details
[  467.711099][ T8023] EXT4-fs (loop0): free_blocks=0
[  467.804382][ T8033] loop3: detected capacity change from 0 to 512
[  467.835166][ T8023] EXT4-fs (loop0): dirty_blocks=64
[  467.840459][ T8023] EXT4-fs (loop0): Block reservation details
[  467.910230][ T8023] EXT4-fs (loop0): i_reserved_data_blocks=4
[  467.912748][ T8033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #12: comm syz.3.876: missing EA_INODE flag
[  467.916633][ T4260] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  468.037503][ T8033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.876: error while reading EA inode 12 err=-117
[  468.111459][ T4260] usb 6-1: Using ep0 maxpacket: 8
[  468.118983][ T4260] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  468.149514][ T4260] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  468.159279][ T8033] EXT4-fs (loop3): 1 orphan inode deleted
[  468.180072][ T8033] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  468.200399][ T4260] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  468.240983][ T4260] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  468.466241][ T4260] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  468.501800][ T4260] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.736970][ T4260] usb 6-1: GET_CAPABILITIES returned 0
[  468.742830][ T4260] usbtmc 6-1:16.0: can't read capabilities
[  468.749869][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  468.770269][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  468.809098][ T7732] 8021q: adding VLAN 0 to HW filter on device batadv0
[  468.950504][ T4260] usb 6-1: USB disconnect, device number 16
[  469.710853][ T4275] EXT4-fs (loop0): unmounting filesystem.
[  470.489097][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  470.801974][ T8075] xt_CONNSECMARK: invalid mode: 66
[  470.979443][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  471.052366][ T4283] EXT4-fs (loop3): unmounting filesystem.
[  471.160549][ T7732] device veth0_vlan entered promiscuous mode
[  471.216028][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  471.281398][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  471.296733][ T7732] device veth1_vlan entered promiscuous mode
[  471.384068][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  471.418407][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  471.468709][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  471.646501][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  471.666413][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  471.703879][ T7732] device veth0_macvtap entered promiscuous mode
[  471.729457][ T7732] device veth1_macvtap entered promiscuous mode
[  471.991544][   T32] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  472.084603][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.211942][   T32] usb 6-1: Using ep0 maxpacket: 32
[  472.253436][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.294004][   T32] usb 6-1: unable to get BOS descriptor or descriptor too short
[  472.396047][   T32] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  472.415902][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.497883][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.508137][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.519289][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.537487][ T7732] batman_adv: batadv0: Interface activated: batadv_slave_0
[  472.551569][ T4612] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  472.558196][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.570433][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.580870][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.585571][   T32] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  472.597974][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.611203][ T7732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.621746][ T7732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.633855][ T7732] batman_adv: batadv0: Interface activated: batadv_slave_1
[  472.653591][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  472.687073][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  472.696510][   T32] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  472.729385][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  472.752789][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  472.769486][   T32] usb 6-1: New USB device found, idVendor=0763, idProduct=1033, bcdDevice= 0.40
[  472.781516][ T4612] usb 1-1: Using ep0 maxpacket: 8
[  472.782588][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  472.795908][ T4612] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  472.821627][   T32] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.822365][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  472.831647][ T4612] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  472.853531][   T32] usb 6-1: Product: syz
[  472.857896][   T32] usb 6-1: Manufacturer: syz
[  472.863298][   T32] usb 6-1: SerialNumber: syz
[  472.868755][ T4612] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  472.871734][ T7732] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  472.888107][ T4612] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  472.904915][ T4612] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  472.915995][ T4612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.947189][ T7732] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  472.956036][ T7732] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  472.972393][ T7732] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  473.061818][ T4465] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  473.137850][   T32] usb 6-1: 1:1 : no or invalid class specific endpoint descriptor
[  473.146108][ T6642] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  473.149368][ T4612] usb 1-1: GET_CAPABILITIES returned 0
[  473.165255][ T6642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  473.171518][ T4612] usbtmc 1-1:16.0: can't read capabilities
[  473.187491][   T32] usb 6-1: found format II with max.bitrate = 64, frame size=9
[  473.209996][ T6642] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  473.226455][   T32] usb 6-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  473.251707][ T4465] usb 8-1: Using ep0 maxpacket: 8
[  473.257165][   T32] usb 6-1: 0:2 : does not exist
[  473.258927][ T4465] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  473.296522][ T4475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  473.308769][   T32] usb 6-1: USB disconnect, device number 17
[  473.308868][ T4475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  473.332166][ T4465] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  473.349333][ T6642] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  473.360509][ T4465] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  473.410347][ T4260] usb 1-1: USB disconnect, device number 22
[  473.413786][ T4465] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  473.437731][ T4465] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  473.459000][ T4465] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.685475][ T8128] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  473.701018][ T8128] binder: 8126:8128 ioctl 400c620e 2000000003c0 returned -22
[  473.778547][ T8128] loop8: detected capacity change from 0 to 512
[  473.789511][ T8128] ext4: Unknown parameter 'appraise_type'
[  473.964270][ T4465] usb 8-1: usb_control_msg returned -32
[  473.970520][ T4465] usbtmc 8-1:16.0: can't read capabilities
[  474.841680][ T8136] Zero length message leads to an empty skb
[  475.860709][ T5347] usb 8-1: USB disconnect, device number 12
[  476.211474][ T4465] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  476.440416][ T8167] xt_CONNSECMARK: invalid mode: 66
[  476.871667][ T4260] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  476.920938][ T4465] usb 1-1: Using ep0 maxpacket: 16
[  476.943417][ T4465] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  476.961460][ T4465] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  476.981406][ T4465] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  476.991224][ T4465] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  477.027338][ T4465] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  477.065411][ T4465] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  477.082271][ T4260] usb 8-1: Using ep0 maxpacket: 8
[  477.091427][ T4465] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  477.099486][ T4465] usb 1-1: Manufacturer: syz
[  477.100267][ T4260] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  477.120843][ T4465] usb 1-1: config 0 descriptor??
[  477.145268][ T4260] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  477.177414][ T4260] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  477.232720][ T4260] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  477.256584][ T4260] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  477.277034][ T4260] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.572211][ T4260] usb 8-1: GET_CAPABILITIES returned 0
[  477.577918][ T4260] usbtmc 8-1:16.0: can't read capabilities
[  477.587972][ T8183] Cannot find del_set index 1 as target
[  477.660249][ T8180] overlayfs: missing 'lowerdir'
[  477.777329][ T4358] usb 8-1: USB disconnect, device number 13
[  477.947642][ T4465] rc_core: IR keymap rc-hauppauge not found
[  477.964726][ T4465] Registered IR keymap rc-empty
[  477.990454][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.041514][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.083019][ T4465] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  478.123791][ T4465] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input14
[  478.236301][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.271728][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.411799][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.555338][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.681911][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.789020][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.880107][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.912446][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  478.961491][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  479.029022][ T4465] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  479.103297][ T4465] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  479.121628][ T4465] mceusb 1-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active)
[  479.132581][ T8207] 
[  479.134974][ T8207] ======================================================
[  479.142031][ T8207] WARNING: possible circular locking dependency detected
[  479.149275][ T8207] syzkaller #0 Not tainted
[  479.150525][ T4465] usb 1-1: USB disconnect, device number 23
[  479.153701][ T8207] ------------------------------------------------------
[  479.153711][ T8207] syz.8.909/8207 is trying to acquire lock:
[  479.153721][ T8207] ffff888028109458 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x10d/0xae0
[  479.153776][ T8207] 
[  479.153776][ T8207] but task is already holding lock:
[  479.153781][ T8207] ffff888028108130 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[  479.201300][ T8207] 
[  479.201300][ T8207] which lock already depends on the new lock.
[  479.201300][ T8207] 
[  479.211898][ T8207] 
[  479.211898][ T8207] the existing dependency chain (in reverse order) is:
[  479.221110][ T8207] 
[  479.221110][ T8207] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[  479.228889][ T8207]        lock_sock_nested+0x44/0x100
[  479.234212][ T8207]        smc_listen_out+0x109/0x3d0
[  479.239529][ T8207]        smc_listen_work+0x581/0xd70
[  479.244937][ T8207]        process_one_work+0x8a2/0x1160
[  479.250417][ T8207]        worker_thread+0xaa2/0x1270
[  479.255629][ T8207]        kthread+0x29d/0x330
[  479.260276][ T8207]        ret_from_fork+0x1f/0x30
[  479.265236][ T8207] 
[  479.265236][ T8207] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[  479.275595][ T8207]        __lock_acquire+0x2d07/0x7d10
[  479.281074][ T8207]        lock_acquire+0x1bb/0x4a0
[  479.286117][ T8207]        __flush_work+0x126/0xae0
[  479.291152][ T8207]        __cancel_work_timer+0x3f4/0x560
[  479.296792][ T8207]        smc_clcsock_release+0x5c/0xe0
[  479.302356][ T8207]        __smc_release+0x661/0x7d0
[  479.307485][ T8207]        smc_close_non_accepted+0xd1/0x1f0
[  479.313315][ T8207]        smc_close_active+0xb00/0xea0
[  479.318869][ T8207]        __smc_release+0x8d/0x7d0
[  479.323917][ T8207]        smc_release+0x2ca/0x530
[  479.329127][ T8207]        sock_close+0xd5/0x240
[  479.333984][ T8207]        __fput+0x22c/0x920
[  479.338604][ T8207]        task_work_run+0x1d0/0x260
[  479.343867][ T8207]        exit_to_user_mode_loop+0xe6/0x110
[  479.349892][ T8207]        exit_to_user_mode_prepare+0xee/0x180
[  479.356086][ T8207]        syscall_exit_to_user_mode+0x16/0x40
[  479.362274][ T8207]        do_syscall_64+0x58/0xa0
[  479.367230][ T8207]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  479.373939][ T8207] 
[  479.373939][ T8207] other info that might help us debug this:
[  479.373939][ T8207] 
[  479.384202][ T8207]  Possible unsafe locking scenario:
[  479.384202][ T8207] 
[  479.391761][ T8207]        CPU0                    CPU1
[  479.397309][ T8207]        ----                    ----
[  479.402715][ T8207]   lock(sk_lock-AF_SMC/1);
[  479.407242][ T8207]                                lock((work_completion)(&new_smc->smc_listen_work));
[  479.416712][ T8207]                                lock(sk_lock-AF_SMC/1);
[  479.423751][ T8207]   lock((work_completion)(&new_smc->smc_listen_work));
[  479.430715][ T8207] 
[  479.430715][ T8207]  *** DEADLOCK ***
[  479.430715][ T8207] 
[  479.438864][ T8207] 2 locks held by syz.8.909/8207:
[  479.444080][ T8207]  #0: ffff8880714d2c10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240
[  479.454718][ T8207]  #1: ffff888028108130 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[  479.464255][ T8207] 
[  479.464255][ T8207] stack backtrace:
[  479.470232][ T8207] CPU: 1 PID: 8207 Comm: syz.8.909 Not tainted syzkaller #0
[  479.477702][ T8207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  479.487884][ T8207] Call Trace:
[  479.491175][ T8207]  <TASK>
[  479.494204][ T8207]  dump_stack_lvl+0x188/0x24e
[  479.498929][ T8207]  ? load_image+0x400/0x400
[  479.503538][ T8207]  ? show_regs_print_info+0x12/0x12
[  479.508792][ T8207]  ? print_circular_bug+0x12b/0x1a0
[  479.514010][ T8207]  check_noncircular+0x296/0x330
[  479.518969][ T8207]  ? look_up_lock_class+0x75/0x140
[  479.524094][ T8207]  ? add_chain_block+0x940/0x940
[  479.529160][ T8207]  ? lockdep_lock+0xf1/0x1f0
[  479.533913][ T8207]  ? lock_release+0xcf/0x920
[  479.538525][ T8207]  ? _find_first_zero_bit+0xcf/0x100
[  479.543845][ T8207]  __lock_acquire+0x2d07/0x7d10
[  479.548718][ T8207]  ? unwind_next_frame+0x1880/0x20b0
[  479.554015][ T8207]  ? deref_stack_reg+0x19f/0x230
[  479.558975][ T8207]  ? __bfs+0x2a3/0x5c0
[  479.563152][ T8207]  ? verify_lock_unused+0x140/0x140
[  479.568457][ T8207]  ? mark_lock+0x94/0x320
[  479.572804][ T8207]  ? __lock_acquire+0x13cf/0x7d10
[  479.577854][ T8207]  ? add_chain_block+0x940/0x940
[  479.582808][ T8207]  ? lockdep_unlock+0x142/0x2e0
[  479.587865][ T8207]  lock_acquire+0x1bb/0x4a0
[  479.592472][ T8207]  ? __flush_work+0x10d/0xae0
[  479.597364][ T8207]  ? __lock_acquire+0x13cf/0x7d10
[  479.602418][ T8207]  ? read_lock_is_recursive+0x10/0x10
[  479.607905][ T8207]  ? __flush_work+0x10d/0xae0
[  479.612596][ T8207]  __flush_work+0x126/0xae0
[  479.617200][ T8207]  ? __flush_work+0x10d/0xae0
[  479.621894][ T8207]  ? verify_lock_unused+0x140/0x140
[  479.627108][ T8207]  ? flush_work+0x20/0x20
[  479.631451][ T8207]  ? try_to_grab_pending+0xfa/0x860
[  479.636754][ T8207]  ? lockdep_hardirqs_off+0x70/0x100
[  479.642145][ T8207]  ? mark_lock+0x94/0x320
[  479.646489][ T8207]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  479.652575][ T8207]  ? lock_chain_count+0x20/0x20
[  479.657461][ T8207]  ? __cancel_work_timer+0x36a/0x560
[  479.662930][ T8207]  __cancel_work_timer+0x3f4/0x560
[  479.668145][ T8207]  ? cancel_work_sync+0x20/0x20
[  479.673186][ T8207]  ? __smc_release+0x659/0x7d0
[  479.677966][ T8207]  ? __local_bh_enable_ip+0x136/0x1c0
[  479.683481][ T8207]  ? lockdep_hardirqs_on+0x94/0x140
[  479.688814][ T8207]  ? __local_bh_enable_ip+0x136/0x1c0
[  479.694285][ T8207]  ? _local_bh_enable+0xa0/0xa0
[  479.699409][ T8207]  smc_clcsock_release+0x5c/0xe0
[  479.704398][ T8207]  __smc_release+0x661/0x7d0
[  479.709013][ T8207]  ? do_raw_spin_unlock+0x11d/0x230
[  479.714235][ T8207]  smc_close_non_accepted+0xd1/0x1f0
[  479.719537][ T8207]  smc_close_active+0xb00/0xea0
[  479.724757][ T8207]  ? sock_no_sendpage_locked+0x1c0/0x1c0
[  479.730414][ T8207]  __smc_release+0x8d/0x7d0
[  479.735031][ T8207]  ? do_raw_spin_unlock+0x11d/0x230
[  479.740331][ T8207]  smc_release+0x2ca/0x530
[  479.744937][ T8207]  sock_close+0xd5/0x240
[  479.749280][ T8207]  ? sock_mmap+0x90/0x90
[  479.753536][ T8207]  __fput+0x22c/0x920
[  479.757585][ T8207]  task_work_run+0x1d0/0x260
[  479.762195][ T8207]  ? task_work_cancel+0x220/0x220
[  479.767252][ T8207]  ? exit_to_user_mode_loop+0x3b/0x110
[  479.773004][ T8207]  exit_to_user_mode_loop+0xe6/0x110
[  479.778397][ T8207]  exit_to_user_mode_prepare+0xee/0x180
[  479.784249][ T8207]  syscall_exit_to_user_mode+0x16/0x40
[  479.789896][ T8207]  do_syscall_64+0x58/0xa0
[  479.794330][ T8207]  ? clear_bhb_loop+0x60/0xb0
[  479.799021][ T8207]  ? clear_bhb_loop+0x60/0xb0
[  479.803980][ T8207]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  479.809985][ T8207] RIP: 0033:0x7fca5cf9cdd9
[  479.814613][ T8207] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  479.834493][ T8207] RSP: 002b:00007ffc34cffb78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  479.843097][ T8207] RAX: 0000000000000000 RBX: 00007ffc34cffc60 RCX: 00007fca5cf9cdd9
[  479.851174][ T8207] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  479.859239][ T8207] RBP: 0000000000074f1a R08: 0000000000000001 R09: 0000000000000000
[  479.867218][ T8207] R10: 0000001b2e520000 R11: 0000000000000246 R12: 00007ffc34cffca0
[  479.875200][ T8207] R13: 00007fca5d215fac R14: 0000000000074f70 R15: 00007fca5d215fa0
[  479.883473][ T8207]  </TASK>
[  479.961389][ T5347] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  480.155097][ T5347] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  480.180600][ T5347] usb 4-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  480.191016][ T5347] usb 4-1: Product: syz
[  480.195819][ T5347] usb 4-1: Manufacturer: syz
[  480.200671][ T5347] usb 4-1: SerialNumber: syz
[  480.213654][ T5347] usb 4-1: config 0 descriptor??
[  480.224683][ T5347] ch341 4-1:0.0: ch341-uart converter detected
[  480.824699][ T5347] usb 4-1: failed to send control message: -71
[  480.831150][ T5347] ch341-uart: probe of ttyUSB0 failed with error -71
[  480.854257][ T5347] usb 4-1: USB disconnect, device number 25
[  480.864125][ T5347] ch341 4-1:0.0: device disconnected