last executing test programs:

22.588541501s ago: executing program 2 (id=2265):
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000200)={0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0}, 0x0, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, r2, &(0x7f0000000040)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x150, 0x0, 0x1, {0x0, r3}})
io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0)

22.425108451s ago: executing program 2 (id=2267):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565d4a9bb17a41aacf550c4510ba99a24b48eab32e5d7549de9bae7954e0f750b55f706de3d5001", 0xe6}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f1880adf0cb1507d", 0x37}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x3, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e", 0xd2}, {&(0x7f00000011c0)}], 0x5, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b431", 0xe9}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95", 0x8a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10.672738339s ago: executing program 1 (id=2307):
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000200)={0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, &(0x7f0000000040)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x150, 0x0, 0x1, {0x0, r3}})
io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0)

10.553196926s ago: executing program 1 (id=2308):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0)
ioctl$FBIOBLANK(r2, 0x4611, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
quotactl_fd$Q_GETFMT(r2, 0xffffffff80000402, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r4, &(0x7f0000001600)=""/4098, 0x1002, 0x97)

9.272976376s ago: executing program 1 (id=2309):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7f, 0x0, 0x9, 0xffffffffffffffff, 0xfffffe0000000005, 0xfa11, 0xffffffff}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000100)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", '\x00', "3f4051c4", "a44a889722b66244"}, 0x28)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r3, 0x0, 0x0)
close(r3)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000240)=<r5=>0xffffffffffffffff)
ioctl$VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000300)=@multiplanar_overlay={0x10, 0x3, 0x4, 0x4, 0x0, {}, {0x72b8fb991ecd75bf, 0x8, 0x1, 0x80, 0x18, 0x2, "5b96b337"}, 0xf, 0x3, {&(0x7f00000001c0)=[{0x2, 0x2808, {0x4}, 0x2}, {0x3, 0xfff, {0x6}, 0x9}]}, 0x5, 0x0, r5})
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x30044800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0x4e23, 0xd, @local, 0x9}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)

7.797835097s ago: executing program 0 (id=2312):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565d4a9bb17a41aacf550c4510ba99a24b48eab32e5d7549de9bae7954e0f750b55f706de3d5001638a1260dd8d2a", 0xed}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f1880adf0cb1507d", 0x37}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x3, &(0x7f0000000b40)}}, {{0x0, 0x0, &(0x7f0000001400), 0x0, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b431", 0xe9}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95", 0x8a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5.475109421s ago: executing program 0 (id=2315):
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000200)={0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, &(0x7f0000000040)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x150, 0x0, 0x1, {0x0, r3}})
io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0)

5.125424652s ago: executing program 0 (id=2316):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0)
ioctl$FBIOBLANK(r2, 0x4611, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
quotactl_fd$Q_GETFMT(r2, 0xffffffff80000402, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r4, &(0x7f0000001600)=""/4098, 0x1002, 0x97)

4.707665428s ago: executing program 3 (id=2317):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket(0x10, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4, 0x3000}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48081}, 0x0)

4.295541144s ago: executing program 3 (id=2318):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
unshare(0x2040400)
rseq(&(0x7f0000001040)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000000)=@file={0x1}, 0x6e)

4.213047239s ago: executing program 1 (id=2319):
syz_usb_connect$uac1(0x2, 0xa5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
poll(&(0x7f00000000c0)=[{}, {r1, 0x2187}], 0x2, 0x3ff)

3.916563567s ago: executing program 2 (id=2270):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565d4a9bb17a41aacf550c4510ba99a24b48eab32e5d7549de9bae7954e0f750b55f706de3d5001638a1260dd8d2a", 0xed}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f188", 0x31}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x3, &(0x7f0000000b40)}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e4d2fcca72d87d81df01c142428158ad7ba84dd6c65d24a8d094308433219872eeda0c235f8be3088a880", 0xfc}, {&(0x7f00000010c0)="978d1129fddf5e2f1be8be48f935ef4f71893a57f79be3e44522d3987ccee23f4e717d8c8e14573937040fb658a24f1c9e0c7f98a24fa1209a6ea754e1244234c715713d120b6929614443fd6b4223bc04c3a8c9241ccbb6a8b0bb19fe4eedae48642a74e97588dc36bf06a4c1fb17b47b39240a6a8e9b5daa97e63d777e665841a349c52022252eafc1c129e154ab390624dd7fb8ac1e44c203140d6aab524f61cd8642ee0f380ebb21dc9267a8fbefa6eec89ff97e78", 0xb7}, {&(0x7f00000011c0)}], 0x6, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b431", 0xe9}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95", 0x8a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.368413632s ago: executing program 2 (id=2320):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x3e, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xc0002003})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

3.287318457s ago: executing program 3 (id=2321):
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x20000801)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x148}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x0, 0x2)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0x0, 0x1, 0x4, 0xff, 0xfffffffffffffffc}, 0x0, 0x0)
ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x4004743c, 0x0)
userfaultfd(0x80001)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/58, 0x3a}, {&(0x7f0000000180)}], 0x2, 0x0, 0x63)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x100000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000009}, 0x0, 0x0)

2.201540634s ago: executing program 0 (id=2322):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95", 0x8a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.045351923s ago: executing program 3 (id=2323):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newlink={0x20, 0x10, 0x1, 0x2, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x7e99a}}, 0x20}, 0x1, 0x0, 0x0, 0x884}, 0x4004004)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x8000, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000001600)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)

2.031084924s ago: executing program 2 (id=2324):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58)
r4 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000001c0)="14", 0x1}, {&(0x7f0000000280)="3b942cdf3dbb4d708446209c8a7a9893c711167b6aee1ac4a8cc59d92a394f460b20f21b9add9e84d2dba9e6df8034c449e64138a4aea2a8df6d35031bd3263f", 0x7fffefff}], 0x2}], 0x1, 0x0)

1.880779694s ago: executing program 3 (id=2325):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket(0x10, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4, 0x3000}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48081}, 0x0)

1.679765626s ago: executing program 3 (id=2326):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f00000001c0))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2404c822}, 0x8000)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
madvise(&(0x7f0000735000/0x1000)=nil, 0x1000, 0x65)
socket$nl_route(0x10, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_TMR_STOP(r5, 0x5402)
ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, &(0x7f0000000080)=@t={0x81, 0x6, 0x0, 0x0, @generic})
openat$cgroup_procs(r4, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000100)={@local, 0x0, r7})
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r7})
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFFLAGS(r10, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34}, 0x94)

1.093381422s ago: executing program 0 (id=2327):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x400000000010, 0x3, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba52b", 0xc3}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd23cc88571f540aa75255a73b8c9cdc2e75edf622add4302f913d9", 0xb2}, {&(0x7f00000000c0)}], 0x6}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000004c00)="e24fc801dffdf37981a92f7f4005844301258a0ec141f1ec014bd9d03d1db52a75dfb8e04daddc3fac31adda350235262d9e1b8e20d406b97372033032d7623ff84bbf544a91c12eb644b323e9653fd76852c025e718cc91d9e9e274a7ed2dc15d8efec8d11a7983cdc8f3c39dbf764fc28873b760c435743929653c359ee706dcf2658403b25fbf3382f179562dc64883887ead6a916ef430ee4f67e21a3f01a3a35627bfb2f6ba204da0280c9f2fb5443879616a431884af82606286c4760a9ef4aa264e0000137f28dbe594332062120a76b565165987eef46c1d523f0fba98cd51f14537e313952f76574e3137aa1b41ae8e16f4087ddbaa7de98ca609a1b01b64ab10613204e4d18f376138fe7735ffb2fa09843922ce5a365e1e84286f09c432e0f521be13182256dcf534e03efb1735e55a8dce53e32ac669207d21e3b79414a8e61204f7c4173f2381e4c5e6cce12f6bae60d5bff199d5da50e40f87efbcec332173caba740a1b12c915bccf04940399b9a72a7dca4b8c7d46a2c444f6c7e30cf1f811a4a31cabb9b512a949105e2aa4081a3d613ad9ae4cf209d684e4b27c204bc5a395da552b8638df42d4c3522b64eaf11c988fce5634757ed41b39c338aea3ed2171e86fd34cde22dc3519edd2108641f3c3d4ca2016524b8f7d67e80ef5474d0a4a157eca9e5c0c5fcd7f459f64e91effe3bbcdcf9aba5704952cf0b82b1b0d4533a9c7ddc914bc7dfd8eea591be5806408191e3cca1cd6101f575b7c7206cd219b9f379fc3d03c3c867e5c36a8fcc75e86988a1897876b5a3bb2b3e102a742ebaeb50e08096c1990fa8d8755c187f86213f3cfc322f7997da73594e30f68a1da5768201916dfd52711ad79caae751260cc054dda58307f4031aebc75514795e6d7ae7725c27f7bc8f1e2115603e1f8b18517a74ddd901752a194cfb37535c949f4a5eefc98b231e03fd7a5d7643817567c7fbdcad37365a1a063c11bfd7e6474e9608391f3f3ebcd97a3ad7a9873d8615a9a4dac09ebc528b9277f71d5c2e6012645c643764319941206e6957987b5423b3864e6acb89c0e0371d66c5e16dfd920305cf5dc39ea0d48cea652236f3492f5b60a2a648e8ac61bf13811a81be593e430f504d0fe3d38222acd10e188605410900c55f203e0f6d553cf4e7cdfdfdbf4b60ee166c8be15757c6042f7f7b0c0c75932f795b075ba4116f1336622bafc47e58206255af610b3a7e88fed94a1c4a8b29e7e379b084431d5e059c0d0342678ef5b2ad08d10be3b48e4a1d0de16e8ca0175e1453fa15f8086f7b93d15e5f0769d56cbcec255fd1e82c43a61d50b893a8e7bc84c7cc1b9cffbc4d8f8d703d1ca879acf93e82f35a534665bd5a5a9e13e35ed00d796b830c45f87ba6c90857d05774506611c940e391752237af000473cfff41236801a9e78c48206e03e2a4b1c9164eb1f8cfb71d1559d3b5650327868ef87906b5a0e05470b0655f51090a57a65895608866ac0e008c44898ea0fa968ae510b561b8ebb9f0a38c2572f93aa6a8f5aaab1ff62ad761af234379adfc397c186a99bbecd534266358c5e053de4698e37fb0c512d72492c6f0d18e686c21665224d23fb6b15670e235a96bab63d63df51624f73d78fc38e0c8956882ebbbe0207f3b13be74b70ef29e64912cac49dd90a7f4d5fd09bec08dcb8413578f9e4456079c3673ffd33b366d4a203af63f25ba792a722a4d36749c6724e0b37cfd71761f3ff122861e362aab7a26a8c8090b65ab080535fa912d5b58a9b65410b94acc42396796e35a308cac7594439f4ed2afc8cc4676159751d9ce63ff894a7cad95b375f852d9bd493719ab9bac41cd9ec817b835628a6a9f4869fc9ce72ea3fc7119341ceaf23e85f7a990b7eeb35ef2ef2c84f6fafa0c186a0b2490c72cfe2ce7607634e0d651e4c87514a177300f4f3b762e386cc1522e9b859fb9297329a73b89b8a97184864823d1829fe7a6bf30c69f24b61338e3f341e05e3f70ec6cd6f3544652f69ade293dc896836632271cde36ebb6f515dc8d13121def9d2911ed0d19f2fc31a12b1de3b43dbfb32c0df664c85d4b978f3a41b43546844c8581590dade2db066d5a948a386438232b0be334232800fd164aac8047a96b85356820597a0ef21b2df300a8ef2a08155b7a8eb7793e5ec768db868432c9d65cd748369f24909862131553af695be43c95f2e65a9ef1f8fbad3d03bee4640639c0351c6ed58113b86ec0530aff32f4e4b786285ce72afd6dce83b3a82f58a0bc62735e3402848690d2865438c81f174588e6046ba95935ec0dfbbbb87dda17d8fdcf07b8322bdf18b1421293ead6a8b38119724c9c122f457f85129cbd50338a7e3194418c00ed91cd39878f7753477a17856281ae743c8dcdfc7d5c7142348f9fae4f7767f2c89c394c3fd5d8f261bde3b2055ccddf05c36643e21ec542a62be492501b470813fcedf01c876da0e1e822c3867f32951053f2963b5d1f90e713df0b2c526f36e685b4153d4ae4e8c607df1308c84e500c0bd9fe80dc3cf28187a39fd09643afb25eaa9411f3ce6304dc8bfd02afc9a6bad59887a1cad44a1f613a0779059a90248f09e357af291b1cce42cb9ac766dac70e599c1bbba4a58715adf2426a865eb1e0b80f10602db39c400b45131700490a9c38345022acc79851c2368bc7d191bc1f995722c564198669a68c971f60779e6983508a7c8077cdc7677d9a8b70b8fd1183f57cbc2d653ef6e96110c0c6730be7add59392b4082a6478447cc307d35512dfb2c4e27122b9749eeed9b5a5906f99ee57d7b565822bd4d78aed8f1567409a59ae77b3a1552a5cdb1558ff3ffd2b4cd0e141fce5ad11de5509c6dac5858bbb222bc403e3a307294afbe9633e162bfc5231284f58d475ef19cc1012cb4a81bd26e7e24509ecb5bd859a04a8e39f373188fc58573a52bf8a5de50aa082a4ad28202d01da2f0c7d3a6d1d3b9c3dab9d3ad9a663af4894904236632514d668e5f5016a350ae5accae2902cb9cba8d5262abc4e934329f410739831d447b798bb1da19bd3c98e90f43e54b8911ab9da8d594c9d0617396a53469ec2eb6ca0843ffd39e65b79bf856c755d8fda71b66e16cba537adac14de21a16a379513555d13ee6e021e6bb1cb5db35a7cb0162c3dbf631e8b6b42cc98fba74396971be184b910dbf0fbc29c0e45acfe59c789a134bcc01f7c3b2513d4ef988e7f66e5002d9ee8766870b9502d173953b78b654f020349b7af7845462822a6c78a63416606a265389216f141ca8269a11f18edf1d11de7f11906b787a0189a4fe5a55bb0f78c25319583b5f81c4ad25dd4544d35a2f8afce5b8a117b16104c45997f9ad31421414006f158881e9c7f553f3b7364e274bff39236720d67346e8270b2fd6b5b33c0cece3251b62ec09c709ad1adee626e43a54356b803adf23e45ddbe2bbade69974ca43c3f2246389612398a5247678299995592002f369b0a779ffa60d0785edecab597cb6fa11e2ce68d5e956c5fe95c12ce24cb334a2d1fe9e63491b7d85d58ba4150df6c42f29223eaa607837fee3c71667d7c4a69d5bd2a88e548429e4630c59c38689a52cbc9099f303d680c053cce1a0b24c17a918f7dd08a9348a414e30c8c91e9680facb185914018e1c5a090cd00578c837d9f69e49eae3e45326b679678cca81ca20cf3bfa8e4e548dc446d168382695319ea9fdc14bf29c2b15e2acb925f7db4723f6b382efcbdb10f00837278564a2d0e0da63b755206bdf69faba7e5d7406ec324ca089729a68ca29cbccd17256cb465b91e718b3b64429b8a8e70a72d85b470d85f4b8169ebc74809334db04384c3c2887f09374e60cb3d5c93f3ce5077bcea293b37215ba345f6a30b1d6e08c1cf7024b65ecac5063e177d9af7f687a35c377871d87b00fe7c453199e5c0588a49bf9981651f57468bb37d1812cce02cf1a6df234cf50aabb65959fb7863384d46cbf43600aeb2858a8bea733eec75bcf02f2dfc0c2df6b6c0f807236e67cf6e7253a6f0582cad219daad67c91b8c2f38ad91a9db3bc284f6301f28ad3d1ade08cfc4a8b63268de502d7b4cad5973ce2867a534e576789fe2bd60b15da33d7a5a5e728f6e5ab7052c4636439258979a804bf67aec5546343d7cbee90b4be9d5ef0775d64bfade2daae18d7de4240dd1d88ff3816f2d5c871174b3b48e9fab898abd4cd2df8cb1c3cfff889594a3f08cb935031edbe34aab3433ffd50263a406deef158bbabfa2ec70e79c761d95fcfbef0800c95413068b3789c6b12de5ebe9b414e65ce4f86a6bbccd5ec8e4e220f8ad07255abbaef719ebe1e5d066db4dd1f639cb156c34755eb14053824a1003e97ee54e8dab35f441ee563d80d3163a7b8f71d4f17e240cfae9f2e50c164cf373bb174f5dadafe2430a17be757e30f251d5d60863526a8f46addb932c8170c4a383348c5441aa353e5f1181482d4d0cc0e5d2809c11ee1fac29230c907926c2d3fa55298ae9835c46218650421497d060d15a4194c4d7382a886333375098156a9f0fd6b1d0d94933bb6f285fe51d4aa3037739f143ba20f9b326565f6db49787d1aeb30055ce588dd3c008c0bc1a08935c991067d63003b68b9e2db95360d8aaf2103bb5142c590bb799b268488febc7414b9ae8e108ca4ab4f031adbb9fbe4631c29adb14fb9726df3c6192a3e81b6c34d68e15ee309503ccc1ab240d4ce3c9a099cd7f8782eea9bd1c7005582b9c1fe08030b47958865723652fed003c90703e07f9f1782e33f3bf3d0b83691cd5970fb4af65afa2244bff41e93fa24c33c26c43c93c33a2144aac437a4ab2b4f498104278ec5f2cd38de61eb8b436f5a9dbc3d8b2405ff0598cbcaa964377f61daaf935c42e0db4567520cfee195da1c6090d62031dd0865b2f5aa88be1746a761e3a64b78de338b8996136bbd6b859eb730aa8ab1f68bb5a02b713d8b303ab2ef1e5433d225b0dd485d40a049a1953b488df5314fdbc1c654132498838043c35c7b168e786b0f35a04ec4417968c5561c45735cc09163e8fdbbe67a4c04d672948037e957968c6bf672668d1f6369475d4a238f46af939dbca37cc96ae88b152c1b8b524883e296e5e915a928e9a54268c28e14a85c87fe3bde0e9175dd2eb2645852464ddeae29aefc01d05ef668914829f340f6b14a7bc0f2ce4114f1bef1e2afc37583670a900c58affc6c55bb69e737e5fd02322536ec1e4249f8cca7171394d97c930656beb437ea1b7ac8f6b69d8c1499371deeff7608dde446d4a50f29ce015c655885fcc090aeed40d52390ef952c6b9f937197718aae27fe924c419d1468b45bc0e88688425c3a451dac67f29460fce27a5b753f60b244c1832e9b485e321e8d8d4f547eda56680d9d01aa6d4d7881ab760f926157315a3fcb4d7f9653b91270fc43637420215c71274e4effaf6b67fea48c05393272e288e103e28d26eb39fcb9afdef67686485e90e605b45d2f36a39b4973426f843c2db1e861c67d7c2ca2b8e92ca98ad1297d3fd913258081fff78d981097a2c22b0a9d881f649582e49fd9baaaa89d0d7091f9cfeb8bec3c9b7dfb85e53bee2fb051ff0f7d57ef4af134a7ca9ab91271411a0c95be1af414689425f985faa808a2520c96403788d71af4314023af7a2761ee7ba7e135edfaa51f9f89caa784d853886c147d11f3ccab318250aa65d366396b5dfcda0dda9f8cca5ad6815252ebc061c47f871785e0b3edbdcfb2d74c6fa3eaabaf9f3", 0x1000}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f9623478134b943d5fba4f7e0ceed66c93cc8b", 0xe6}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6ea5cd18ff95c871d91454240f370e0c8e2629e58605c4b29017a160709ec76547c92a21d0ec5589e228922b105d0b8b29256620c44d2118334025dedd46db5194f22b349264de22068d3d4db627db4fa827907e5bc02b69c36e94f8149f12116f75bd48aa86d41dfdf52e74b442782f530da1263fd0f699776e9459e33f", 0xee}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x90}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff6ebac83c264c6deeec6d4546fe7d00337f488ecee46577d71b39e24cdef94f16295eb7", 0x47}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec5771da8352900bb19979b10fe02dd6f981361f62316da7b3f7abc9fbae1ea2ab5eea4b2e", 0x33}], 0x2, &(0x7f0000000f40)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}], 0x18}}, {{&(0x7f0000000f80)=@can, 0x80, &(0x7f00000010c0)=[{&(0x7f0000001000)="3d9162a847e3afc18db28d0be9d1c220b7844d9e236c35781d", 0x19}], 0x1}}], 0x4, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)=0xfffffffe, 0x4)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.080939303s ago: executing program 1 (id=2328):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565d4a9bb17a41aacf550c4510ba99a24b48eab32e5d7549de9bae7954e0f750b55f706de3d5001638a1260dd8d2a", 0xed}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f188", 0x31}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x3, &(0x7f0000000b40)}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e4d2fcca72d87d81df01c142428158ad7ba84dd6c65d24a8d094308433219872eeda0c235f8be3088a880", 0xfc}, {&(0x7f00000010c0)="978d1129fddf5e2f1be8be48f935ef4f71893a57f79be3e44522d3987ccee23f4e717d8c8e14573937040fb658a24f1c9e0c7f98a24fa1209a6ea754e1244234c715713d120b6929614443fd6b4223bc04c3a8c9241ccbb6a8b0bb19fe4eedae48642a74e97588dc36bf06a4c1fb17b47b39240a6a8e9b5daa97e63d777e665841a349c52022252eafc1c129e154ab390624dd7fb8ac1e44c203140d6aab524f61cd8642ee0f380ebb21dc9267a8fbefa6eec89ff97e7800f44f89b17d43206217941c34", 0xc4}, {&(0x7f00000011c0)}], 0x6, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b431", 0xe9}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95", 0x8a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

877.079346ms ago: executing program 2 (id=2329):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
unshare(0x2040400)
rseq(&(0x7f0000001040)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r2, &(0x7f0000000000)=@file={0x1}, 0x6e)

669.423809ms ago: executing program 0 (id=2330):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0)
ioctl$FBIOBLANK(r2, 0x4611, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
quotactl_fd$Q_GETFMT(r2, 0xffffffff80000402, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r4, &(0x7f0000001600)=""/4098, 0x1002, 0x97)

0s ago: executing program 1 (id=2331):
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x20000801)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x148}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x0, 0x2)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0x0, 0x1, 0x4, 0xff, 0xfffffffffffffffc}, 0x0, 0x0)
ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x4004743c, 0x0)
userfaultfd(0x80001)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/58, 0x3a}, {&(0x7f0000000180)}], 0x2, 0x0, 0x63)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x100000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000009}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

e loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  175.502568][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.307866][ T6705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.175'.
[  181.534695][ T6745] loop2: detected capacity change from 0 to 32768
[  181.637112][ T6745] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  182.110011][ T6768] misc userio: The device must be registered before sending interrupts
[  182.272362][ T6745] XFS (loop2): Ending clean mount
[  182.492299][ T6745] XFS (loop2): Quotacheck needed: Please wait.
[  183.089076][ T6745] XFS (loop2): Quotacheck: Done.
[  183.227813][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  186.237765][ T6813] loop2: detected capacity change from 0 to 8
[  187.225870][ T6820] SQUASHFS error: lzo decompression failed, data probably corrupt
[  187.310887][ T6820] SQUASHFS error: Failed to read block 0x0: -5
[  187.407847][ T6820] SQUASHFS error: Failed to read block 0xff: -5
[  187.417767][ T6820] SQUASHFS error: lzo decompression failed, data probably corrupt
[  187.517540][ T6823] delete_channel: no stack
[  189.148253][ T6820] SQUASHFS error: Failed to read block 0x0: -5
[  189.180451][   T27] audit: type=1800 audit(1775266853.291:6): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.197" name="file2" dev="loop2" ino=3 res=0 errno=0
[  191.624659][ T6837] delete_channel: no stack
[  193.402429][ T6850] delete_channel: no stack
[  194.813694][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  194.820267][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  199.621460][ T6886] delete_channel: no stack
[  201.124484][ T6894] misc userio: The device must be registered before sending interrupts
[  202.478760][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  202.485017][ T5775] Bluetooth: hci1: command 0x0406 tx timeout
[  202.491274][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  202.515606][ T5779] Bluetooth: hci3: command 0x0406 tx timeout
[  204.514925][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  204.924458][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  212.681782][ T7015] misc userio: The device must be registered before sending interrupts
[  216.621327][ T7061] netlink: 48 bytes leftover after parsing attributes in process `syz.2.259'.
[  217.695413][ T7068] loop0: detected capacity change from 0 to 128
[  217.733245][ T7068] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  217.762290][ T7068] hpfs: filesystem error: improperly stopped
[  217.783045][ T7068] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  217.802740][ T7068] hpfs: You really don't want any checks? You are crazy...
[  217.818276][ T7068] hpfs: hpfs_map_sector(): read error
[  217.830679][ T7068] hpfs: code page support is disabled
[  217.861078][ T7068] hpfs: hpfs_map_4sectors(): unaligned read
[  217.898081][ T7068] hpfs: hpfs_map_4sectors(): unaligned read
[  217.939990][ T7068] hpfs: filesystem error: unable to find root dir
[  219.804624][ T7074] delete_channel: no stack
[  220.284300][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  220.919777][ T7089] loop3: detected capacity change from 0 to 512
[  220.976699][ T7068] hpfs: hpfs_map_4sectors(): unaligned read
[  221.078739][ T7089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.142994][ T7089] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.533354][ T7102] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  221.549052][ T7102] Quota error (device loop3): write_blk: dquota write failed
[  221.557237][ T7102] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  221.567507][ T7102] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.266: Failed to acquire dquot type 0
[  222.079311][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.313833][ T7108] hpfs: hpfs_map_4sectors(): unaligned read
[  222.344573][ T2168] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  222.363458][ T7108] hpfs: hpfs_map_sector(): read error
[  222.594707][ T2168] usb 2-1: Using ep0 maxpacket: 8
[  222.609882][ T2168] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  222.633054][ T2168] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  222.666664][ T2168] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  222.697866][ T2168] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  222.723998][ T2168] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  222.753802][ T2168] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.005228][ T2168] usb 2-1: usb_control_msg returned -32
[  223.021742][ T2168] usbtmc 2-1:16.0: can't read capabilities
[  223.364664][ T7115] loop3: detected capacity change from 0 to 32768
[  223.423915][ T7115] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  223.424698][    C1] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  223.593232][ T7115] XFS (loop3): Ending clean mount
[  223.653929][ T7115] XFS (loop3): Quotacheck needed: Please wait.
[  223.760356][ T7115] XFS (loop3): Quotacheck: Done.
[  224.755711][ T7123] syz.2.273 (7123): drop_caches: 2
[  225.087535][ T5811] usb 2-1: USB disconnect, device number 2
[  225.222600][ T7147] loop1: detected capacity change from 0 to 512
[  225.268366][ T7147] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.334591][ T7147] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.773022][ T7157] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  225.788720][ T7157] Quota error (device loop1): write_blk: dquota write failed
[  225.796709][ T7157] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  225.807062][ T7157] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.278: Failed to acquire dquot type 0
[  226.465764][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.482029][ T5767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.707724][ T7162] loop1: detected capacity change from 0 to 128
[  226.741803][ T7162] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  226.770168][ T7162] hpfs: filesystem error: improperly stopped
[  226.784444][ T7162] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  226.802613][ T7162] hpfs: You really don't want any checks? You are crazy...
[  226.848194][ T7162] hpfs: hpfs_map_sector(): read error
[  226.853680][ T7162] hpfs: code page support is disabled
[  226.878040][ T7162] hpfs: hpfs_map_4sectors(): unaligned read
[  226.894612][ T7162] hpfs: hpfs_map_4sectors(): unaligned read
[  226.905062][ T7162] hpfs: filesystem error: unable to find root dir
[  227.294966][ T7162] hpfs: hpfs_map_4sectors(): unaligned read
[  227.852656][ T7166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.284'.
[  227.890510][ T7166] netlink: 'syz.2.284': attribute type 20 has an invalid length.
[  227.927757][ T7166] netlink: 'syz.2.284': attribute type 21 has an invalid length.
[  228.145767][ T7180] hpfs: hpfs_map_4sectors(): unaligned read
[  228.171088][ T7180] hpfs: hpfs_map_sector(): read error
[  229.661152][ T7199] loop3: detected capacity change from 0 to 512
[  229.748200][ T7199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.800129][ T7199] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.262945][ T7209] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  230.278497][ T7209] Quota error (device loop3): write_blk: dquota write failed
[  230.286571][ T7209] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  230.297023][ T7209] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.291: Failed to acquire dquot type 0
[  230.907684][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.704013][ T7243] loop0: detected capacity change from 0 to 512
[  232.801087][ T7243] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.863759][ T7243] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.314635][ T7256] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  233.330332][ T7256] Quota error (device loop0): write_blk: dquota write failed
[  233.338433][ T7256] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  233.349079][ T7256] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.301: Failed to acquire dquot type 0
[  233.940856][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.234852][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  235.644324][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  235.984436][ T5829] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  236.194285][ T5829] usb 4-1: Using ep0 maxpacket: 8
[  236.212084][ T5829] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  236.225942][ T5829] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  236.238441][ T5829] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  236.263705][ T5829] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  236.314384][ T5829] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  236.336682][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.614353][ T5829] usb 4-1: usb_control_msg returned -32
[  236.620047][ T5829] usbtmc 4-1:16.0: can't read capabilities
[  237.602914][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  238.011093][ T7299] loop2: detected capacity change from 0 to 512
[  238.110881][ T7299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.146023][ T7299] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.517837][ T7308] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  238.533658][ T7308] Quota error (device loop2): write_blk: dquota write failed
[  238.541746][ T7308] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  238.551908][ T7308] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.313: Failed to acquire dquot type 0
[  239.112355][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.142648][  T788] usb 4-1: USB disconnect, device number 4
[  239.298698][ T7315] ip6erspan0: entered promiscuous mode
[  241.272582][ T7349] loop1: detected capacity change from 0 to 512
[  241.347286][ T7349] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.369173][ T7349] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.525433][ T7358] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  242.540504][ T7358] Quota error (device loop1): write_blk: dquota write failed
[  242.548276][ T7358] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  242.558551][ T7358] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.326: Failed to acquire dquot type 0
[  242.703312][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.698162][ T7375] misc userio: The device must be registered before sending interrupts
[  244.411843][ T7391] loop1: detected capacity change from 0 to 128
[  244.447891][ T7391] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  244.471471][ T7391] hpfs: filesystem error: improperly stopped
[  244.516136][ T7393] loop2: detected capacity change from 0 to 512
[  244.524493][ T7391] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  244.532472][ T7391] hpfs: You really don't want any checks? You are crazy...
[  244.574502][ T7391] hpfs: hpfs_map_sector(): read error
[  244.624063][ T7391] hpfs: code page support is disabled
[  244.641132][ T7393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.664962][ T7391] hpfs: hpfs_map_4sectors(): unaligned read
[  244.671046][ T7391] hpfs: hpfs_map_4sectors(): unaligned read
[  244.684562][ T7393] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  244.723160][ T7391] hpfs: filesystem error: unable to find root dir
[  245.048694][ T7393] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  245.063716][ T7393] Quota error (device loop2): write_blk: dquota write failed
[  245.072598][ T7393] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  245.082565][ T7393] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.336: Failed to acquire dquot type 0
[  245.222119][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.296410][ T7391] hpfs: hpfs_map_4sectors(): unaligned read
[  245.609832][ T7405] loop2: detected capacity change from 0 to 512
[  245.652830][ T7405] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.674503][ T7405] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.856341][ T7412] hpfs: hpfs_map_4sectors(): unaligned read
[  245.862689][ T7412] hpfs: hpfs_map_sector(): read error
[  246.189452][ T7417] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  246.205888][ T7417] Quota error (device loop2): write_blk: dquota write failed
[  246.214088][ T7417] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  246.224656][ T7417] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.338: Failed to acquire dquot type 0
[  246.711749][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.117028][ T7428] misc userio: The device must be registered before sending interrupts
[  248.461546][ T7436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.346'.
[  248.476651][ T7436] netlink: 'syz.3.346': attribute type 20 has an invalid length.
[  248.485499][ T7436] netlink: 'syz.3.346': attribute type 21 has an invalid length.
[  249.328492][ T7454] loop2: detected capacity change from 0 to 512
[  249.455810][ T7454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.790276][ T7454] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  250.439451][ T7451] delete_channel: no stack
[  251.456070][ T7461] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  251.470938][ T7461] Quota error (device loop2): write_blk: dquota write failed
[  251.478505][ T7461] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  251.488399][ T7461] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.351: Failed to acquire dquot type 0
[  252.182459][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.772651][ T7480] misc userio: The device must be registered before sending interrupts
[  254.910368][ T7486] netlink: 8 bytes leftover after parsing attributes in process `syz.1.359'.
[  254.970453][ T7486] netlink: 'syz.1.359': attribute type 20 has an invalid length.
[  255.004319][ T7486] netlink: 'syz.1.359': attribute type 21 has an invalid length.
[  256.149555][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  256.156150][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  256.968224][ T7521] misc userio: The device must be registered before sending interrupts
[  257.952771][ T7539] delete_channel: no stack
[  258.148868][ T7545] ip6erspan0: entered promiscuous mode
[  258.298775][ T7549] loop3: detected capacity change from 0 to 128
[  258.324365][ T7549] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  258.347744][ T7549] hpfs: filesystem error: improperly stopped
[  258.356970][ T7549] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  258.394370][ T7549] hpfs: You really don't want any checks? You are crazy...
[  258.408410][ T7549] hpfs: hpfs_map_sector(): read error
[  258.432789][ T7549] hpfs: code page support is disabled
[  258.439418][ T7549] hpfs: hpfs_map_4sectors(): unaligned read
[  258.452355][ T7549] hpfs: hpfs_map_4sectors(): unaligned read
[  258.459073][ T7549] hpfs: filesystem error: unable to find root dir
[  259.715069][ T7549] hpfs: hpfs_map_4sectors(): unaligned read
[  261.179326][ T7568] hpfs: hpfs_map_4sectors(): unaligned read
[  261.267132][ T7568] hpfs: hpfs_map_sector(): read error
[  261.329314][ T7561] misc userio: The device must be registered before sending interrupts
[  263.073763][ T7591] loop0: detected capacity change from 0 to 512
[  263.290763][ T7591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.373194][ T7591] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.494641][ T7594] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  263.831983][ T7602] Quota error (device loop0): write_blk: dquota write failed
[  263.840216][ T7602] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  263.850483][ T7602] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.389: Failed to acquire dquot type 0
[  264.375962][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.611872][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.392'.
[  266.992496][ T7611] syz.0.392 (7611): drop_caches: 2
[  267.247070][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  267.456449][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  267.475153][    T9] usb 2-1: config 129 has an invalid interface number: 135 but max is 0
[  267.483562][    T9] usb 2-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config
[  267.534301][    T9] usb 2-1: config 129 has no interface number 0
[  267.540749][    T9] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  267.596918][    T9] usb 2-1: config 129 interface 135 has no altsetting 0
[  267.629409][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  267.649103][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.673623][    T9] usb 2-1: Product: syz
[  267.689605][    T9] usb 2-1: Manufacturer: syz
[  267.716452][    T9] usb 2-1: SerialNumber: syz
[  267.765195][    T9] usb 2-1: can't set config #129, error -71
[  267.821018][    T9] usb 2-1: USB disconnect, device number 3
[  267.921574][ T7633] delete_channel: no stack
[  268.040708][ T7637] loop1: detected capacity change from 0 to 512
[  268.121956][ T7637] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.168431][ T7637] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.583467][ T7642] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  268.599262][ T7642] Quota error (device loop1): write_blk: dquota write failed
[  268.607438][ T7642] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  268.618115][ T7642] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.400: Failed to acquire dquot type 0
[  269.245970][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.356006][ T7666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.407'.
[  271.440426][ T7666] syz.0.407 (7666): drop_caches: 2
[  271.604463][ T5811] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  271.733851][ T7685] loop2: detected capacity change from 0 to 512
[  271.795671][ T7685] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.838456][ T5811] usb 4-1: unable to get BOS descriptor or descriptor too short
[  271.848125][ T5811] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[  271.857417][ T5811] usb 4-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config
[  271.864697][ T7685] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  271.868356][ T5811] usb 4-1: config 129 has no interface number 0
[  271.884916][ T5811] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  271.899333][ T5811] usb 4-1: config 129 interface 135 has no altsetting 0
[  271.911365][ T5811] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  271.920599][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.928841][ T5811] usb 4-1: Product: syz
[  271.933140][ T5811] usb 4-1: Manufacturer: syz
[  271.938243][ T5811] usb 4-1: SerialNumber: syz
[  272.360987][ T7694] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  272.376387][ T7694] Quota error (device loop2): write_blk: dquota write failed
[  272.384378][ T7694] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  272.394385][ T7694] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.413: Failed to acquire dquot type 0
[  273.034340][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.926846][ T5811] usb 4-1: USB disconnect, device number 5
[  275.072873][ T7719] delete_channel: no stack
[  275.590918][ T7723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.422'.
[  275.624499][ T7723] netlink: 'syz.0.422': attribute type 20 has an invalid length.
[  275.653443][ T7723] netlink: 'syz.0.422': attribute type 21 has an invalid length.
[  276.293205][ T7730] netlink: 'syz.2.424': attribute type 1 has an invalid length.
[  276.411906][ T7730] 8021q: adding VLAN 0 to HW filter on device bond1
[  276.456715][ T7734] loop3: detected capacity change from 0 to 512
[  276.595651][ T7734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.711223][ T7734] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.233073][ T7749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.429'.
[  277.450599][ T7751] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  277.466250][ T7751] Quota error (device loop3): write_blk: dquota write failed
[  277.474628][ T7751] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  277.485025][ T7751] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.425: Failed to acquire dquot type 0
[  277.797071][ T7753] delete_channel: no stack
[  277.963568][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.873094][ T7764] netlink: 'syz.1.435': attribute type 1 has an invalid length.
[  279.058151][ T7764] 8021q: adding VLAN 0 to HW filter on device bond2
[  279.130343][ T7769] ip6erspan0: entered promiscuous mode
[  279.541108][ T7769] bond2: (slave ip6erspan0): making interface the new active one
[  279.786845][ T7769] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link
[  280.565588][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.433'.
[  280.644407][ T7777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.437'.
[  280.660125][ T7761] syz.2.433 (7761): drop_caches: 2
[  280.670869][ T7777] netlink: 'syz.3.437': attribute type 20 has an invalid length.
[  280.681024][ T7777] netlink: 'syz.3.437': attribute type 21 has an invalid length.
[  281.058743][ T7785] loop2: detected capacity change from 0 to 512
[  281.149427][ T7787] loop3: detected capacity change from 0 to 512
[  281.164715][ T7785] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.206594][ T7785] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  281.259215][ T7787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.332710][ T7787] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  281.580271][ T7785] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  281.595370][ T7785] Quota error (device loop2): write_blk: dquota write failed
[  281.602986][ T7785] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  281.613094][ T7785] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.439: Failed to acquire dquot type 0
[  282.002452][ T7803] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  282.017611][ T7803] Quota error (device loop3): write_blk: dquota write failed
[  282.025157][ T7803] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  282.036188][ T7803] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.440: Failed to acquire dquot type 0
[  282.306352][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.347154][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.486798][ T7823] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  284.595579][ T7838] netlink: 40 bytes leftover after parsing attributes in process `syz.2.451'.
[  284.597843][ T7823] 8021q: adding VLAN 0 to HW filter on device bond1
[  285.433447][ T7851] netlink: 'syz.0.455': attribute type 1 has an invalid length.
[  285.601696][ T7851] 8021q: adding VLAN 0 to HW filter on device bond1
[  285.656320][ T7853] ip6erspan0: entered promiscuous mode
[  285.683609][ T7853] bond1: (slave ip6erspan0): making interface the new active one
[  285.709616][ T7853] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  285.730209][ T7849] syz.2.452 (7849): drop_caches: 2
[  285.750754][ T7840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.452'.
[  285.891229][ T7854] delete_channel: no stack
[  286.043719][ T7859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.457'.
[  286.065740][ T7859] netlink: 'syz.1.457': attribute type 20 has an invalid length.
[  286.086098][ T7859] netlink: 'syz.1.457': attribute type 21 has an invalid length.
[  286.311172][ T7865] netlink: 40 bytes leftover after parsing attributes in process `syz.3.460'.
[  286.750086][ T7872] loop3: detected capacity change from 0 to 512
[  286.816564][ T7872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.928091][ T7872] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  287.285260][ T7884] netlink: 28 bytes leftover after parsing attributes in process `syz.0.465'.
[  287.563501][ T7890] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  287.578704][ T7890] Quota error (device loop3): write_blk: dquota write failed
[  287.586361][ T7890] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  287.596526][ T7890] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.462: Failed to acquire dquot type 0
[  287.966975][ T7892] delete_channel: no stack
[  288.148938][ T7895] loop2: detected capacity change from 0 to 128
[  288.182460][ T7895] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  288.203987][ T7895] hpfs: filesystem error: improperly stopped
[  288.218465][ T7895] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  288.242557][ T7895] hpfs: You really don't want any checks? You are crazy...
[  288.276063][ T7895] hpfs: hpfs_map_sector(): read error
[  288.302698][ T7895] hpfs: code page support is disabled
[  288.317647][ T7895] hpfs: hpfs_map_4sectors(): unaligned read
[  288.332878][ T7895] hpfs: hpfs_map_4sectors(): unaligned read
[  288.339423][ T7895] hpfs: filesystem error: unable to find root dir
[  288.682794][ T7895] hpfs: hpfs_map_4sectors(): unaligned read
[  288.972262][ T7895] hpfs: hpfs_map_4sectors(): unaligned read
[  288.978852][ T7895] hpfs: hpfs_map_sector(): read error
[  289.031106][ T7903] loop1: detected capacity change from 0 to 512
[  289.077527][ T7903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.100997][ T7903] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.365864][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.170852][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.414883][ T7922] delete_channel: no stack
[  290.857146][ T7908] delete_channel: no stack
[  293.122290][ T7949] loop2: detected capacity change from 0 to 512
[  293.231059][ T7949] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.284533][ T7949] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  294.267113][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.504949][ T7962] delete_channel: no stack
[  304.122986][ T8053] loop3: detected capacity change from 0 to 512
[  304.179259][ T8053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.232636][ T8053] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.677151][ T8053] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  304.692082][ T8053] Quota error (device loop3): write_blk: dquota write failed
[  304.699802][ T8053] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  304.709890][ T8053] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.512: Failed to acquire dquot type 0
[  304.854529][ T8065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.515'.
[  304.881598][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.540666][ T8115] loop0: detected capacity change from 0 to 128
[  308.576070][ T8115] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  308.617105][ T8115] hpfs: filesystem error: improperly stopped
[  308.636136][ T8115] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  308.648925][ T8115] hpfs: You really don't want any checks? You are crazy...
[  308.665284][ T8115] hpfs: hpfs_map_sector(): read error
[  308.683771][ T8115] hpfs: code page support is disabled
[  308.703535][ T8115] hpfs: hpfs_map_4sectors(): unaligned read
[  308.717905][ T8115] hpfs: hpfs_map_4sectors(): unaligned read
[  308.741081][ T8115] hpfs: filesystem error: unable to find root dir
[  309.123390][ T8115] hpfs: hpfs_map_4sectors(): unaligned read
[  309.566254][ T8129] netlink: 'syz.2.531': attribute type 1 has an invalid length.
[  309.617650][ T8135] hpfs: hpfs_map_4sectors(): unaligned read
[  309.623915][ T8135] hpfs: hpfs_map_sector(): read error
[  309.691006][ T8129] 8021q: adding VLAN 0 to HW filter on device bond2
[  312.971719][ T8175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'.
[  313.014431][ T8175] netlink: 'syz.3.542': attribute type 20 has an invalid length.
[  313.022241][ T8175] netlink: 12 bytes leftover after parsing attributes in process `syz.3.542'.
[  314.218508][ T8196] syzkaller0: entered promiscuous mode
[  314.227273][ T8196] syzkaller0: entered allmulticast mode
[  315.183955][ T8200] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.549'.
[  315.221398][ T8205] netlink: 8 bytes leftover after parsing attributes in process `syz.2.552'.
[  315.247855][ T8205] netlink: 'syz.2.552': attribute type 20 has an invalid length.
[  315.303312][ T8205] netlink: 12 bytes leftover after parsing attributes in process `syz.2.552'.
[  316.731845][ T8227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.557'.
[  316.771149][ T8227] 8021q: adding VLAN 0 to HW filter on device bond2
[  317.335563][ T8237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.560'.
[  317.489727][ T8241] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.561'.
[  317.590165][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  317.597283][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  318.095377][ T8251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'.
[  318.127814][ T8251] netlink: 'syz.3.564': attribute type 20 has an invalid length.
[  318.159559][ T8251] netlink: 12 bytes leftover after parsing attributes in process `syz.3.564'.
[  323.538219][ T8314] delete_channel: no stack
[  331.671756][ T8391] netlink: 4 bytes leftover after parsing attributes in process `syz.1.598'.
[  333.671347][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.606'.
[  333.768826][ T8419] 8021q: adding VLAN 0 to HW filter on device bond3
[  340.921401][ T8497] 8021q: adding VLAN 0 to HW filter on device bond2
[  342.183250][ T8515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.630'.
[  342.761191][ T8528] delete_channel: no stack
[  345.684409][ T8541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.636'.
[  346.001229][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.639'.
[  347.099789][ T8561] loop1: detected capacity change from 0 to 512
[  347.205958][ T8561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.252745][ T8561] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.839062][ T8570] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  347.854482][ T8570] Quota error (device loop1): write_blk: dquota write failed
[  347.862100][ T8570] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  347.872204][ T8570] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.643: Failed to acquire dquot type 0
[  348.869013][ T8583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.648'.
[  349.012929][ T8587] loop0: detected capacity change from 0 to 512
[  349.083045][ T8587] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.132267][ T8587] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.189190][ T8590] misc userio: The device must be registered before sending interrupts
[  349.484750][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.721354][ T8597] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  349.736133][ T8597] Quota error (device loop0): write_blk: dquota write failed
[  349.743590][ T8597] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  349.753727][ T8597] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.650: Failed to acquire dquot type 0
[  352.728864][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.658'.
[  354.368937][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.290013][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.668'.
[  357.694534][ T8683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.678'.
[  359.469527][ T8710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.688'.
[  362.174709][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.698'.
[  362.204288][ T8745] netlink: 20 bytes leftover after parsing attributes in process `syz.3.698'.
[  363.268864][ T8748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.699'.
[  363.280198][ T8748] netlink: 'syz.3.699': attribute type 20 has an invalid length.
[  363.309026][ T8748] netlink: 'syz.3.699': attribute type 21 has an invalid length.
[  363.351925][ T8754] syz.3.699 (8754): drop_caches: 2
[  368.000935][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.714'.
[  368.030281][ T8798] netlink: 'syz.2.714': attribute type 20 has an invalid length.
[  368.074513][ T8798] netlink: 'syz.2.714': attribute type 21 has an invalid length.
[  368.143510][ T8805] syz.2.714 (8805): drop_caches: 2
[  368.684406][ T8815] netlink: 28 bytes leftover after parsing attributes in process `syz.0.718'.
[  370.681474][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.3.727'.
[  374.508980][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.737'.
[  374.528449][ T8883] netlink: 'syz.2.737': attribute type 20 has an invalid length.
[  374.544180][ T8883] netlink: 'syz.2.737': attribute type 21 has an invalid length.
[  374.609209][ T8883] syz.2.737 (8883): drop_caches: 2
[  375.048343][ T8898] netlink: 28 bytes leftover after parsing attributes in process `syz.2.740'.
[  377.115854][ T8928] loop3: detected capacity change from 0 to 512
[  377.201948][ T8928] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.249109][ T8928] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  377.573456][ T8932] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  377.880383][ T8940] netlink: 28 bytes leftover after parsing attributes in process `syz.1.751'.
[  377.927486][ T8941] Quota error (device loop3): write_blk: dquota write failed
[  377.935170][ T8941] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  377.945162][ T8941] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.748: Failed to acquire dquot type 0
[  379.031598][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  379.038664][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  380.495251][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.489281][ T8962] delete_channel: no stack
[  381.706545][ T8972] netlink: 28 bytes leftover after parsing attributes in process `syz.3.760'.
[  383.144830][ T9004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.766'.
[  383.460321][ T9010] netlink: 28 bytes leftover after parsing attributes in process `syz.0.770'.
[  387.064860][ T9038] delete_channel: no stack
[  387.561768][ T9037] misc userio: The device must be registered before sending interrupts
[  387.784338][ T5810] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  389.414316][ T5810] usb 3-1: Using ep0 maxpacket: 8
[  389.423580][ T5810] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  389.441949][ T5810] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  389.462336][ T5810] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  389.477616][ T5810] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  389.491620][ T5810] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  389.502960][ T5810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.638345][ T9072] loop1: detected capacity change from 0 to 512
[  389.766355][ T9072] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  389.790082][ T5810] usb 3-1: usb_control_msg returned -32
[  389.804900][ T9072] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  389.834561][ T5810] usbtmc 3-1:16.0: can't read capabilities
[  390.244963][    C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  391.508408][ T5810] usb 3-1: USB disconnect, device number 3
[  391.886044][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.771240][ T9119] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  393.815347][ T9119] syzkaller0: entered promiscuous mode
[  393.827781][ T9119] syzkaller0: entered allmulticast mode
[  395.560024][ T9137] netlink: 28 bytes leftover after parsing attributes in process `syz.2.803'.
[  416.421161][ T9361] misc userio: The device must be registered before sending interrupts
[  416.559601][ T9365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  416.935590][ T9365] bond4: entered promiscuous mode
[  419.508629][ T9402] delete_channel: no stack
[  421.578261][ T9405] misc userio: The device must be registered before sending interrupts
[  421.907722][ T9411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.878'.
[  421.986308][ T9411] bond3: entered promiscuous mode
[  423.944511][ T5809] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  424.347929][ T5809] usb 3-1: config 5 has an invalid interface number: 75 but max is 0
[  424.392254][ T5809] usb 3-1: config 5 has no interface number 0
[  424.414386][ T5809] usb 3-1: config 5 interface 75 has no altsetting 0
[  424.463609][ T5809] usb 3-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  424.502103][ T5809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.536794][ T5809] usb 3-1: Product: syz
[  424.564757][ T5809] usb 3-1: Manufacturer: syz
[  424.569426][ T5809] usb 3-1: SerialNumber: syz
[  424.794270][ T5811] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  424.994459][ T5811] usb 1-1: Using ep0 maxpacket: 8
[  425.018636][ T5811] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  425.046578][ T5811] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  425.081103][ T5811] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  425.112800][ T5811] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  425.181251][ T5811] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  425.194796][ T5811] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.622295][ T5811] usb 1-1: usb_control_msg returned -32
[  425.697478][ T5811] usbtmc 1-1:16.0: can't read capabilities
[  426.308303][    C1] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  426.330899][ T9457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.890'.
[  426.383913][ T9457] bond3: entered promiscuous mode
[  427.642751][ T5809] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  428.175366][ T5809] gspca_sunplus: reg_w_riv err -71
[  428.180645][ T5809] sunplus: probe of 3-1:5.75 failed with error -71
[  428.207402][ T5809] usb 3-1: USB disconnect, device number 4
[  428.243287][ T5812] usb 1-1: USB disconnect, device number 2
[  429.795305][ T9044] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  429.998788][ T9044] usb 3-1: config 5 has an invalid interface number: 75 but max is 0
[  430.028119][ T9044] usb 3-1: config 5 has no interface number 0
[  430.048927][ T9044] usb 3-1: config 5 interface 75 has no altsetting 0
[  430.074509][ T9044] usb 3-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  430.099025][ T9044] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.124462][ T9044] usb 3-1: Product: syz
[  430.135139][ T9044] usb 3-1: Manufacturer: syz
[  430.147465][ T9044] usb 3-1: SerialNumber: syz
[  432.415054][ T9505] delete_channel: no stack
[  433.459131][ T9044] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  434.136459][ T9044] gspca_sunplus: reg_w_riv err -71
[  434.142155][ T9044] sunplus: probe of 3-1:5.75 failed with error -71
[  434.216746][ T9044] usb 3-1: USB disconnect, device number 5
[  434.333233][ T9509] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.905'.
[  434.462588][ T9511] netlink: 48 bytes leftover after parsing attributes in process `syz.2.904'.
[  437.143227][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.2.913'.
[  437.389510][ T9551] netlink: 'syz.2.915': attribute type 1 has an invalid length.
[  437.490456][ T9551] 8021q: adding VLAN 0 to HW filter on device bond5
[  437.797907][ T9556] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.916'.
[  437.953348][ T9558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'.
[  440.468876][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  440.475356][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  441.311259][ T9595] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.927'.
[  441.512071][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.928'.
[  442.533968][ T9603] misc userio: The device must be registered before sending interrupts
[  442.844336][ T5809] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  443.045471][ T5809] usb 3-1: Using ep0 maxpacket: 8
[  443.066404][ T5809] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  443.098703][ T5809] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  443.119057][ T5809] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  443.129770][ T5809] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  443.143466][ T5809] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  443.153118][ T5809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.380079][ T5809] usb 3-1: usb_control_msg returned -32
[  443.424755][ T5809] usbtmc 3-1:16.0: can't read capabilities
[  444.142151][    C1] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  444.282968][ T9628] netlink: 'syz.1.936': attribute type 72 has an invalid length.
[  444.855477][ T9637] warning: `syz.1.938' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  445.694359][ T2168] usb 3-1: USB disconnect, device number 6
[  452.789315][ T9734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.963'.
[  452.818165][ T9734] netlink: 'syz.3.963': attribute type 20 has an invalid length.
[  454.728297][ T9763] netlink: 'syz.3.971': attribute type 1 has an invalid length.
[  454.812734][ T9763] 8021q: adding VLAN 0 to HW filter on device bond4
[  460.079357][ T9838] loop1: detected capacity change from 0 to 32768
[  460.135355][ T9838] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  460.210603][ T9838] XFS (loop1): Ending clean mount
[  460.219945][ T9838] XFS (loop1): Quotacheck needed: Please wait.
[  460.287411][ T9838] XFS (loop1): Quotacheck: Done.
[  460.890695][ T5769] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  461.386729][ T9863] netlink: 'syz.2.998': attribute type 1 has an invalid length.
[  461.487915][ T9863] 8021q: adding VLAN 0 to HW filter on device bond6
[  464.874290][   T42] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  465.076442][   T42] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  465.101835][   T42] usb 2-1: config 5 has no interface number 0
[  465.123769][   T42] usb 2-1: config 5 interface 75 has no altsetting 0
[  465.150447][   T42] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  465.167453][   T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.179616][   T42] usb 2-1: Product: syz
[  465.183913][   T42] usb 2-1: Manufacturer: syz
[  465.190260][   T42] usb 2-1: SerialNumber: syz
[  466.324592][ T9922] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  466.334892][ T9922] cramfs: wrong magic
[  467.604637][   T42] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  467.644718][   T42] gspca_sunplus: reg_w_riv err -71
[  467.706688][   T42] sunplus: probe of 2-1:5.75 failed with error -71
[  467.729121][   T42] usb 2-1: USB disconnect, device number 4
[  470.446150][ T9969] netlink: 'syz.3.1024': attribute type 1 has an invalid length.
[  470.477898][ T9969] 8021q: adding VLAN 0 to HW filter on device bond5
[  470.684260][   T42] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  470.865853][   T42] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  470.893142][   T42] usb 2-1: config 5 has no interface number 0
[  470.926693][   T42] usb 2-1: config 5 interface 75 has no altsetting 0
[  470.946051][   T42] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  470.955314][   T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.975019][   T42] usb 2-1: Product: syz
[  470.983395][   T42] usb 2-1: Manufacturer: syz
[  470.992672][   T42] usb 2-1: SerialNumber: syz
[  473.681742][   T42] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  473.713113][   T42] gspca_sunplus: reg_w_riv err -71
[  473.724711][   T42] sunplus: probe of 2-1:5.75 failed with error -71
[  473.762297][   T42] usb 2-1: USB disconnect, device number 5
[  474.794634][   T42] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  475.004216][   T42] usb 3-1: Using ep0 maxpacket: 8
[  475.011595][   T42] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  475.033748][   T42] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  475.074601][   T42] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  475.104323][   T42] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  475.133759][   T42] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  475.153559][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.396258][   T42] usb 3-1: usb_control_msg returned -32
[  475.401917][   T42] usbtmc 3-1:16.0: can't read capabilities
[  477.834551][ T5812] usb 3-1: USB disconnect, device number 7
[  481.168543][T10082] syzkaller0: entered promiscuous mode
[  481.191614][T10082] syzkaller0: entered allmulticast mode
[  482.650607][T10102] IPVS: dh: FWM 3 0x00000003 - no destination available
[  487.654174][ T5809] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  487.848452][ T5809] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  487.858123][ T5809] usb 2-1: config 5 has no interface number 0
[  487.868914][ T5809] usb 2-1: config 5 interface 75 has no altsetting 0
[  487.887248][ T5809] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  487.904221][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.922563][ T5809] usb 2-1: Product: syz
[  487.927001][ T5809] usb 2-1: Manufacturer: syz
[  487.931642][ T5809] usb 2-1: SerialNumber: syz
[  488.034300][ T1144] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  488.227328][ T1144] usb 4-1: Using ep0 maxpacket: 8
[  488.243864][ T1144] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  488.271003][ T1144] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  488.312923][ T1144] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  488.353574][ T1144] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  488.416717][ T1144] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  488.504421][ T1144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.995657][ T1144] usb 4-1: usb_control_msg returned -32
[  489.048464][ T1144] usbtmc 4-1:16.0: can't read capabilities
[  490.083994][T10185] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  490.104235][T10185] cramfs: wrong magic
[  490.778052][ T5809] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  490.803712][ T5809] gspca_sunplus: reg_w_riv err -71
[  490.844389][ T5809] sunplus: probe of 2-1:5.75 failed with error -71
[  490.865376][ T5809] usb 2-1: USB disconnect, device number 6
[  491.066204][ T5810] usb 4-1: USB disconnect, device number 6
[  493.447668][T10214] netlink: 'syz.1.1092': attribute type 1 has an invalid length.
[  493.521185][T10214] 8021q: adding VLAN 0 to HW filter on device bond3
[  494.052048][T10230] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  494.156961][T10230] tipc: Resetting bearer <eth:syzkaller0>
[  494.212315][T10227] tipc: Disabling bearer <eth:syzkaller0>
[  497.654223][ T5809] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  497.878739][ T5809] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  497.891865][ T5809] usb 2-1: config 5 has no interface number 0
[  497.909451][ T5809] usb 2-1: config 5 interface 75 has no altsetting 0
[  497.935366][ T5809] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  497.958659][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.979262][ T5809] usb 2-1: Product: syz
[  497.983752][ T5809] usb 2-1: Manufacturer: syz
[  498.003583][ T5809] usb 2-1: SerialNumber: syz
[  500.926218][ T5809] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  500.944208][ T5809] gspca_sunplus: reg_w_riv err -71
[  500.949649][ T5809] sunplus: probe of 2-1:5.75 failed with error -71
[  500.971957][ T5809] usb 2-1: USB disconnect, device number 7
[  502.294144][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  502.878842][T10297] loop1: detected capacity change from 0 to 32768
[  502.894473][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  502.900793][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  502.965006][T10297] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  503.051579][T10297] XFS (loop1): Ending clean mount
[  503.090572][T10297] XFS (loop1): Quotacheck needed: Please wait.
[  503.139275][T10297] XFS (loop1): Quotacheck: Done.
[  503.929931][ T5769] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  505.720307][T10333] loop2: detected capacity change from 0 to 32768
[  505.881893][T10333] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  506.179397][T10333] XFS (loop2): Ending clean mount
[  506.229712][T10333] XFS (loop2): Quotacheck needed: Please wait.
[  506.290298][T10333] XFS (loop2): Quotacheck: Done.
[  507.229076][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  511.714715][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  514.691390][T10426] loop0: detected capacity change from 0 to 32768
[  514.846069][T10426] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  515.076478][T10426] XFS (loop0): Ending clean mount
[  515.084797][T10426] XFS (loop0): Quotacheck needed: Please wait.
[  515.144283][T10426] XFS (loop0): Quotacheck: Done.
[  515.655299][T10441] loop3: detected capacity change from 0 to 32768
[  515.854764][T10441] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  516.058562][T10441] XFS (loop3): Ending clean mount
[  516.079020][T10441] XFS (loop3): Quotacheck needed: Please wait.
[  516.124240][ T5766] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  516.195876][T10441] XFS (loop3): Quotacheck: Done.
[  517.163898][ T5767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  518.850558][T10473] IPVS: dh: FWM 3 0x00000003 - no destination available
[  519.980423][T10485] loop2: detected capacity change from 0 to 32768
[  520.070120][T10485] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  520.148327][T10485] XFS (loop2): Ending clean mount
[  520.168067][T10485] XFS (loop2): Quotacheck needed: Please wait.
[  520.269389][T10485] XFS (loop2): Quotacheck: Done.
[  520.587064][T10499] netlink: 'syz.3.1153': attribute type 1 has an invalid length.
[  520.887621][T10499] 8021q: adding VLAN 0 to HW filter on device bond6
[  521.214678][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  521.353092][ T5810] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  521.556824][ T5810] usb 2-1: Using ep0 maxpacket: 8
[  521.564443][ T5810] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  521.584760][ T5810] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  521.622327][ T5810] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  521.655018][ T5810] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  521.694314][ T5810] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  521.713744][ T5810] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.974974][ T5810] usb 2-1: usb_control_msg returned -32
[  521.980662][ T5810] usbtmc 2-1:16.0: can't read capabilities
[  524.167295][ T5810] usb 2-1: USB disconnect, device number 8
[  524.289299][T10537] loop3: detected capacity change from 0 to 32768
[  524.341033][T10537] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  524.438960][T10537] XFS (loop3): Ending clean mount
[  524.455221][T10537] XFS (loop3): Quotacheck needed: Please wait.
[  524.524693][T10537] XFS (loop3): Quotacheck: Done.
[  524.734251][ T5810] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  524.971882][ T5810] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  524.983045][ T5810] usb 2-1: config 5 has no interface number 0
[  525.037178][ T5810] usb 2-1: config 5 interface 75 has no altsetting 0
[  525.132147][ T5810] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  525.154176][ T5810] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.177368][ T5810] usb 2-1: Product: syz
[  525.181601][ T5810] usb 2-1: Manufacturer: syz
[  525.199125][ T5810] usb 2-1: SerialNumber: syz
[  525.496212][ T5767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  525.856343][T10552] loop0: detected capacity change from 0 to 32768
[  526.120554][T10552] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  526.449686][T10552] XFS (loop0): Ending clean mount
[  526.652641][T10552] XFS (loop0): Quotacheck needed: Please wait.
[  526.860500][T10552] XFS (loop0): Quotacheck: Done.
[  527.850669][ T5766] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  528.069907][ T5810] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  528.076693][ T5810] gspca_sunplus: reg_w_riv err -71
[  528.081921][ T5810] sunplus: probe of 2-1:5.75 failed with error -71
[  528.094283][ T5810] usb 2-1: USB disconnect, device number 9
[  528.500434][T10581] loop1: detected capacity change from 0 to 32768
[  528.540579][T10581] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  528.772692][T10581] XFS (loop1): Ending clean mount
[  528.783198][T10581] XFS (loop1): Quotacheck needed: Please wait.
[  529.108540][T10581] XFS (loop1): Quotacheck: Done.
[  529.965508][ T5769] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  530.521701][T10604] loop2: detected capacity change from 0 to 32768
[  530.648201][T10604] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  531.256599][T10604] XFS (loop2): Ending clean mount
[  531.265331][T10604] XFS (loop2): Quotacheck needed: Please wait.
[  531.412975][T10604] XFS (loop2): Quotacheck: Done.
[  532.370895][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  532.544288][ T1144] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  532.774178][ T1144] usb 4-1: Using ep0 maxpacket: 8
[  532.802290][ T1144] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  532.849487][ T1144] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  532.899140][ T1144] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  532.916313][T10639] IPVS: dh: FWM 3 0x00000003 - no destination available
[  532.964215][ T1144] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  533.039152][ T1144] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  533.085817][ T1144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.333830][ T1144] usb 4-1: usb_control_msg returned -32
[  533.345694][ T1144] usbtmc 4-1:16.0: can't read capabilities
[  534.854910][T10658] loop2: detected capacity change from 0 to 32768
[  534.917120][T10658] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  534.976450][T10658] XFS (loop2): Ending clean mount
[  534.987194][T10658] XFS (loop2): Quotacheck needed: Please wait.
[  535.041584][T10658] XFS (loop2): Quotacheck: Done.
[  535.699426][ T2168] usb 4-1: USB disconnect, device number 7
[  535.999843][ T5768] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  536.371122][T10683] tipc: Started in network mode
[  536.394296][T10683] tipc: Node identity b204615bebc5, cluster identity 4711
[  536.414544][T10683] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  536.444614][T10683] syzkaller0: entered promiscuous mode
[  536.467342][T10683] syzkaller0: entered allmulticast mode
[  536.612562][T10682] tipc: Resetting bearer <eth:syzkaller0>
[  537.453719][T10682] tipc: Disabling bearer <eth:syzkaller0>
[  537.540011][T10688] misc userio: The device must be registered before sending interrupts
[  537.570336][    T9] tipc: Node number set to 1505845595
[  538.644186][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  538.875814][    T9] usb 3-1: config 5 has an invalid interface number: 75 but max is 0
[  538.883989][    T9] usb 3-1: config 5 has no interface number 0
[  538.920265][    T9] usb 3-1: config 5 interface 75 has no altsetting 0
[  538.930495][    T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  538.964001][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.972141][    T9] usb 3-1: Product: syz
[  539.004142][    T9] usb 3-1: Manufacturer: syz
[  539.008895][    T9] usb 3-1: SerialNumber: syz
[  539.293782][T10722] loop0: detected capacity change from 0 to 32768
[  539.733630][T10725] loop1: detected capacity change from 0 to 32768
[  539.993505][T10722] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  540.062261][T10725] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  540.355346][T10722] XFS (loop0): Ending clean mount
[  540.368245][T10725] XFS (loop1): Ending clean mount
[  540.376459][T10722] XFS (loop0): Quotacheck needed: Please wait.
[  540.416310][T10725] XFS (loop1): Quotacheck needed: Please wait.
[  540.604845][T10722] XFS (loop0): Quotacheck: Done.
[  540.649490][T10725] XFS (loop1): Quotacheck: Done.
[  541.798996][    T9] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  541.820432][    T9] gspca_sunplus: reg_w_riv err -71
[  541.839330][    T9] sunplus: probe of 3-1:5.75 failed with error -71
[  541.887496][ T5766] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  541.906581][    T9] usb 3-1: USB disconnect, device number 8
[  541.959900][ T5769] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  542.804545][T10753] misc userio: The device must be registered before sending interrupts
[  544.786994][ T5810] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  545.006566][ T5810] usb 2-1: config 5 has an invalid interface number: 75 but max is 0
[  545.024270][ T5810] usb 2-1: config 5 has no interface number 0
[  545.042428][ T5810] usb 2-1: config 5 interface 75 has no altsetting 0
[  545.066255][ T5810] usb 2-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  545.084118][ T5810] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.092226][ T5810] usb 2-1: Product: syz
[  545.103639][ T5810] usb 2-1: Manufacturer: syz
[  545.110124][ T5810] usb 2-1: SerialNumber: syz
[  545.315055][ T5809] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  545.388515][T10789] misc userio: The device must be registered before sending interrupts
[  545.598730][ T5809] usb 3-1: Using ep0 maxpacket: 8
[  545.635265][ T5809] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  547.506404][ T5809] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  547.544399][ T5809] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  547.556633][ T5809] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  547.572066][ T5809] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  547.583349][ T5809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.106502][ T5809] usb 3-1: usb_control_msg returned -71
[  548.120542][ T5809] usbtmc 3-1:16.0: can't read capabilities
[  548.186829][ T5809] usb 3-1: USB disconnect, device number 9
[  548.488128][ T5810] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  548.498509][ T5810] gspca_sunplus: reg_w_riv err -71
[  548.503745][ T5810] sunplus: probe of 2-1:5.75 failed with error -71
[  548.512596][ T5810] usb 2-1: USB disconnect, device number 10
[  549.032719][T10806] loop3: detected capacity change from 0 to 32768
[  549.067681][T10806] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  549.102969][T10806] XFS (loop3): Ending clean mount
[  549.122010][T10806] XFS (loop3): Quotacheck needed: Please wait.
[  549.244508][T10806] XFS (loop3): Quotacheck: Done.
[  550.198489][ T5810] IPVS: starting estimator thread 0...
[  550.205654][ T5767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  550.229678][T10831] IPVS: dh: FWM 3 0x00000003 - no destination available
[  550.344317][T10832] IPVS: using max 16 ests per chain, 38400 per kthread
[  553.254154][T10850] misc userio: The device must be registered before sending interrupts
[  555.291670][T10884] misc userio: The device must be registered before sending interrupts
[  559.359009][T10930] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1251'.
[  561.549047][T10960] IPVS: dh: FWM 3 0x00000003 - no destination available
[  563.348002][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  563.354892][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  563.460118][T10978] misc userio: The device must be registered before sending interrupts
[  563.706504][T10983] tipc: Started in network mode
[  563.722350][T10983] tipc: Node identity c6d175993a2c, cluster identity 4711
[  563.753957][T10983] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  563.789268][T10987] syzkaller0: entered promiscuous mode
[  563.795572][T10987] syzkaller0: entered allmulticast mode
[  563.924758][T10983] tipc: Resetting bearer <eth:syzkaller0>
[  563.981030][T10982] tipc: Resetting bearer <eth:syzkaller0>
[  564.045499][T10982] tipc: Disabling bearer <eth:syzkaller0>
[  564.168789][T10990] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  564.178100][T10990] cramfs: wrong magic
[  565.964325][T11016] misc userio: The device must be registered before sending interrupts
[  567.207585][T11045] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  567.216355][T11045] cramfs: wrong magic
[  569.531455][T11080] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  569.551450][T11080] syzkaller0: entered promiscuous mode
[  569.560567][T11080] syzkaller0: entered allmulticast mode
[  569.652538][T11080] tipc: Resetting bearer <eth:syzkaller0>
[  569.682682][T11079] tipc: Resetting bearer <eth:syzkaller0>
[  569.745181][T11079] tipc: Disabling bearer <eth:syzkaller0>
[  573.722689][T11142] IPVS: dh: FWM 3 0x00000003 - no destination available
[  575.564318][ T1144] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  575.929716][ T1144] usb 1-1: config 5 has an invalid interface number: 75 but max is 0
[  575.938747][ T1144] usb 1-1: config 5 has no interface number 0
[  575.950111][ T1144] usb 1-1: config 5 interface 75 has no altsetting 0
[  575.972146][ T1144] usb 1-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  575.987825][ T1144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.996803][ T1144] usb 1-1: Product: syz
[  576.001118][ T1144] usb 1-1: Manufacturer: syz
[  576.008295][ T1144] usb 1-1: SerialNumber: syz
[  576.039256][T11181] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  576.046736][T11181] cramfs: wrong magic
[  576.262049][ T1144] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  576.271124][ T1144] gspca_sunplus: reg_w_riv err -71
[  576.277295][ T1144] sunplus: probe of 1-1:5.75 failed with error -71
[  576.289626][ T1144] usb 1-1: USB disconnect, device number 3
[  583.688661][T11268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1344'.
[  583.775780][T11268] netlink: 'syz.3.1344': attribute type 20 has an invalid length.
[  583.838818][T11283] syz.3.1344 (11283): drop_caches: 2
[  583.844391][T11268] netlink: 'syz.3.1344': attribute type 21 has an invalid length.
[  584.583735][T11287] misc userio: The device must be registered before sending interrupts
[  586.783708][T11320] misc userio: The device must be registered before sending interrupts
[  587.232322][T11334] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  588.584863][T11339] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  590.531978][T11368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1370'.
[  593.171050][T11373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1372'.
[  593.206312][T11373] netlink: 'syz.3.1372': attribute type 20 has an invalid length.
[  593.245541][T11373] netlink: 'syz.3.1372': attribute type 21 has an invalid length.
[  593.879843][T11373] syz.3.1372 (11373): drop_caches: 2
[  594.015875][T11396] misc userio: The device must be registered before sending interrupts
[  596.916931][T11423] misc userio: The device must be registered before sending interrupts
[  597.521202][T11445] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  599.047471][T11436] misc userio: The device must be registered before sending interrupts
[  602.148435][T11471] misc userio: The device must be registered before sending interrupts
[  603.001621][T11457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1391'.
[  603.014367][T11457] netlink: 'syz.1.1391': attribute type 20 has an invalid length.
[  603.024555][T11457] netlink: 'syz.1.1391': attribute type 21 has an invalid length.
[  603.102833][T11457] syz.1.1391 (11457): drop_caches: 2
[  604.954108][T11487] delete_channel: no stack
[  606.603653][T11512] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  607.015873][T11520] misc userio: The device must be registered before sending interrupts
[  611.224764][T11551] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  612.469036][T11549] misc userio: The device must be registered before sending interrupts
[  617.341201][T11603] misc userio: The device must be registered before sending interrupts
[  623.705430][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1437'.
[  623.724393][T11663] netlink: 'syz.0.1437': attribute type 20 has an invalid length.
[  623.743977][T11663] netlink: 'syz.0.1437': attribute type 21 has an invalid length.
[  623.893545][T11662] syz.0.1437 (11662): drop_caches: 2
[  624.853392][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  624.863011][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  627.320255][T11710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1448'.
[  627.413643][T11710] netlink: 'syz.1.1448': attribute type 20 has an invalid length.
[  627.422122][T11710] netlink: 'syz.1.1448': attribute type 21 has an invalid length.
[  628.270088][T11706] syz.1.1448 (11706): drop_caches: 2
[  628.541881][T11726] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1458'.
[  628.882301][T11736] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  629.164234][ T1144] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  629.364272][ T1144] usb 2-1: Using ep0 maxpacket: 32
[  629.379599][ T1144] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  629.410938][ T1144] usb 2-1: config 0 has no interface number 0
[  629.426274][ T1144] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  629.436327][ T1144] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.472129][ T1144] usb 2-1: Product: syz
[  629.486392][ T1144] usb 2-1: Manufacturer: syz
[  629.496673][ T1144] usb 2-1: SerialNumber: syz
[  629.514892][ T1144] usb 2-1: config 0 descriptor??
[  629.543266][ T1144] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  629.558305][ T1144] usb 2-1: selecting invalid altsetting 1
[  629.583298][T11758] process 'syz.3.1466' launched './file0' with NULL argv: empty string added
[  629.594777][ T1144] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  629.662492][ T1144] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  629.673510][ T1144] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  629.711709][ T1144] usb 2-1: media controller created
[  629.875999][ T1144] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  629.997699][ T1144] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  630.018999][ T1144] zl10353_read_register: readreg error (reg=127, ret==-71)
[  630.030264][ T1144] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  630.171949][ T1144] usb 2-1: USB disconnect, device number 11
[  630.344875][   T27] audit: type=1800 audit(1775267294.451:7): pid=11758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1466" name="/" dev="fuse" ino=9 res=0 errno=0
[  630.670199][   T27] audit: type=1326 audit(1775267294.781:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  630.754947][   T27] audit: type=1326 audit(1775267294.781:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  630.780442][T11769] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1470'.
[  630.822995][   T27] audit: type=1326 audit(1775267294.781:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  630.869979][T11769] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1470'.
[  630.906478][   T27] audit: type=1326 audit(1775267294.781:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.007652][   T27] audit: type=1326 audit(1775267294.781:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.111911][   T27] audit: type=1326 audit(1775267294.781:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.164150][   T27] audit: type=1326 audit(1775267294.781:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.211401][   T27] audit: type=1326 audit(1775267294.781:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.238016][   T27] audit: type=1326 audit(1775267294.781:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11770 comm="syz.3.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f0b92b9c819 code=0x7ffc0000
[  631.335198][T11788] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  633.091731][T11825] bridge0: entered promiscuous mode
[  633.117903][T11825] macvtap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  633.521922][T11837] binfmt_misc: register: failed to install interpreter file ./file0
[  633.582079][T11837] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1494'.
[  635.254188][ T5809] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  635.464118][ T5809] usb 2-1: Using ep0 maxpacket: 32
[  635.479704][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  635.506328][ T5809] usb 2-1: config 0 has no interfaces?
[  635.534550][ T5809] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  635.555788][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.591166][ T5809] usb 2-1: Product: syz
[  635.611640][ T5809] usb 2-1: Manufacturer: syz
[  635.636160][ T5809] usb 2-1: SerialNumber: syz
[  635.670719][ T5809] usb 2-1: config 0 descriptor??
[  635.907047][T11861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.926456][T11861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.981525][ T1144] usb 2-1: USB disconnect, device number 12
[  636.898910][T11879] ªªªªªª5gæ¹Q[Ô: renamed from lo (while UP)
[  637.274798][ T5812] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  637.354458][ T9044] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  637.484865][ T5812] usb 1-1: Using ep0 maxpacket: 8
[  637.492048][ T5812] usb 1-1: config 2 has an invalid interface number: 72 but max is 0
[  637.511054][ T5812] usb 1-1: config 2 has no interface number 0
[  637.523644][ T5812] usb 1-1: config 2 interface 72 altsetting 255 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  637.542665][ T5812] usb 1-1: config 2 interface 72 has no altsetting 0
[  637.560284][ T5812] usb 1-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=cf.6f
[  637.565979][ T9044] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.573552][ T5812] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.607592][ T5812] usb 1-1: Product: syz
[  637.611918][ T5812] usb 1-1: Manufacturer: syz
[  637.619119][ T9044] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.635642][ T9044] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  637.651859][ T9044] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  637.655088][ T5812] usb 1-1: SerialNumber: syz
[  637.674388][ T9044] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.723762][ T9044] usb 2-1: config 0 descriptor??
[  637.882096][T11895] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  637.934466][T11883] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  637.942893][T11883] IPv6: NLM_F_CREATE should be set when creating new route
[  639.014500][T11883] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.022472][T11883] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.726952][T11883] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  640.916712][T11883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  641.433102][T11883] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.451784][T11883] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.472308][T11883] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.483231][T11883] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  642.006426][ T5812] lg-vl600 1-1:2.72: invalid descriptor buffer length
[  642.094167][ T5812] usb 1-1: bad CDC descriptors
[  642.188217][ T5812] usb 1-1: USB disconnect, device number 4
[  642.533082][ T9044] usbhid 2-1:0.0: can't add hid device: -71
[  642.539390][ T9044] usbhid: probe of 2-1:0.0 failed with error -71
[  642.579761][ T9044] usb 2-1: USB disconnect, device number 13
[  643.432806][T11963] netlink: 'syz.0.1529': attribute type 10 has an invalid length.
[  643.452402][T11963] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  643.573770][T11963] 8021q: adding VLAN 0 to HW filter on device bond4
[  643.768115][T11965] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  643.838635][T11965] bond4: (slave macvlan2): Enslaving as a backup interface with an up link
[  643.915827][T11963] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1529'.
[  644.065167][T11963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1529'.
[  644.594159][ T5829] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  644.784198][ T5829] usb 4-1: Using ep0 maxpacket: 32
[  644.791298][ T5829] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  644.809496][ T5829] usb 4-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping
[  644.835831][ T5829] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  644.868298][T11986] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1537'.
[  644.877360][ T5829] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  644.877390][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.877411][ T5829] usb 4-1: Product: syz
[  644.877425][ T5829] usb 4-1: Manufacturer: syz
[  644.877442][ T5829] usb 4-1: SerialNumber: syz
[  644.908873][ T5829] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  644.928212][ T5829] imon 4-1:155.0: unable to initialize intf0, err -19
[  644.946384][ T5829] imon:imon_probe: failed to initialize context!
[  644.963969][ T5829] imon 4-1:155.0: unable to register, err -19
[  646.757666][T12000] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  647.330521][ T5811] usb 4-1: USB disconnect, device number 8
[  649.077824][T12045] mmap: syz.1.1551 (12045) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  649.230995][T12048] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1556'.
[  649.684173][T11935] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  649.892270][T11935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.938866][T11935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  649.981458][T11935] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  650.073391][T11935] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  650.124221][T11935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.162216][T11935] usb 4-1: config 0 descriptor??
[  650.944045][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  651.024061][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  652.103120][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1570'.
[  652.129743][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1570'.
[  653.339276][T11935] usbhid 4-1:0.0: can't add hid device: -71
[  653.345971][T11935] usbhid: probe of 4-1:0.0 failed with error -71
[  653.380297][T11935] usb 4-1: USB disconnect, device number 9
[  653.939206][   T27] kauditd_printk_skb: 5 callbacks suppressed
[  653.939224][   T27] audit: type=1326 audit(1775267318.011:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.0.1572" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x0
[  654.344230][T11935] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  654.624322][T11935] usb 4-1: Using ep0 maxpacket: 32
[  654.641433][T11935] usb 4-1: unable to get BOS descriptor or descriptor too short
[  654.651075][T11935] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  654.667351][T11935] usb 4-1: config 1 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  654.697153][T11935] usb 4-1: config 1 interface 0 has no altsetting 0
[  654.718910][T11935] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  654.731173][T11935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.740763][T11935] usb 4-1: Product: syz
[  654.755573][T11935] usb 4-1: Manufacturer: syz
[  654.760289][T11935] usb 4-1: SerialNumber: syz
[  655.036398][T11935] usb 4-1: bad CDC descriptors
[  655.051524][T11935] usb 4-1: USB disconnect, device number 10
[  655.730065][T12127] netlink: 324 bytes leftover after parsing attributes in process `syz.2.1581'.
[  656.224790][T11935] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  656.381360][T12136] syz.1.1590 (12136) used greatest stack depth: 20528 bytes left
[  656.472420][T11935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.514977][T11935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.569014][T11935] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  656.607530][T11935] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  656.654806][T11935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.680364][T11935] usb 3-1: config 0 descriptor??
[  660.566377][T11935] usbhid 3-1:0.0: can't add hid device: -71
[  660.634769][T11935] usbhid: probe of 3-1:0.0 failed with error -71
[  660.652883][T11935] usb 3-1: USB disconnect, device number 10
[  660.943543][T12206] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  664.845417][T12293] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  664.888752][T12293] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.896268][T12293] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.910158][T12293] bridge0: entered allmulticast mode
[  665.851794][T12319] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1618'.
[  669.592605][T12371] netlink: set zone limit has 8 unknown bytes
[  669.683952][T12373] kvm: pic: single mode not supported
[  669.698135][T12373] kvm: pic: single mode not supported
[  669.722267][T12373] kvm: pic: single mode not supported
[  669.755094][T12373] kvm: pic: single mode not supported
[  669.787289][T12373] kvm: pic: level sensitive irq not supported
[  669.800127][T12373] kvm: pic: level sensitive irq not supported
[  669.811301][T12373] kvm: pic: single mode not supported
[  669.817847][T12373] kvm: pic: level sensitive irq not supported
[  669.834528][T12373] kvm: pic: single mode not supported
[  669.840700][T12373] kvm: pic: level sensitive irq not supported
[  669.850722][T12373] kvm: pic: level sensitive irq not supported
[  669.858974][T12373] kvm: pic: level sensitive irq not supported
[  669.870156][T12373] kvm: pic: single mode not supported
[  669.876440][T12373] kvm: pic: level sensitive irq not supported
[  669.883542][T12373] kvm: pic: single mode not supported
[  669.889974][T12373] kvm: pic: level sensitive irq not supported
[  669.902947][T12373] kvm: pic: single mode not supported
[  669.909761][T12373] kvm: pic: single mode not supported
[  669.938603][T12373] kvm: pic: level sensitive irq not supported
[  669.958738][T12373] kvm: pic: level sensitive irq not supported
[  670.110139][T12379] netlink: 'syz.2.1640': attribute type 3 has an invalid length.
[  675.141175][T12455] fuse: Bad value for 'fd'
[  675.777799][T12462] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  676.873673][T12481] fuse: Bad value for 'fd'
[  677.264246][   T23] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  677.468562][   T23] usb 2-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  677.478341][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.487031][   T23] usb 2-1: Product: syz
[  677.491467][   T23] usb 2-1: Manufacturer: syz
[  677.496234][   T23] usb 2-1: SerialNumber: syz
[  677.508119][   T23] usb 2-1: config 0 descriptor??
[  677.521220][   T23] gspca_main: sonixb-2.14.0 probing 0c45:6005
[  677.941448][   T23] input: sonixb as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5
[  678.163614][ T5812] usb 2-1: USB disconnect, device number 14
[  679.323362][T12519] fuse: Bad value for 'fd'
[  681.768570][T12581] netlink: 'syz.3.1704': attribute type 4 has an invalid length.
[  682.284354][ T2168] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  682.604820][ T2168] usb 4-1: Using ep0 maxpacket: 16
[  682.674699][ T2168] usb 4-1: config 0 has no interfaces?
[  682.713513][ T2168] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  682.814330][ T2168] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  682.849343][ T2168] usb 4-1: Manufacturer: syz
[  682.867773][ T2168] usb 4-1: config 0 descriptor??
[  683.005793][T12591] binder_alloc: 12589: binder_alloc_buf, no vma
[  683.512745][   T27] audit: type=1326 audit(1775267347.621:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.545694][   T27] audit: type=1326 audit(1775267347.621:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.588257][   T27] audit: type=1326 audit(1775267347.621:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.649772][   T27] audit: type=1326 audit(1775267347.621:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.672880][   T27] audit: type=1326 audit(1775267347.631:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.696481][   T27] audit: type=1326 audit(1775267347.631:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.719105][   T27] audit: type=1326 audit(1775267347.631:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.742018][   T27] audit: type=1326 audit(1775267347.631:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.769000][   T27] audit: type=1326 audit(1775267347.631:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  683.858566][   T27] audit: type=1326 audit(1775267347.631:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7fc00000
[  684.291099][T12603] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1712'.
[  684.329943][T12603] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1712'.
[  685.186642][T12618] binder_alloc: 12616: binder_alloc_buf, no vma
[  685.301033][ T9044] usb 4-1: USB disconnect, device number 11
[  686.144483][ T5812] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  686.229333][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  686.235823][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  686.369474][ T5812] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  686.406728][ T5812] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.419224][ T5812] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.431576][ T5812] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  686.450891][ T5812] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  686.460625][ T5812] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  686.475564][ T5812] usb 2-1: Manufacturer: syz
[  686.491756][ T5812] usb 2-1: config 0 descriptor??
[  686.947646][ T5812] appleir 0003:05AC:8243.0001: unknown main item tag 0x0
[  686.978463][ T5812] appleir 0003:05AC:8243.0001: No inputs registered, leaving
[  687.012892][ T5812] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  687.848480][T12630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  687.902830][T12644] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1722'.
[  688.375483][   T23] usb 2-1: reset high-speed USB device number 15 using dummy_hcd
[  688.918176][T12668] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1728'.
[  690.795860][ T9044] usb 2-1: USB disconnect, device number 15
[  691.134381][T12689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1735'.
[  691.143757][T12689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1735'.
[  691.692606][   T27] kauditd_printk_skb: 57 callbacks suppressed
[  691.692654][   T27] audit: type=1326 audit(1775267355.801:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  691.731638][   T27] audit: type=1326 audit(1775267355.801:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  691.844379][   T27] audit: type=1326 audit(1775267355.811:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  691.852778][T12707] netlink: 'syz.0.1742': attribute type 3 has an invalid length.
[  691.911209][   T27] audit: type=1326 audit(1775267355.811:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  691.954268][   T27] audit: type=1326 audit(1775267355.811:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  692.245600][T12719] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1747'.
[  692.259658][T12719] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1747'.
[  693.790254][T12739] fuse: Bad value for 'fd'
[  694.084118][ T9044] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  694.162175][T12746] fuse: Unknown parameter 'user_id00000000000000000000'
[  694.271781][   T27] audit: type=1326 audit(1775267358.381:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.0.1754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7ffc0000
[  694.342130][T12748] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1756'.
[  694.342671][   T27] audit: type=1326 audit(1775267358.381:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.0.1754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7ffc0000
[  694.398338][T12748] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1756'.
[  694.414567][ T9044] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  694.430459][ T9044] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.440497][ T9044] usb 3-1: Product: syz
[  694.447755][ T9044] usb 3-1: Manufacturer: syz
[  694.453004][ T9044] usb 3-1: SerialNumber: syz
[  694.461585][   T27] audit: type=1326 audit(1775267358.411:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.0.1754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f0a0619c819 code=0x7ffc0000
[  694.508327][   T27] audit: type=1326 audit(1775267358.411:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.0.1754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0619c819 code=0x7ffc0000
[  694.531671][   T27] audit: type=1326 audit(1775267358.421:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.0.1754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a0619c819 code=0x7ffc0000
[  694.589157][ T9044] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  694.751589][ T5811] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  695.824211][ T5811] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  695.838634][ T5811] ath9k_htc: Failed to initialize the device
[  695.901736][ T5811] usb 3-1: ath9k_htc: USB layer deinitialized
[  697.802965][ T9044] usb 3-1: USB disconnect, device number 11
[  700.013362][   T38] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.023421][T12803] 
: renamed from bridge_slave_0
[  700.141588][T12813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1778'.
[  701.854263][ T5812] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  702.044110][ T5812] usb 1-1: Using ep0 maxpacket: 8
[  702.054843][ T5812] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  702.070708][ T5812] usb 1-1: config 0 has no interface number 0
[  702.082879][ T5812] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  702.096819][ T5812] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  702.121014][ T5812] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  702.144759][ T5812] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  702.156853][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.169712][ T5812] usb 1-1: config 0 descriptor??
[  702.188377][ T5812] ldusb 1-1:0.55: Interrupt in endpoint not found
[  702.425332][ T5812] usb 1-1: USB disconnect, device number 5
[  703.048017][ T5812] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  703.285329][ T5812] usb 3-1: Using ep0 maxpacket: 16
[  703.354108][ T5812] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  703.370941][ T5812] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  703.410658][T12847] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1787'.
[  703.422060][T12847] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1787'.
[  703.554194][ T5829] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  703.894269][ T5829] usb 1-1: Using ep0 maxpacket: 16
[  703.931717][ T5829] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  703.946288][ T5829] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  703.973929][T12852] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1790'.
[  703.984470][T12852] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1790'.
[  705.742994][ T5812] usb 3-1: string descriptor 0 read error: -71
[  705.749640][ T5812] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  705.848197][ T5812] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.895640][ T5812] usb 3-1: can't set config #1, error -71
[  705.923128][ T5812] usb 3-1: USB disconnect, device number 12
[  706.708224][ T5829] usb 1-1: string descriptor 0 read error: -71
[  706.726624][ T5829] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  706.736740][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.748885][ T5829] usb 1-1: can't set config #1, error -71
[  706.757335][ T5829] usb 1-1: USB disconnect, device number 6
[  709.954569][T12932] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  710.122981][   T27] kauditd_printk_skb: 34 callbacks suppressed
[  710.122999][   T27] audit: type=1326 audit(1775267374.231:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.238214][   T27] audit: type=1326 audit(1775267374.231:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.324416][   T27] audit: type=1326 audit(1775267374.231:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.427409][   T27] audit: type=1326 audit(1775267374.231:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.522586][   T27] audit: type=1326 audit(1775267374.241:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.675518][   T27] audit: type=1326 audit(1775267374.241:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.774755][   T27] audit: type=1326 audit(1775267374.241:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  710.993480][   T27] audit: type=1326 audit(1775267374.241:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  711.124479][   T27] audit: type=1326 audit(1775267374.241:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc11b9c819 code=0x7ffc0000
[  711.217060][   T27] audit: type=1326 audit(1775267374.271:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12934 comm="syz.2.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc11b5d04e code=0x7ffc0000
[  713.101774][T12980] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  715.639699][T13017] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1846'.
[  716.492629][T13046] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1856'.
[  718.081177][T13055] fuse: Bad value for 'fd'
[  720.978530][T13102] fuse: Bad value for 'fd'
[  722.828945][T13130] fuse: root generation should be zero
[  724.053053][T13139] fuse: Bad value for 'fd'
[  724.180439][T13143] fuse: Bad value for 'fd'
[  724.635700][T13148] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1892'.
[  725.878800][T13166] fuse: Bad value for 'fd'
[  727.057515][T13178] netlink: 'syz.2.1903': attribute type 4 has an invalid length.
[  727.166679][T13179] netlink: 'syz.2.1903': attribute type 4 has an invalid length.
[  727.396980][T13190] fuse: Bad value for 'fd'
[  729.374593][T13215] binder_alloc: 13211: binder_alloc_buf, no vma
[  729.397191][T13217] fuse: Bad value for 'group_id'
[  729.495319][T13220] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  731.086297][T13244] gretap0: entered promiscuous mode
[  731.619255][T13246] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  731.762218][T13257] syz.2.1931 uses obsolete (PF_INET,SOCK_PACKET)
[  731.979626][T13263] binder_alloc: 13261: binder_alloc_buf, no vma
[  732.464784][    C1] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.187
[  732.476670][    C1] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.187
[  732.820834][T13270] binder: 13269:13270 unknown command 1074553619
[  732.828063][T13270] binder: 13269:13270 ioctl c0306201 200000000480 returned -22
[  733.925018][ T5829] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  733.958093][T13286] fuse: Bad value for 'group_id'
[  734.409080][T13297] binder_alloc: 13291: binder_alloc_buf, no vma
[  735.934137][ T5812] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  736.139700][ T5812] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  736.216228][ T5812] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.254572][ T5812] usb 2-1: Product: syz
[  736.271855][ T5812] usb 2-1: Manufacturer: syz
[  736.295505][ T5812] usb 2-1: SerialNumber: syz
[  736.439101][ T5812] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  736.538113][T11935] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  736.955639][ T5812] usb 2-1: USB disconnect, device number 16
[  737.135893][ T5829] usb 4-1: unable to get BOS descriptor or descriptor too short
[  737.145875][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -71
[  737.166139][ T5829] usb 4-1: can't read configurations, error -71
[  737.772256][T11935] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  737.802005][T11935] ath9k_htc: Failed to initialize the device
[  737.815560][ T5812] usb 2-1: ath9k_htc: USB layer deinitialized
[  740.059312][T13353] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3901993312 (7803986624 ns) > initial count (6429106268 ns). Using initial count to start timer.
[  740.087452][T13353] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  742.414263][ T9044] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  742.604281][ T9044] usb 1-1: Using ep0 maxpacket: 32
[  742.614327][ T9044] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  742.622848][ T9044] usb 1-1: config 0 has no interface number 0
[  742.636807][ T9044] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  742.651101][ T9044] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.659770][ T9044] usb 1-1: Product: syz
[  742.669013][ T9044] usb 1-1: Manufacturer: syz
[  742.673819][ T9044] usb 1-1: SerialNumber: syz
[  742.690567][ T9044] usb 1-1: config 0 descriptor??
[  742.710101][ T9044] smsc95xx v2.0.0
[  743.115675][ T9044] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  743.126801][ T9044] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  743.195248][    C1] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.187
[  744.366091][T13440] loop9: detected capacity change from 0 to 7
[  744.404614][T13440] Dev loop9: unable to read RDB block 7
[  744.410900][T13440]  loop9: unable to read partition table
[  744.418654][T13440] loop9: partition table beyond EOD, truncated
[  744.428740][T13440] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  744.432634][T13445] binder: BINDER_SET_CONTEXT_MGR already set
[  744.464550][T13445] binder: 13441:13445 ioctl 4018620d 200000004a80 returned -16
[  745.406835][T13460] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  746.260407][T13471] fuse: Unknown parameter 'grou00000000000000000000'
[  746.375331][ T9044] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -71
[  746.417284][ T9044] smsc95xx: probe of 1-1:0.67 failed with error -71
[  746.435722][ T9044] usb 1-1: USB disconnect, device number 7
[  747.083162][T13485] binder: BINDER_SET_CONTEXT_MGR already set
[  747.090795][ T5811] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  747.101038][T13485] binder: 13483:13485 ioctl 4018620d 200000004a80 returned -16
[  747.289637][ T5811] usb 3-1: unable to get BOS descriptor or descriptor too short
[  747.338251][ T5811] usb 3-1: not running at top speed; connect to a high speed hub
[  747.385917][ T5811] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  747.424159][ T5811] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  747.460121][ T5811] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  747.487749][ T5811] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.504587][ T5811] usb 3-1: Product: syz
[  747.534282][ T5811] usb 3-1: Manufacturer: syz
[  747.538961][ T5811] usb 3-1: SerialNumber: syz
[  747.668713][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  747.675710][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  747.721305][T13490] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  747.815751][T13493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2020'.
[  748.646931][T13499] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2022'.
[  749.088491][T13504] fuse: Unknown parameter 'grou00000000000000000000'
[  749.968550][ T5811] usb 3-1: 0:2 : does not exist
[  750.010760][ T5811] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  750.074858][ T5811] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  750.131227][ T5811] usb 3-1: 0:0: failed to get current value for ch 1 (-22)
[  750.184646][ T5811] usb 3-1: 0:0: cannot get min/max values for control 2 (id 0)
[  750.243608][ T5811] usb 3-1: 0:0: cannot get min/max values for control 2 (id 0)
[  750.316049][ T9044] IPVS: starting estimator thread 0...
[  750.340314][ T5811] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  750.399602][ T5811] usb 3-1: USB disconnect, device number 13
[  750.424827][T13524] IPVS: using max 33 ests per chain, 79200 per kthread
[  750.486714][ T6312] udevd[6312]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  751.420096][T13536] fuse: Unknown parameter 'grou00000000000000000000'
[  752.926051][T13566] fuse: Unknown parameter 'group_i00000000000000000000'
[  754.384485][    C0] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.187
[  755.231607][T13596] fuse: Unknown parameter 'group_i00000000000000000000'
[  757.697816][T13627] fuse: Unknown parameter 'group_i00000000000000000000'
[  759.993395][T13659] fuse: Unknown parameter 'group_id00000000000000000000'
[  763.235115][T13697] fuse: Unknown parameter 'group_id00000000000000000000'
[  765.102823][T13726] fuse: Unknown parameter 'group_id00000000000000000000'
[  767.325089][T13760] fuse: Bad value for 'user_id'
[  770.138436][T13794] fuse: Bad value for 'user_id'
[  773.275245][T13834] fuse: Bad value for 'user_id'
[  776.053052][T13874] fuse: Bad value for 'fd'
[  777.123359][T13901] fuse: Bad value for 'fd'
[  779.004181][T13929] fuse: Bad value for 'fd'
[  784.984639][T14019] fuse: Bad value for 'fd'
[  787.880112][T14054] fuse: Invalid rootmode
[  790.763880][T14086] fuse: Invalid rootmode
[  794.243046][T14124] fuse: Invalid rootmode
[  795.670975][T14155] binder: 14154:14155 ioctl 4018620d 0 returned -22
[  796.574645][T14164] fuse: Bad value for 'rootmode'
[  799.320900][T14199] fuse: Bad value for 'rootmode'
[  800.711047][T14224] fuse: Bad value for 'rootmode'
[  802.289198][T14249] fuse: Unknown parameter 'use00000000000000000000'
[  805.457249][T14308] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  805.469072][T14308] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  805.481114][T14308] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  805.490056][T14308] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  805.500000][T14308] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  805.509727][T14308] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  806.640505][ T6148] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  806.880534][ T6148] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  806.906060][T14307] chnl_net:caif_netlink_parms(): no params data found
[  807.033113][ T6148] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  807.152356][ T6148] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  807.352213][T14344] binder: BINDER_SET_CONTEXT_MGR already set
[  807.361144][T14344] binder: 14340:14344 ioctl 4018620d 200000004a80 returned -16
[  807.394203][T14307] bridge0: port 1(bridge_slave_0) entered blocking state
[  807.401915][T14307] bridge0: port 1(bridge_slave_0) entered disabled state
[  807.410417][T14307] bridge_slave_0: entered allmulticast mode
[  807.418541][T14307] bridge_slave_0: entered promiscuous mode
[  807.440221][T14307] bridge0: port 2(bridge_slave_1) entered blocking state
[  807.456362][T14307] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.476904][T14307] bridge_slave_1: entered allmulticast mode
[  807.488379][T14307] bridge_slave_1: entered promiscuous mode
[  807.581506][T14307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  807.590967][T14308] Bluetooth: hci3: command tx timeout
[  807.668131][T14307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  807.747778][ T6148] tipc: Left network mode
[  807.783383][T14307] team0: Port device team_slave_0 added
[  807.818154][T14307] team0: Port device team_slave_1 added
[  808.901368][T14307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  808.915755][T14307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  808.947609][T14307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  809.096362][T14307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  809.103449][T14307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  809.132493][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  809.132600][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  809.171162][T14307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.532431][T14307] hsr_slave_0: entered promiscuous mode
[  809.562308][T14307] hsr_slave_1: entered promiscuous mode
[  809.592131][T14307] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  809.613276][T14307] Cannot create hsr debugfs directory
[  809.671382][T14308] Bluetooth: hci3: command tx timeout
[  810.633900][T14399] binder: BINDER_SET_CONTEXT_MGR already set
[  810.642865][T14399] binder: 14397:14399 ioctl 4018620d 200000004a80 returned -16
[  810.893833][ T6148] hsr_slave_0: left promiscuous mode
[  810.902802][ T6148] hsr_slave_1: left promiscuous mode
[  810.917536][ T6148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  810.934484][ T6148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  810.954674][ T6148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  810.969836][ T6148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  810.985334][ T6148] bridge_slave_1: left allmulticast mode
[  810.991263][ T6148] bridge_slave_1: left promiscuous mode
[  811.001671][ T6148] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.031310][ T6148] bridge_slave_0: left allmulticast mode
[  811.044077][ T6148] bridge_slave_0: left promiscuous mode
[  811.055649][ T6148] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.142201][ T6148] veth1_macvtap: left promiscuous mode
[  811.151640][ T6148] veth0_macvtap: left promiscuous mode
[  811.161814][ T6148] veth1_vlan: left promiscuous mode
[  811.168851][ T6148] veth0_vlan: left promiscuous mode
[  811.754044][T14308] Bluetooth: hci3: command tx timeout
[  812.163464][T14409] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  812.818356][ T6148] bond6 (unregistering): Released all slaves
[  813.166051][ T6148] bond5 (unregistering): Released all slaves
[  813.208617][ T6148] bond4 (unregistering): Released all slaves
[  813.578738][ T6148] bond3 (unregistering): Released all slaves
[  814.135574][ T6148] bond2 (unregistering): Released all slaves
[  814.234397][T14308] Bluetooth: hci3: command tx timeout
[  814.354395][T14439] binder: 14438:14439 ioctl c0306201 0 returned -14
[  814.507375][ T6148] bond1 (unregistering): Released all slaves
[  816.384259][ T6148] team0 (unregistering): Port device team_slave_1 removed
[  816.470487][ T6148] team0 (unregistering): Port device team_slave_0 removed
[  816.555730][ T6148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  816.630905][ T6148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  817.327894][ T6148] bond0 (unregistering): Released all slaves
[  817.900357][T14307] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  817.958435][T14307] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  817.968360][ T5829] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  817.996181][T14307] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  818.027506][T14307] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  818.219751][T14307] 8021q: adding VLAN 0 to HW filter on device bond0
[  818.233774][ T5829] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  818.268714][T14307] 8021q: adding VLAN 0 to HW filter on device team0
[  818.292568][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  818.317197][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  818.324534][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  818.343133][ T5829] usb 2-1: Product: syz
[  818.359002][ T5829] usb 2-1: Manufacturer: syz
[  818.386035][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[  818.393358][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[  818.421592][ T5829] usb 2-1: SerialNumber: syz
[  818.447850][ T6148] IPVS: stop unused estimator thread 0...
[  818.568259][ T5829] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  818.683500][ T5812] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  818.973685][T14486] binder: 14484:14486 ioctl c0306201 0 returned -14
[  819.598449][T14307] 8021q: adding VLAN 0 to HW filter on device batadv0
[  819.754568][ T5812] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  819.783345][ T5812] ath9k_htc: Failed to initialize the device
[  819.856299][ T5812] usb 2-1: ath9k_htc: USB layer deinitialized
[  819.926717][T14307] veth0_vlan: entered promiscuous mode
[  819.994695][T14307] veth1_vlan: entered promiscuous mode
[  821.227152][T14307] veth0_macvtap: entered promiscuous mode
[  821.292393][T14307] veth1_macvtap: entered promiscuous mode
[  821.431923][T14307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  821.484244][T14307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.535988][T14307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  821.568265][T14307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.620716][T14307] batman_adv: batadv0: Interface activated: batadv_slave_0
[  821.786657][T14307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  821.786720][T14307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.786732][T14307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  821.786745][T14307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.788050][T14307] batman_adv: batadv0: Interface activated: batadv_slave_1
[  821.821978][T14307] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  821.822018][T14307] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  821.822048][T14307] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  821.822077][T14307] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.279606][T10743] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.292174][T10743] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  822.307385][ T5811] usb 2-1: USB disconnect, device number 17
[  822.560521][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.602960][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.454388][T14552] binder: 14551:14552 ioctl c0306201 0 returned -14
[  824.325591][T14556] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  825.463322][T10743] bridge0: port 2(bridge_slave_1) entered disabled state
[  826.838952][T14609] ==================================================================
[  826.847191][T14609] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370
[  826.854869][T14609] Read of size 8 at addr ffff88802606c218 by task syz.1.2331/14609
[  826.863243][T14609] 
[  826.865707][T14609] CPU: 1 PID: 14609 Comm: syz.1.2331 Not tainted syzkaller #0
[  826.873204][T14609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  826.883299][T14609] Call Trace:
SYZFAIL: failed to recv rpc
[  826.886789][T14609]  <TASK>
[  826.889789][T14609]  dump_stack_lvl+0x18c/0x250
[  826.894525][T14609]  ? __lock_acquire+0x7d40/0x7d40
[  826.899590][T14609]  ? show_regs_print_info+0x20/0x20
[  826.904918][T14609]  ? load_image+0x400/0x400
[  826.909478][T14609]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  826.914975][T14609]  ? __virt_addr_valid+0x18c/0x540
[  826.920184][T14609]  ? __virt_addr_valid+0x469/0x540
[  826.925423][T14609]  print_report+0xa8/0x210
[  826.929973][T14609]  ? dvb_device_open+0xca/0x370
[  826.934857][T14609]  kasan_report+0x117/0x150
[  826.939394][T14609]  ? chrdev_open+0x3e3/0x6a0
[  826.944020][T14609]  ? dvb_device_open+0xca/0x370
[  826.948907][T14609]  dvb_device_open+0xca/0x370
[  826.953622][T14609]  ? do_raw_spin_unlock+0x121/0x230
[  826.959211][T14609]  chrdev_open+0x5cc/0x6a0
[  826.963661][T14609]  ? cd_forget+0x160/0x160
[  826.968112][T14609]  ? fsnotify_perm+0x3ed/0x5e0
[  826.972916][T14609]  ? cd_forget+0x160/0x160
[  826.977629][T14609]  do_dentry_open+0x8c6/0x1500
[  826.982439][T14609]  path_openat+0x27f1/0x3230
[  826.987076][T14609]  ? do_sys_openat2+0xda/0x1d0
[  826.992188][T14609]  ? verify_lock_unused+0x140/0x140
[  826.997417][T14609]  ? do_filp_open+0x430/0x430
[  827.002124][T14609]  ? __virt_addr_valid+0x18c/0x540
[  827.007277][T14609]  do_filp_open+0x1f5/0x430
[  827.011824][T14609]  ? vfs_tmpfile+0x490/0x490
[  827.016721][T14609]  ? _raw_spin_unlock+0x28/0x40
[  827.021602][T14609]  ? alloc_fd+0x58f/0x630
[  827.026241][T14609]  do_sys_openat2+0x134/0x1d0
[  827.031241][T14609]  ? do_sys_open+0xe0/0xe0
[  827.035706][T14609]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  827.041735][T14609]  ? lock_chain_count+0x20/0x20
[  827.046726][T14609]  __x64_sys_openat+0x139/0x160
[  827.051807][T14609]  do_syscall_64+0x55/0xa0
[  827.056643][T14609]  ? clear_bhb_loop+0x40/0x90
[  827.061463][T14609]  ? clear_bhb_loop+0x40/0x90
[  827.066297][T14609]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  827.072348][T14609] RIP: 0033:0x7f1f0ad5d04e
[  827.076832][T14609] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  827.096928][T14609] RSP: 002b:00007f1f0bbf1b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  827.105483][T14609] RAX: ffffffffffffffda RBX: 00007f1f0bbf26c0 RCX: 00007f1f0ad5d04e
[  827.113508][T14609] RDX: 0000000000000002 RSI: 00007f1f0bbf1c00 RDI: ffffffffffffff9c
[  827.121713][T14609] RBP: 00007f1f0bbf1c00 R08: 0000000000000000 R09: 0000000000000000
[  827.129994][T14609] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  827.138186][T14609] R13: 00007f1f0b016128 R14: 00007f1f0b016090 R15: 00007ffef1f34b58
[  827.146389][T14609]  </TASK>
[  827.149486][T14609] 
[  827.151841][T14609] Allocated by task 1:
[  827.155930][T14609]  kasan_set_track+0x4e/0x70
[  827.160555][T14609]  __kasan_kmalloc+0x8f/0xa0
[  827.165177][T14609]  dvb_register_device+0x2fd/0x2210
[  827.170406][T14609]  dvb_register_frontend+0x649/0x930
[  827.175930][T14609]  vidtv_bridge_probe+0x9ab/0xf80
[  827.181287][T14609]  platform_probe+0x13b/0x1c0
[  827.186018][T14609]  really_probe+0x25b/0xb20
[  827.190641][T14609]  __driver_probe_device+0x18c/0x330
[  827.196043][T14609]  driver_probe_device+0x4f/0x420
[  827.201104][T14609]  __driver_attach+0x44e/0x6e0
[  827.206269][T14609]  bus_for_each_dev+0x235/0x2b0
[  827.211240][T14609]  bus_add_driver+0x340/0x630
[  827.216056][T14609]  driver_register+0x23a/0x310
[  827.220847][T14609]  vidtv_bridge_init+0x3d/0x70
[  827.225653][T14609]  do_one_initcall+0x242/0x790
[  827.230447][T14609]  do_initcall_level+0x137/0x1f0
[  827.235588][T14609]  do_initcalls+0x69/0xd0
[  827.240080][T14609]  kernel_init_freeable+0x3ed/0x580
[  827.245323][T14609]  kernel_init+0x1d/0x1c0
[  827.249697][T14609]  ret_from_fork+0x48/0x80
[  827.254162][T14609]  ret_from_fork_asm+0x11/0x20
[  827.258983][T14609] 
[  827.261361][T14609] Freed by task 14556:
[  827.265461][T14609]  kasan_set_track+0x4e/0x70
[  827.270112][T14609]  kasan_save_free_info+0x2e/0x50
[  827.275476][T14609]  ____kasan_slab_free+0x126/0x1e0
[  827.280743][T14609]  slab_free_freelist_hook+0x130/0x1a0
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  827.286253][T14609]  __kmem_cache_free+0xba/0x1e0
[  827.291706][T14609]  dvb_device_open+0x2ee/0x370
[  827.296713][T14609]  chrdev_open+0x5cc/0x6a0
[  827.301204][T14609]  do_dentry_open+0x8c6/0x1500
[  827.306034][T14609]  path_openat+0x27f1/0x3230
[  827.310773][T14609]  do_filp_open+0x1f5/0x430
[  827.315508][T14609]  do_sys_openat2+0x134/0x1d0
[  827.320375][T14609]  __x64_sys_openat+0x139/0x160
[  827.325418][T14609]  do_syscall_64+0x55/0xa0
[  827.329885][T14609]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  827.335854][T14609] 
[  827.338290][T14609] The buggy address belongs to the object at ffff88802606c200
[  827.338290][T14609]  which belongs to the cache kmalloc-256 of size 256
[  827.352472][T14609] The buggy address is located 24 bytes inside of
[  827.352472][T14609]  freed 256-byte region [ffff88802606c200, ffff88802606c300)
[  827.366224][T14609] 
[  827.368571][T14609] The buggy address belongs to the physical page:
[  827.375000][T14609] page:ffffea0000981b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2606c
[  827.385288][T14609] head:ffffea0000981b00 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  827.394246][T14609] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  827.402257][T14609] page_type: 0xffffffff()
[  827.406621][T14609] raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000
[  827.415283][T14609] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  827.423882][T14609] page dumped because: kasan: bad access detected
[  827.430573][T14609] page_owner tracks the page as allocated
[  827.436313][T14609] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14678671159, free_ts 0
[  827.456400][T14609]  post_alloc_hook+0x1c1/0x200
[  827.461207][T14609]  get_page_from_freelist+0x1951/0x19e0
[  827.466787][T14609]  __alloc_pages+0x1f0/0x460
[  827.471415][T14609]  alloc_page_interleave+0x24/0x1e0
[  827.476739][T14609]  alloc_slab_page+0x5d/0x160
[  827.481453][T14609]  new_slab+0x87/0x2d0
[  827.485567][T14609]  ___slab_alloc+0xc5d/0x12f0
[  827.490297][T14609]  __kmem_cache_alloc_node+0x19e/0x250
[  827.495869][T14609]  kmalloc_trace+0x2a/0xe0
[  827.500317][T14609]  bus_add_driver+0x162/0x630
[  827.505028][T14609]  driver_register+0x23a/0x310
[  827.509824][T14609]  vidtv_bridge_init+0x3d/0x70
[  827.514614][T14609]  do_one_initcall+0x242/0x790
[  827.519503][T14609]  do_initcall_level+0x137/0x1f0
[  827.524470][T14609]  do_initcalls+0x69/0xd0
[  827.528829][T14609]  kernel_init_freeable+0x3ed/0x580
[  827.534052][T14609] page_owner free stack trace missing
[  827.539432][T14609] 
[  827.541771][T14609] Memory state around the buggy address:
[  827.547425][T14609]  ffff88802606c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  827.555508][T14609]  ffff88802606c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  827.563603][T14609] >ffff88802606c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  827.571793][T14609]                             ^
[  827.576927][T14609]  ffff88802606c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  827.585013][T14609]  ffff88802606c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  827.593235][T14609] ==================================================================
[  827.613267][T14609] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  827.620635][T14609] CPU: 1 PID: 14609 Comm: syz.1.2331 Not tainted syzkaller #0
[  827.628301][T14609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  827.638384][T14609] Call Trace:
[  827.641694][T14609]  <TASK>
[  827.644646][T14609]  dump_stack_lvl+0x18c/0x250
[  827.649378][T14609]  ? show_regs_print_info+0x20/0x20
[  827.654612][T14609]  ? load_image+0x400/0x400
[  827.659251][T14609]  panic+0x2dc/0x730
[  827.663190][T14609]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  827.669469][T14609]  ? bpf_jit_dump+0xd0/0xd0
[  827.674005][T14609]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[  827.680188][T14609]  ? _raw_spin_unlock+0x40/0x40
[  827.685098][T14609]  ? dvb_device_open+0xca/0x370
[  827.689979][T14609]  check_panic_on_warn+0x84/0xa0
[  827.694949][T14609]  ? dvb_device_open+0xca/0x370
[  827.699827][T14609]  end_report+0x6f/0x130
[  827.704112][T14609]  kasan_report+0x128/0x150
[  827.708651][T14609]  ? chrdev_open+0x3e3/0x6a0
[  827.713357][T14609]  ? dvb_device_open+0xca/0x370
[  827.718265][T14609]  dvb_device_open+0xca/0x370
[  827.723055][T14609]  ? do_raw_spin_unlock+0x121/0x230
[  827.728376][T14609]  chrdev_open+0x5cc/0x6a0
[  827.732825][T14609]  ? cd_forget+0x160/0x160
[  827.737275][T14609]  ? fsnotify_perm+0x3ed/0x5e0
[  827.742163][T14609]  ? cd_forget+0x160/0x160
[  827.746609][T14609]  do_dentry_open+0x8c6/0x1500
[  827.751495][T14609]  path_openat+0x27f1/0x3230
[  827.756120][T14609]  ? do_sys_openat2+0xda/0x1d0
[  827.761000][T14609]  ? verify_lock_unused+0x140/0x140
[  827.766229][T14609]  ? do_filp_open+0x430/0x430
[  827.770949][T14609]  ? __virt_addr_valid+0x18c/0x540
[  827.776292][T14609]  do_filp_open+0x1f5/0x430
[  827.780910][T14609]  ? vfs_tmpfile+0x490/0x490
[  827.785538][T14609]  ? _raw_spin_unlock+0x28/0x40
[  827.790419][T14609]  ? alloc_fd+0x58f/0x630
[  827.794786][T14609]  do_sys_openat2+0x134/0x1d0
[  827.799492][T14609]  ? do_sys_open+0xe0/0xe0
[  827.803936][T14609]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  827.809995][T14609]  ? lock_chain_count+0x20/0x20
[  827.814886][T14609]  __x64_sys_openat+0x139/0x160
[  827.819773][T14609]  do_syscall_64+0x55/0xa0
[  827.824242][T14609]  ? clear_bhb_loop+0x40/0x90
[  827.828978][T14609]  ? clear_bhb_loop+0x40/0x90
[  827.833784][T14609]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  827.839891][T14609] RIP: 0033:0x7f1f0ad5d04e
[  827.844332][T14609] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  827.864322][T14609] RSP: 002b:00007f1f0bbf1b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  827.872852][T14609] RAX: ffffffffffffffda RBX: 00007f1f0bbf26c0 RCX: 00007f1f0ad5d04e
[  827.880850][T14609] RDX: 0000000000000002 RSI: 00007f1f0bbf1c00 RDI: ffffffffffffff9c
[  827.888848][T14609] RBP: 00007f1f0bbf1c00 R08: 0000000000000000 R09: 0000000000000000
[  827.896847][T14609] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  827.904929][T14609] R13: 00007f1f0b016128 R14: 00007f1f0b016090 R15: 00007ffef1f34b58
[  827.912932][T14609]  </TASK>
[  827.916105][T14609] Kernel Offset: disabled
[  827.920513][T14609] Rebooting in 86400 seconds..