last executing test programs:

1m43.903857005s ago: executing program 0 (id=453):
lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0xc94})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m41.307817014s ago: executing program 0 (id=458):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@user_xattr}]}, 0x1, 0x5f1, &(0x7f0000001200)="$eJzs3c9vVNUeAPDvnf6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJo45k7vLe30Tn9M25nS+/kkQ++9Zy7nezv99pw5PedOAKU1mP5TiTgYEdNJRH8yv1jWGVnh4MLzHv350fn0kUS1+trvSSTZsfz5Sfa1Lzu5JyJ+/CGJAx0r652Zu3F5fGpq8nq2Pzx7ZXp4Zu7G0UtXxi9OXpy8OvrC6KmTJ06eGjnW1HXdLDh29va77/d/MvbmN1/9lYx8+8tYEqfj5eyJS69jqwzGYO17kqws6ju11ZW1SUf2c7L0JU462xgQG5K/fl0R8b/oj44lr2Z/fPxKu+MDtk81iaiuU9d6nwg8IZJ15z+wu+T9gPy9ff374EpbeiVAKzw8szAAsDL/OxfGBqOnNjaw91ESS4d1kohobmRuuX0Rcf/e2O0L98ZuxzaNwwHF5m9FxP+L8j+p5f9A9MRALf8ry/I/7Recy76mx19tsv76oWL5D62zkP89q+Z/NMj/t5bk/9tN1j/4ePOd3mX539vsJQEAAAAAAEBp3T0TEc8X/f2/sjj/Jwrm//RFxOktqH+wbn/l3/8rD7agGqDAwzMRLxXO/63ks38HOrKtf9XmA3QlFy5NTR6LiH9HxJHo2pPuj6xSx9FPD3zZqGwwm/+XP9L672dzAbM4HnTuWX7OxPjs+GavG4h4eCviqcL5v8li+58UtP/p74PpddZx4Nk75xqVrZ3/dbrXWSmwpurXEYcL2//Hd61IVr8/x3CtPzCc9wpWevrDz75rVP+G8z/jFhOweWn7v3f1/B9Ilt6vZ2bjdRyf66w2Kmu2/9+dvF67SUneHfhgfHb2+khEd3K2Iz267PjoxmOG3SjPhzxf0vw/8szq439F/f/eiJiv+7+TP5avKc799+++XxvF02z7D2xemv8TG2r/N74xemfg+0b1r6/9P1Fr649kR4z/wYIv8jStGxcrSMfOoqJWxwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu0ElIvZFUhla3K5UhoYi+iLiP7G3MnVtZva5C9feuzqRltU+/7+Sf9Jv/8J+kn/+/8CS/dG6/eMRsT8iPu/ore0Pnb82NdHuiwcAAAAAAAAAAAAAAAAAAIAdoq/B+v/Ubx3tjg7Ydp3tDgBom4L8/6kdcQCtp/2H8pL/UF7yH8pL/kN5yX8oL/kP5SX/obzkPwAAAAAA7Cr7D939OYmI+Rd7a49Ud1bW1dbIgO1WaXcAQNu4xQ+U15pTf25VWxMI0HLe4wPJGuU9DU9a68zVTJ/fxMkAAAAAAAAAAAAAUDqHD1r/D2Vl/T+Ul/X/UF75+v9DbY4DaD3v8YFYYyV/4fr/Nc8CAAAAAAAAAAAAALbSzNyNy+NTU5PXbbyxM8Jo5Ua1Wr2Z/hTslHie8I18KvxOiaduI1/rt76z2vc7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWO6fAAAA//84kyVU")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e)
connect$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0x0, @private=0xa010100}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[], 0x13)

1m38.187350969s ago: executing program 0 (id=463):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="010000000400000004000000080000000000", @ANYBLOB], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write(0xffffffffffffffff, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{}, {0x77359400}}, 0x0)

1m33.475899999s ago: executing program 0 (id=466):
syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
exit(0x5)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x2, 0x4e20, @broadcast}, 0x10)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r3, 0x107, 0xb, &(0x7f0000000100)=""/41, &(0x7f0000000180)=0x29)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)

1m30.511745443s ago: executing program 0 (id=472):
io_setup(0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_emit_ethernet(0xd2, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "2a1c99", 0x9c, 0x88, 0x0, @empty, @mcast2, {[], {0x4e24, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "b0575c7b4df2bddabab59df4a56afe54ba6a5d5d0d170fca692c777338468608", "29accf2af44c0e1aaaaf532417a91cadd9e65f82310f80cf64f46c761191fda0a250498ce1b5c603debf9e05d8de03dc", "3d73abde0da6c68c8d2dab5346224f905b3b904310b3bd00975f0a9f", {"6cde9c5018586db672628c1415233979", "ba3df3d8a8490bce9cafc2ab6acde477"}}}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000480)='btrfs_inode_mod_outstanding_extents\x00', r1}, 0x18)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(r2, 0x0, 0x0, 0x7fff, 0x3)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x1)
mkdir(&(0x7f0000000240)='./file1/file1\x00', 0x0)

1m28.795553508s ago: executing program 0 (id=477):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

1m27.114709433s ago: executing program 32 (id=477):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

56.006711993s ago: executing program 2 (id=528):
pipe(0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000000)={0x90000001})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x8, 0x0, 0x0}}, 0x10)

53.842432055s ago: executing program 2 (id=530):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)

50.873209029s ago: executing program 2 (id=537):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x10, 0x9e5a, 0xf})

50.659795152s ago: executing program 2 (id=538):
syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
exit(0x5)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x2, 0x4e20, @broadcast}, 0x10)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r3, 0x107, 0xb, &(0x7f0000000100)=""/41, &(0x7f0000000180)=0x29)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)

49.106022785s ago: executing program 2 (id=542):
syz_usb_connect(0x5, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x28e41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000400)=0x17, 0x30)
r5 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3e}, @in=@rand_addr=0x64010100, 0x0, 0x3, 0x4e20, 0x4000, 0x2, 0x0, 0xa0, 0x67}, {0x0, 0x15000000000003, 0x0, 0xe, 0x7ffd, 0xffffffffffffffff, 0xfffffffffffffffe, 0xd3d}, {0x0, 0x4, 0x0, 0xfffffffffffffffa}, 0x0, 0x6e6bba, 0x1, 0x0, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0xfe}, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0xe8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
shutdown(0xffffffffffffffff, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_SET_FLAGS(r6, 0xab0a, 0xbdf)

48.439806775s ago: executing program 2 (id=547):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f00000000c0)={0x0, 0x3, {0x2, 0x0, 0x9, 0x0, 0xa47}, 0x3})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x401, 0x0, 0x40, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_PORT_SELF={0x4}, @IFLA_MTU={0x8, 0x4, 0x13a}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_1\x00'}]}, 0x40}}, 0x0)

47.791008924s ago: executing program 33 (id=547):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f00000000c0)={0x0, 0x3, {0x2, 0x0, 0x9, 0x0, 0xa47}, 0x3})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x401, 0x0, 0x40, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_PORT_SELF={0x4}, @IFLA_MTU={0x8, 0x4, 0x13a}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_1\x00'}]}, 0x40}}, 0x0)

29.928682048s ago: executing program 5 (id=573):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f000001f480), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r2, {0x7, 0x29, 0x0, 0x0, 0x0, 0x5}}, 0x50)
read$FUSE(r0, &(0x7f0000002900)={0x2020, 0x0, <r3=>0x0}, 0x2020)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
write$FUSE_INTERRUPT(r0, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r3}, 0x10)
syz_fuse_handle_req(r0, &(0x7f00000070c0)="a37b33352102270e8080da9acea18541f7a5c5c0ccac6b823171247e6e3675eaeae3fc94bd43baf4a099da2138a0fe4c613d6f13f998b175ae52341675e866014f466758a4fbd32928f56991cfdb381074d418d9690e966a9e10945f0a16abc6e27418ba809e9e22294a5f0c2ddb090d6849df842893a2f38c00c4c3689ec3875d021a3e221aa99d35e4660aa1796c2d4ea85bb91752c0c21dd01debd31e5d1eb7ddc9c64388008fa08a9871b9d158d0adbff0f57a19252b75100a980d86e9633cd793c8e2e33c00035a5ad72ef11437dc82e6e04d1a48d1f771d58f2f7dd978e9a4f3d462f03c0ca11026a9a15d1bd5c732b90d56a18ed5e16e4fc18739bd31eb7695369af1178a495890fc9e796d43f2f461e6d45634fb8e191c06c7c875fbad054f0ab21fecd7d3883a5d568426335c8902a1ef2e5856cf8888b91050dd50dd9e419b9a77dd6a135dbe314d769929a2ab34679406dc4314763867f7ad19945c550cce8d9243b1f602a47a7ca863895e5ddaff09fb773b1862a3757b2895054754c2a23a4b7975391972a9ad4f25245265bd77b634b9d834a88e9a16cc1a5b1dae4a46de62b939fe89403110778f126786aadd81950077de037b83550b1b897ebe50a3f660eb368cd771abb9fe1cf6fdd51e987757e3e7a6d9d1eebdacb8ecc00de9413f19b2a4063ad78b8eff9b5c420a06e21364d8c9fab06ee878e1344c767fe6e8d21dfe2f4dece09e2fbf405bc1008b2d0adf86fc70421952207b2265bacf5179efe10ba4c42e1f4d8f7c5b19352b866afd280c66b50d87c08a7e316270189f01397b70fe7b50e7426a5a760bafae1cd0c28469ccce09dd37afffce3ca4d5e05569bc145dc4ee1107097cee103a2215d87af81474231a8113b1f2924e6d5bf29742c3ef17d4f284db167a74f742b768bc3becc027c76d30e7921350746ababd6172895de2cd9e3a5e764edc8e2f3588b45574cc574993e84a47bb3d71867f412a7b20b82ac23e10a85f5f1984d25e42793798547837509bd94a7c8579f9181341b221f418cc0de373672ada07951cc7009300dbd0742426aba9eb1d533a0cd14a6b13f37854922228b9d0b1e20b67746102f84973405884ee2519227d3254c96e1146e08956cb1a474434b2ffe7a0b09e9437b303159abe4eca69f444be28ffe95a3935ad77dcb7291da653f9942926f6a3c750526dca116e7c278c628244e4b6c2da0eb2255e067bb11c42c03105bcb4ab9eb7a276e1f5d8cf7e779c158a2cc7f867d0e7fc5d77d797d725efd76ffde2c69b1abfa05dac952cf3ca5295845202341956d484859f7d5e2b3df31f9e2152674ecd71590605310c8fe238e33c0415469826c35aed0d65f3aa459ccf607e4b25f25cd08d65b48bd0f56461d995007dc5b00d8d91a9fa48286fa1d8dfb68fc9756cf928c05ba7f93f8285f7b6df63a5634c39da5ab555362339fd85dae4e952e06b8ad17bcf157733d55a30a05c0b6ac2ed2fd54ab1033dec41101f5251ed40c6f42e876328bad8f4fd21730cd1e2efb847dcb93ded254c4e66c6374ec40b124d32032f5ee5c52f0a51f2ca797b12f814a1f79e3e4d69412dbc834d620e72ee9648d67ff53eb126f7d382fd8f827fab96b7427cd0962e84542a98acc79cf429f004ce86f5841d0256c83a96087671365e3799951087a017f0a3ff7900b25515869ee524de62bd4e7c2c68e1c900f38b0f7bac92606a0d0eadfa9f1d5af8157f0d5a0d49dedb00bf5785f8b2f8c2f8c10f150a30c31141ca0545eda71841523c6986d7d5fbc1918d5c79e40b929c180153d34fc7c7faba1d471c10b52d3e93b8192fa4826d43ff9df160ab83041b0f647398964c108b7875d74d592d8ee2d5420316656626e58b4dba72bb09376592a062ba0cfa94469b2102ce05b68fd3d275f0941851dd6399cf386cb900441f0f762540ab58c1800e7e00bb34fe32eddc14f05d1537f6c23c8f5b5039b6a22b7d843476d22d4a1086f65aaad2699d402113e349ba58168fe5f9ed496f56d5c7864f6225b24562acad3aa8aac2cfc02e6d14fdaf89066022f61c3f7c0581bee46817ef95500a83e4dd6e6bbfec9ae785b59f29c61e23735543dc8d2596b5a787c00de7dd4209a656b398967d74d022f5a4be5c2ad5aa8e6fa76ebed097822c6b438655c05a5b5b9a3fefb8996c03aab4ef804f2145a9cecd2cc6ad2a54f4f13153da513ff3ff707ba8f34836fd7be482663557cf6923b2c417486a3bae32c28f5f9af211a4f60f202eb4bc5b4a9ac0c72f080c5ce3cd563b40dba488c6bb96f27935c2296e72063399bc0835f194e52d72efe2b0122728d6f841545bebd45b3d589e011f3360e9f90029d06b708b078f6c437862fd355604e87bf37c1ddf3a802fda5bbf03f8453cdb335fb381be1be1d9d3816654102b27dcb78c9b743b4ad22681b6f44dc854c96324d8c2ca678f31d3fe60c5144649340ad541edbc7c1d66314b566b43eeb9a1d9970726d25e529bb0b011b563378ec4580961d1137d47942b02f6f6c0e5322e879711bd4a98348180ca243ae538bd18e9bc1c217b36049e3ffefcfcb3a514dbdbdac14c47afec06b161355e89d1db713a007841e9f53ddc44764b61002c35f48f1c8d57e3c67415cbc920c9e69fb8a0ad8b2da067dd37d9c883dc5c24aac8105987f7b43df3fa2aab926566abdbb506d08b1db4b9f6aff592e68878fd22b2a04ccf8fad887ab7307f5bb5678659467547bb9b8c75a8f19a2fcffd855d917cf126ea4af832adb30df51f6e7311e15bdf0b14a019b4c5dd2a58ff142dbe159039a6dc73c099a72927e717dfcb2c438b9058bf7411786d930db5077533f35f56d02a647f14575abc3f7a149411c4597e9e9bc7e1767da725d8ea13d5c3fbc6e33cfe00b323a0d3abb4a928b180fd2007284ac614163e087c9d996f5f7545691c9b86557b09bb62bbb93d68c51a1f27fb57b869ff5702ee36ad13983f77682f278e09d17ded110beae19ba0a0200c8f9cdc624ded25da0f31b79b21897b25413af89066259aa41291275918a42105f277f5d606b24ca82f254d04fcd258651c565ef918c21a2f9e78162aeab6f19cb0e7c9e8b60b3de04b0916cb726d595e957a74290417e626366f20a33c2be052b3cdbcccca7210b4c9a02c42b749dce61714f59b144a92ad9af3501a3ab02654e6ec897bfa385f95f4e481c6e937122b163d8cb9292ae59c80fd00502e6a726949633e4b1ee09df492daec19d6d498090a9659d2fb7b63349988ffac6c792ad427eec0f48b9b285feba6d2365f1dff4852ea6b4d2289df7ece3a509cfa3574bc8f9e2670c8433885d8c9ec0494d40808d9c9d4efbf90d1b6558ae75e254ea3aff6f37f976aa2916b58a015e4919760063ebd2373730a37bd0f91b281c05b6fb3e35924b4ac88a0d0a8b0d125551458c719cd53cf9753fafc9535d6af395a5b29408d915e7259ab0f6c7abd8c754bb71ed1a476e6760eee035460d4dfec3c53f91636280056a57fc45e0f37a47f994f8b1bc42644c37fb004aef34bbfa71ef5b89b1ee581b8c803885d8f8637a2b3ae49078738580aa8c0d94c2564dd7b50bd6b718b854755b6a08d8d1a2ccf4eb3c704e53b8a299617134aa79fd00c8749e57965e9a16d73142f2812c3e1ffc09938406561949c674c35cf88128de9152b4a43d4e2432ac234014c12dbf057112d28d3125fc98bf0dd9a934217440199a698628778649cd1360d79db2d74fa34e94a6a9333f2804b8e4264160c493e951294810e6708ea888a48403aac2b21e136a1d8d07fe07930b543028b62ee39eb6f3480c27186bdcfef55e93343496eefb0c38b50cf9762dc606ab7fa4d155d2d965746baad06c3d39ce8fe350cfbf569676195330ec78f25f04a915685684f49a19f4102109a2cf60f28df29fcf74892ff84110ffa18fd43d3f8a10173b970ed934f5e30d170ef6348890be263f0d64ad5ae53e6e6b4895f3cdcd6fdaebd69fa2f067bd2a207559ca6cbdcebd4e18855642ffd8d5b85b6b805c2ca1c63de1cafe7ee1f2ceedd8fd5c6e22ab40ad8772027576080609c6d55a7d08149122c1fc28497723751abe76c8dd12c6e2f311ad531b0a2f8e04a5f17346ba602dadae0745ebd715853277e1b73ed2d0be842a95c955be66c7ab52a736709177a8a48255655f23076f6f0a8bd683b1ccc7866830ef3780d499760464da1a5aa731aa16fbd925fba7fd06702046dcbc3571031a7f58e9d9604de217acd0b59f790e78ebc51d91a45ef57c37417c5c1f34127aabe64a269b90f56e03280f10bbd1500ab30a3ee29c59fa0598a57eee3641cbe002fbca5b12102a7b8e7fd514bde6bb742dd139ecec58a0ee60b2fde003be535523d024aba223ff8e6cbd44cab79cf379389a64b1ccb1c72dc3e7fbb8d1f59a39a80cf5d30f5a66546e838959f2e4f19e854c7de93c8ec06a8f223f5355e9c76e17ad28a887dadc17a41fe80d878cb3e3bb863bbaa168c9a4ebd74475d7e6ae3d99a7aad9e23d3edf08ecb5143764099d258d4a6d82fc9afa5775f75b41bf36be25a537f2905903f82e08657fb7e341079ff29a656ff85ae34317c5b1a81d8e814d55807fcf2ed7250b29046d2e1d0a14ec7ba8910abfe0cc9aa04164b94a4bb0970f3f3b1eac5cfd1f32a5ac84d552f60962e98222b2a9513af22d5da3f005f6f9ae166797a94360235eac2a6ddb2321c2ec514eb6ccf086a8c83e65081ea67acac44753302d4519d0cfc796f56c04e849cdea18cbd32da25dddbfc2cd575c67f26882b5c2bc534701f11775d8e93131488141fbb61c61755aa30c1a1829140f0332a76317aafa08f072f00cb330c5adfdca9d9055b1fb51616e8ca5dc34dadc6911d93b93871115107c2371279e248ff898268cccb12b07cc555ad7bf7811910f37f2b07598f661dfa1f2ff6fe2d1f8aa4deebf260573b27ef6e578469ad652a4f31da494fe0d00e4c66e8011d5bb2c889331679544514f16c257e74ddca134aaa5d15707c26b3373c110e2ec61fede15fc6e52428e1b5788f5c667794c5bbb26e8aa7a66cc38bdb6150c7804d59a2ce2c2d4120f94afb3807a2b685fdede4da11bc63abf04bf0823897dddee0697924fe855fba225a97c5b5d1bd6cb17d6b0ce93e475a9b14130ca5cee7ba41d521f72214b2f0fbcc1fbec70ef4dc7a4c9442d02ec641bd087ffe52fc7c9f0c39d41d03d1f93cbb8896abbee62f3bb1685f97e22664fb45530681eb6393442cfae1366ddc395fd5aa4d4fd0c250566b1c7cc8cfe6b25e73315998b45af5dbca10696ed8d113f4f35f385840f0558e93740e9a5d2e6768a022d17d266f47d050a8e91e8e0bdbf0d5e92f8d8294c3666c00344d4336d23a4c4235a3bcbd69f4b4769d6b1f513544392ccb2b96b1c6292131014835dfefebb4686496fee657e4aca53fbbdc15e0a72b1af7bd58bc6b4959356e7726342a330e6b9badc94e7498569f3cac949acc0ea9fc149a874fe271829c72e917f1374a80f22c8bf0109a0ac1e1de013a826173853127c22f7ba826bba044bcd8898e2c8432ce54a98ab4d18eac68c208e51a3210c6730b81384cfd8a74e681627805fb100c26a2a8385686fbffedfc7583b2222e1f79e45de79069b9f37a07bf99386525091b6d614820deea7e3105dcefa214258a8603c876fb776d0b019c984e028da494ef3f8841bc889bed54ea443634c2885639e865f0cd0a1dfd6f7a3b22c51461e73b3650b9a63c48b400bdcfac039e4cfdbefbf869386075ce8790eb4a588fd49f49c54ac5a8c45641bba62620d15042f08f5305566bc19111d08fedb65e2f87fb28442340be88a40cfef7ab3dad7e79225c07d347c2526269e9e709a90a49345d3351ac967da890707ed2affd155f2b356bbbe756872ecf7d944d8be128cd36100c8913f7fcf67f5d6f71ea19aa8877806bd6f65f10b2bf72867a7f6b900a7e0049aba25e162d670399e407c1332855a8d2db7465a40704660cd63bbcde4e36412c1fb244a1d23edbeb9d1c7189343144c8e27c55249a2b7fc00134a230601ca488d9ff441508b14129046e918abe163a40ae26b77c6df0fb843610a93279168fd7244cf934f905fe33dd5675819bbeaf370bf9a1101159c57dcfa4820a76cfa5957355ee450371df3c5f61fe3f4cef0df889b69f543b3965dc19d48d897272146db5c34c26bb6a7b305e9bc9a63419b789abd8e6a72a89d95a422d7e77f9c0afc619c43c3b77c8ffd408383fee4475ff88c90372bf9fda91b8b3b19ee9cac890cc6aa13f3a33d40f3970626b8854e72ecd65467e40552ceed496a5144db8f4122d34246bf76651fb1f1a154c7a3906939bd1fb85cf99cad9ecb0d63e0bb31b8133c2eb0e6f66e8e36746589c30637f5e045b9a5b6b5c728398c326aa9e0e670098726d3127b2479442c8e64ed5402790af0a114c42a07d97c38b7c738c9bcb3ddde8e67c3e786dddf7f9bac3cb61998f73340cdc62eeed7f05f2768fdaa6a5d91d98531a80fb8f8acb5abe47972f0155a85ee95166b20f727bd4ae648ce3e0de4d80ca7227ef298d4f204f094f12c8acfdd2a6905743b8daf56b8160dd081c54eeda647e23efdf89972aee301cc4f67faabe82fd9db1455090c05391cfc3e4bec5d38fab3716e19638dfd483ee2bba57e4d1c00d01cc45a49e2727c19b104f1072f1a50407e4622be580d35393c7db5119017be6bd5acf3be228c42096af9739e44867782e600a48ab9baeec9e37e9863d1b19733c3fe47c30f328816966748ce717529752ebb9e2f582ddd132158ed2d68fd17de3e725cd0fc13477585341703b51682879a9a3167cca4cb09ce2449d18514d8b8343de79b332b6981101a3c6ae2679aeaea1cad81d216400c40cea6ebc99ee77b5ab7a508cfffcefa7b4d48a2ea8a3ff5917f43876ea653822a21e208d733847e017eaadc460c9828365a1a0d149ccda8a5c42ecb74ce102fc9cb75360e87b758f7cb55c593bacf8a7eb698cf300adc7000f9082aff2be93ddbed0dc487c72e3e7707bbdaf0d6c5df66140270ca71de6c86b4776033af0cef6b5c8d9bb4bd74d2f90bdbc6d13fe4b4d5477a16add3eb75e865aa4441b68b3640bae1f03e7bb261808f2c3fb5d3997b666c7b5f0df5a53a7114f1eed925eb1d5519542f12e9692ed7ed98e789b962a892727bc06fafbc9e335e245e8240eaeb15ee7dd4136d738c243838fc752095763b7647760045fbdf26c2646c00ccee6fc905fa7224981e40a2124629c43cc020e2c0c83e02aca162afc40bc19734dd22fce44839440f4e69fd7aeb7c3f35ef2d4eddffc0874ef77bf4df5e1a77e2495e31cf514d4dd252ec978dc47df2edcbba9a175d4ecb402fb701f0781b618824328a94112ebdd51137910810c565d564a76be9d1e5d13ee9ad311fdcbdefe16bc6fbe0e3dfab238742a80463de1849bcdd6120ab7b420c9fb3c0e1955e65b431b0f43d32260ecdbdb69a4d6ea6498ac377648c974f29393f23cf99e2aa2cfe128c371beab86b0ec5b20edb5ee451554fac22562083396329d774fa9be0f4bee29f2657840bd82e1b824b371c56dac44a45d4898cb25a9af0598cc8b2f2b753fa88e4c3da1927a789cfcd6e95639e88d384d701d47bf74e0d4cfc4031ae57915ff179dfee312b2a7aefd50ca4f7e4deaa526703f80d5fd696e9043ed2b8110a3fad5188bf84d55ff73ba9ec6a8145e17369686e2a43b4e8bd4d09351f969432ea0c7940f326eda2cb8a7eb709480b3072af8fd3370ba8edcab2a6e48f8f6bc9679ed95de2a91955acfb2bdbec12ca8809922115edf86c68dc3d16c6dfd89c386976a8e666a9f2f965978f26a73919354eb0779d0c6220db4dceaf92686dc222b8af5472512f065767b63b8b64d370e2dd78a0398cb53a497b4c76863b82836e34aaf8bfe1e530be4622d350c16d20d973b7d6907e21efb393f3f7e57b6e0d660a8af0c689bb3e0d0c70d8a90878d650cf60f56012e80edcd1fad4bf5d7e9989a628ae3b20e755507ce52a9537bb57ba49f263f5905dd0e7c8be3e095b3738cfb9b040d4d81b7ac352bb213d2b47e8b6807b13990ecfcad12f2e0e1e486b5e34513c7f52d04edbd3296f5f5f5ed3d36463dccd417f05c38f156b4e8a78a07ce8536f83c80c8b1af747c83d9250cec54af6a67cc91e69f810d191da79f6640503d63b6172533bcacf5563caeb44c2b657e3039e063531ea22b07797f73218b14d77d94488bbba374202eec6c067ce3336da24893658225dfff4a8c6083954c4dcb9d969941937e8c19c2350da5453dc304ba5db942b33e1d062070478af3721528a77f518b67cff9d7a2e31669bb4e8d0dd6f179805b2e47d30cc1abb532576e8ed067cd0188df6c49ee0c63393bec3d925d88ecebe6a5a8f37f1dfc6762c7a3a596049e7f1787bec7a03e55a50360b83158e49cd9732a66b1cef83e43fd2abd33f753efdb236675490fc9c9381e6f421c9384e43ded79ce91025af90fda6752355ddacbb72aa204e7efa77f3825d7f274aca737bc56c61a1d05bf7004a71c904e8483f3c4df3c9ff5c7b7e350b4c55786d3ea99bb61814881c6e98da71e8f5a0646c44912d12e4a5ad3f2ea14f4d4933ecf7ac8b9464a80204b9c3465fc397aac5a3827bef7187fafb2074b22af3dcde7edaef478c75a0b50ea2ea20b2e08c35b6e48c424e2e3d5767e13dbbb1b87c6012f204f18ae7483d5c29c0a9c46de7917031e168c71c0a5c336c578f9ec41844618d40098542c772110566f1c6271d08842e8870a3ff1890a21b42a1339705edf23ff0b819e13c1fe061f950b86dac060e1654c388c53fa2ebf5988c5d06237b3424d551e5b103494f75bbea021b70aa5a67636f2b243819ce4abae74c4560bf15c9c33d095381e8fcbcf3d32abb2d38e78b9f5b97303fb46d01892258232849700be13dfc18c4f91d5a99c6a05970a6b4dc9179ea91eb4de76bbdf7be554d597d21adb396f0a1fa10fbc99741cc25aca370bfb916bf5bffda325c2405151e8e51426c90e5d782599cc59a7b263ff7a319d04d42835744f628c98e3ee379486f4954eab1742840edcf0fe87fd472f5e439678ac0bbc2295b2c12ea28680794c1c60978498b151c0ef5097480d453a0c22ddb2159316e04539561efbb55926758ae6fb2a3a495cf8aa7b693f1d854f99065e748b735097ea63e21d89515913e797515be6a767d42707ef6a0ebb1d3ff0071a0f4eddfdc85922a15a95f98d5f4a672d93621c975a3601bae013103c68fca1f6fb1c4b5853ffbece2075419263e32c72159268e3dab4ca3f0e5b904f40667bebf099374636d55f5a9ee1bbda48b39def3106041878afb63970cabae3388a33719ed206db73f10e498ff4bf4c0e3606726fc851578613c4bc1429695de29f6d6807eba84afc6ded50b0aa5b77ba864e1b36c035a97df5154b1a40017d919acdb8de617d458ddfe2ceda137bd1da6e2ebd5e32f2553c43e14ef6939ec0fb26a65487557cb1300072f79cbaf74a1221fad0d12added22303067f8292abd1d81e3d2aa200d1d1ed377bd57245ba44b51c927ae8d39e7d46dac00ecbacf30d32aebb568e757680c975dcc6864fafca28609db1ba8a30a74e96a791176f76a5de88c50b49ea20e206557b6e4f44d819b471fa1017cba5e195206de632bfb1b52c4c491bf4d1fbcde097324c7d42cf386f3a8c8410ef5477acbcdba183f0272e5ed5a142523b94899159361e7e48e10ee29e7d0a56e673ef903bcde86c19f71209daec067283c5453cce3dd4f39ac9ce17aa02c7ce6ac359a8d4396ed1aaff38225d41733d469535d5c6cd12b96265653296de79418d088652fef9e684f2f3e2ba4a63ab9ef9de81539e6061037e4efa9e03bcd1e95b2f5d6cacccc9f4e1df7c543befea4fa60513d84bdc84ae761be441116327ec263912cfbc47545546b8b038fe741d3ba495c7d862edba2733b497cef8b823a0198a928fce7f51575a93409c463bbf0aebe8450ad408974c6cf1de0e8ce887beee7fe06cae1c0f502799c1aa1a5942c74cd52497c342367b5850e03e9161f7766b4f3e3e5f9de3282f16be48e0eb8171f0cbda19d6c274f12cd62bc4c1bed7642bb147e9bcf7474f820f60d9020e2edf0c6bb3eb8d1dd53c85303544c0fc353cf0b16091d0bf238df89ed025d6591c5b32de30bf9e8e277a8f5f7a61f15051e38ece2021395dd9be6795ee0879a0bba9af3447973797e92279b3e74321615020a4624fbd9f6fa307a94c68f164942b9c7e0af63c41a7c76fac6d77e135ff5bfdaa3dd4753d0d8094c65f25811c9f593fc07f0710eca9e88c02645f9314d4674c50f869f5ed5246e41333670234412d8b6b2c9a99bf483af0cc0bc56039535e6cd9be1b5801538b39f83ec9fc4bb78a8880c06d27d8838e551a7c5eee3c85421665ca2bff57c21dd37e55939ee9f7e06cfcfc18a41b261422d7f94f1ee692960ba2a81a70c167d9e477d2b4a489dd08b1851dc79d651b468c179bc3e2c32215fa74ee00d449735094ee3a6c819decf11728cea207d41d3c665d210e1ab26a79fbbfba8aed8b401227a1adae500333a29d88086f796757dc12af76888c857407a21d9ed483651003f3298bbdb23f27e3e3e5f99f0dfb64534dd1676403042c62966fc7a3da65a089726ed48fd522b92ca292d0139b424fb6e2fa2b81cc5f95d0d64846d2060ad32edb8fe52eaa06b063512ae25c08664e65c5331dd17abf062a78bab8993766893d1cc04850015013a2f461fd96572496020145dc8fdb6f7393b0b1a380296f3cd8d50dcaa54d5259b0e6bc2da29edd01f9419806149c471d97f9f78f8be7236c7d6ec62885854a95ad81f3f7a2fe7968b446e655e1318d118bf731758a75a9747b6e15e945de3c05f962df9975d4268feea8e5de68fdf385636c66670cf195b7455b8d0b69eef633dc7ac799c451b000413efdcd62701eeaa7de5ecfe21c60aea75e22104f9a8ab443141dc18a61914a5c89336ec08ebe7454e4a5568b7fcd1ef25bdca18d3a6c10879564907742588d2b08d1e946712584acab70b3015cf91bfe1e88e8340b6d1b3f801a9fee09ade3f5989f6738401b56e117c36a9feb7809561f01ac1f360edaa29873a0e4daef2df8e97a483995f0ac114d324672c354a52ad8507b6d9c7ab8a3643fc8b46cc357c8eb396d6dba21b99611ef16139fe123f60c84ff1848dd74a8f32682293b2f5e5d496a8b88bee8990287400f4fa4420492bc85a0422ce9179a0cb7aead52f937c985da74c772538e2c5f3cfb88dda634635d0e797d52f5e3f250587f1b1817a9ea2d44cc2a40819c4f8f12d20a95c999e4b911a261fc4d179c3cec165d4737b72acef9e5f302cc90aec7f21e95c3d4f1df4ab39ff06e6baf9b8da3475e6f9cf9754f7ceabc3fa4e61c374fef8df2826aa4cca6703959b4d82224a3e02c68b4c53e9d850164c98f74bd4d2eff235329a1e72f144d1977780f3ad70162788b5fcb57277665bf136261710260277b4a8b68a067bdfa1d5c5f1d5ea42d45e1b5031b9824f3e23", 0x2000, &(0x7f0000006d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006d00)={0x20}, 0x0})
ioctl$FS_IOC_RESVSP(r1, 0x80086601, 0x0)

28.831868094s ago: executing program 5 (id=576):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast1, @dev={0xac, 0x14, 0x14, 0xf}, @multicast1}, 0xc)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, 0x0, 0x0)

20.623862545s ago: executing program 1 (id=585):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

18.802602333s ago: executing program 5 (id=586):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000180)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@block_validity}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@data_err_ignore}, {@grpquota}, {@mblk_io_submit}, {@nodiscard}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x31)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), r1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x87)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000100)={@multicast1, @dev={0xac, 0x14, 0x14, 0xf}, @multicast1}, 0xc)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000440), 0x1000a)

18.667380745s ago: executing program 1 (id=587):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6092c01f00082f00fe8000000000000000000000000000bb00"], 0x0)
r3 = userfaultfd(0x801)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000280), 0x0, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})

17.136562537s ago: executing program 5 (id=590):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee69e30103010902240001000010000904b8070296d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="60100400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001100)={0x84, &(0x7f0000000c00)=ANY=[@ANYBLOB="203004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208002, 0x0)

17.127894627s ago: executing program 1 (id=591):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
ptrace(0x10, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)

15.395869343s ago: executing program 1 (id=593):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x4000000000010046)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000"], 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x67, 0x52b, &(0x7f0000000a00)="$eJzs3V9rLGcZAPBnNrvHk3NymlS90IK12krOQc9u0tg2eFEriF4V1HpfY7IJIZtsyG7ak1BMDn4AQUQFr/TGG8EPIEjBGy9FKOi1oqKInuqFF9qR2Z1Nc5L913aTTZPfDybzvjPvzPO8G2Z2ZmeYCeDKeiIiXoiIt9I0vRMR0/n0Qj7EYXvI2r354LXlbEgiTV/6RxJJPq2zriQf38wXux4RX/tyxDeT03Ebe/sbS7VadSevV5qb25XG3v7d9c2ltepadWthYf7ZxecWn1mcG0k/b0XE81/8y/e/89MvPf/Lz7z6x5f/dvtbWVpT+fzj/XiHiv1mtrtean0WxxfYeZfBLqJiq4e5yW4tJk5NuX/GOQEA0F12jP/BiPhkRNyJ6ZjofzgLAAAAvA+ln5+K/yYRaXfXekwHAAAA3kcKrXtgk0I5vxdgKgqFcrl9D++H40ahVm80P71a391aad8rOxOlwup6rTqX3ys8E6Ukq8+3ym/Xnz5RX4iIRyPie9OTrXp5uV5bGfePHwAAAHBF3Dxx/v/v6fb5f8fBOJMDAAAARmdm3AkAAAAAZ27Y8/8bZ5wHAAAAcHZc/wcAAIBL7SsvvpgNaef91yuv7O1u1F+5u1JtbJQ3d5fLy/Wd7fJavb7Wembf5qD11er17c/G1u69SrPaaFYae9djs7671Xx5/aFXYAMAAADn6NGPv/77JCIOPzfZGjLXhlt0yGbARVU8KiX5uMtm/YdH2uM/n1NSwLmYGHcCwNgUx50AMDalcScAjF0yYH7Pm3d+k48/Mdp8AACA0Zv9aO/r/4W+Sx72nw1ceDZiuLpc/4erq3X9f9g7eR0swKVSGnQE0HebPxhxNsA4vOfr/wOl6TtKCAAAGLmp1pAUysVOvVAolyNutV4LUEpW12vVuYh4JCJ+N136QFafb7VMBp4zAAAAAAAAAAAAAAAAAAAAAAAAAABtaZpECgAAAFxqEYW/Jr9qP8t/dvqpqZO/D1xL/jMd+StCX/3RSz+4t9Rs7sxn0/95NL35w3z60+P4BQMAAACuhAEv8H9Y5zy9cx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP05oPXljvDecb9+xciYqZb/GJcb42vRykibvwrieKx5ZKImBhB/Mnsz0e6xU+ytI5Cdos/OYL4h/f7xo/D/FPoFv/mCOLDVfZ6tv95odv2V4gnWuPu218x4qH6u9V7/xdH+7+JHtv/rSFjPPbGzys949+PeKx4Kv5BFqETP+kR/8kh43/j6/v7vealP46Y7fr9k3SaZHvIqDQ3tyuNvf2765tLa9W16tbCwvyzi88tPrM4V1ldr1Xzv11jfPdjv3irX/9v9Ig/M6D/T51a27WuMf73xr0HH2oXS93i336yS/xf/yRvcTp+If/u+1RezubPdsqH7fJxj//st4/36/9Kj/4P+v/f7rXSE+589dt/GrIpAHAOGnv7G0u1WnXn0hays/QhG2dHZxciZ4XzKRyMdIVpmqbZNvUe1pPERfhYWoVx75kAAIBRe/ugf9yZAAAAAAAAAAAAAAAAAAAAwNV1Ho8TOxnz8KiUjOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/H/AAAA///s19ky")

14.774768772s ago: executing program 1 (id=596):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000180)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@block_validity}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@data_err_ignore}, {@grpquota}, {@mblk_io_submit}, {@nodiscard}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x31)
prlimit64(r0, 0x9, &(0x7f0000000280)={0x3ff, 0x2}, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), r1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x87)
connect$inet6(r5, &(0x7f0000000500)={0xa, 0xfffd, 0x0, @loopback, 0x5}, 0x1c)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000000100)={@multicast1, @dev={0xac, 0x14, 0x14, 0xf}, @multicast1}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

12.88393537s ago: executing program 5 (id=598):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket(0x8000000010, 0x2, 0x0)
write(r5, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)

11.53657777s ago: executing program 3 (id=601):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x4)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@updsa={0x13c, 0x1a, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'xcbc(aes)\x00'}, 0x0, 0x180}}]}, 0x13c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000e00)='.\x00', &(0x7f0000000e40), 0x0)
sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999da20800", 0xe, 0x0, &(0x7f0000000440)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000180)={0x1000, 0x11000, 0x1})

10.416882436s ago: executing program 3 (id=603):
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000002a82, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32], 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0)
r1 = epoll_create1(0x0)
unshare(0x2c020400)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)={0x10000000})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$phonet_pipe(0x23, 0x5, 0x2)
landlock_create_ruleset(0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
socket$inet6(0xa, 0x5, 0x0)

7.396431171s ago: executing program 4 (id=604):
syz_emit_ethernet(0x6e, &(0x7f00000008c0)={@link_local, @local, @val={@val={0x88a8, 0x0, 0x0, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "b33c83", 0x30, 0x3a, 0x0, @rand_addr=' \x01\x00', @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x9b5b, {0xe, 0x6, "90f26f", 0x5, 0x2f, 0x1, @dev={0xfe, 0x80, '\x00', 0x35}, @mcast2}}}}}}}, 0x0)

7.226812894s ago: executing program 3 (id=605):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x50)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x3c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

7.122536255s ago: executing program 4 (id=606):
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
pipe(0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = epoll_create1(0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000007000000020001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x3, 0x0, &(0x7f0000044000))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x14, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r6}, 0x10)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r6], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x18)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="300000002e00030500000000000000", @ANYRES32, @ANYBLOB="87b5c50bac7c1bd0475868f5165a301c9799bf5f197bfdb259d2b3935ac6a4607286ac7ecac914e171e2647200"], 0x30}], 0x1}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000)={0x90000001})
syz_open_dev$tty1(0xc, 0x4, 0x1)

5.994126591s ago: executing program 3 (id=607):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee69e30103010902240001000010000904b8070296d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="60100400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001100)={0x84, &(0x7f0000000c00)=ANY=[@ANYBLOB="203004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208002, 0x0)

5.526672129s ago: executing program 4 (id=608):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
r2 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000080)={0x0, @bt={0x1460, 0x5, 0x1, 0x2, 0x8000000000000000, 0x2, 0x1, 0x10000, 0x15ba9a49, 0x6, 0x9, 0x5, 0x9, 0x7fffffff, 0x10, 0x0, {0x80000000, 0x3ff}, 0x2, 0x1}})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
ptrace(0x10, 0x0)
ptrace$setregs(0xd, 0x0, 0x80000001, &(0x7f00000003c0))
ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={&(0x7f0000019580)=""/120, 0x78})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x8, r3, 0x0, r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_RECV_OWN_MSGS(r5, 0x65, 0x4, 0x0, &(0x7f0000000100))
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20008880}, 0x24000898)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1})

5.231786253s ago: executing program 1 (id=609):
syz_usb_connect(0x5, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x28e41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000400)=0x17, 0x30)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3e}, @in=@rand_addr=0x64010100, 0x0, 0x3, 0x4e20, 0x4000, 0x2, 0x0, 0xa0, 0x67}, {0x0, 0x15000000000003, 0x0, 0xe, 0x7ffd, 0xffffffffffffffff, 0xfffffffffffffffe, 0xd3d}, {0x0, 0x4, 0x0, 0xfffffffffffffffa}, 0x0, 0x6e6bba, 0x1, 0x0, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0xfe}, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0xe8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
shutdown(0xffffffffffffffff, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
ioctl$NBD_SET_FLAGS(r5, 0xab0a, 0xbdf)

4.292967537s ago: executing program 4 (id=610):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

4.017410181s ago: executing program 4 (id=611):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f0000000140)="17000000020001000003be8c5ee176889600330002956019fd6ee17e03000a0002000098fc58d90a00bb6a880000d6c802000037c0274f5233e4aa37f5e02bdba67e06000000e28900000200df0181c8d0bae99dfde06a0755045f3973a803005f1efcd5e6236bd971a54d6f477050956981d7198a02000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc06ea1d00390100", 0xab)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18)
socket$unix(0x1, 0x5, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000ac0)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nombcache}, {@bh}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1a, 0xf, &(0x7f0000000ac0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x608, 0x360, 0x11, 0x148, 0x360, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x668)

1.474669999s ago: executing program 5 (id=612):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000))
read(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f0000000400)={0x6, {{0xa, 0x4e24, 0x4, @mcast2, 0x4}}, {{0xa, 0x4e24, 0x7781, @dev={0xfe, 0x80, '\x00', 0x18}, 0x400}}}, 0x108)
io_submit(0x0, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x401)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000)
write$eventfd(r1, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8)

1.199746053s ago: executing program 3 (id=613):
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
pipe(0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create1(0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000007000000020001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x3, 0x0, &(0x7f0000044000))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x14, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x10)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r4], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x18)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="300000002e00030500000000000000", @ANYRES32, @ANYBLOB="87b5c50bac7c1bd0475868f5165a301c9799bf5f197bfdb259d2b3935ac6a4607286ac7ecac914e171e2647200"], 0x30}], 0x1}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

515.776862ms ago: executing program 4 (id=614):
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={0x0, 0xffffffffffffff71})
ioctl$MON_IOCX_GETX(r0, 0x80089203, 0x0)

0s ago: executing program 3 (id=615):
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000002a82, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
unshare(0x2c020400)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)={0x10000000})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$phonet_pipe(0x23, 0x5, 0x2)
landlock_create_ruleset(0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
socket$inet6(0xa, 0x5, 0x0)

kernel console output (not intermixed with test programs):

l 1200
[  166.915968][ T4672] pwc: Registered as video103.
[  166.938622][ T4672] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9
[  166.997397][ T4672] usb 3-1: USB disconnect, device number 7
[  167.525796][ T4280] Bluetooth: hci2: command 0x2016 tx timeout
[  168.952598][ T5337] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 5337 comm: syz.4.206)
[  168.966132][   T26] audit: type=1800 audit(1751627848.851:15): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.206" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=34666 res=0 errno=0
[  169.405595][ T5338] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  169.764134][ T5345] netlink: 28 bytes leftover after parsing attributes in process `syz.1.209'.
[  169.781640][ T5345] netlink: 28 bytes leftover after parsing attributes in process `syz.1.209'.
[  170.755760][    T7] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  171.037099][    T7] usb 5-1: Using ep0 maxpacket: 32
[  171.064677][    T7] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  171.083845][    T7] usb 5-1: config 0 has no interface number 0
[  171.093983][    T7] usb 5-1: config 0 interface 184 has no altsetting 0
[  171.123759][    T7] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  171.161251][    T7] usb 5-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  171.214364][    T7] usb 5-1: Product: syz
[  171.235724][    T7] usb 5-1: Manufacturer: syz
[  171.240419][    T7] usb 5-1: SerialNumber: syz
[  171.254723][    T7] usb 5-1: config 0 descriptor??
[  171.276927][    T7] smsc75xx v1.0.0
[  171.724377][    T7] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  171.760706][    T7] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  172.123423][    T7] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  172.854260][    T7] smsc75xx: probe of 5-1:0.184 failed with error -32
[  173.117371][ T5368] loop2: detected capacity change from 0 to 128
[  173.123446][    T7] usb 5-1: USB disconnect, device number 6
[  173.174316][ T5368] EXT4-fs: Ignoring removed bh option
[  173.244374][ T5368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  173.272714][ T5368] ext4 filesystem being mounted at /43/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  173.648681][ T5351] loop0: detected capacity change from 0 to 32768
[  173.746135][ T5351] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  173.796090][ T5351] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  173.814295][ T5351] BTRFS info (device loop0): using free space tree
[  173.826621][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  173.914119][ T5351] BTRFS info (device loop0): enabling ssd optimizations
[  173.991137][   T26] audit: type=1800 audit(1751627853.881:16): pid=5351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.212" name="file1" dev="loop0" ino=261 res=0 errno=0
[  174.063543][   T26] audit: type=1800 audit(1751627853.921:17): pid=5351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.212" name="bus" dev="loop0" ino=263 res=0 errno=0
[  174.741307][ T5402] bridge0: port 3(syz_tun) entered blocking state
[  174.854069][ T5402] bridge0: port 3(syz_tun) entered disabled state
[  175.187954][ T5402] device syz_tun entered promiscuous mode
[  175.310886][ T5402] bridge0: port 3(syz_tun) entered blocking state
[  175.317579][ T5402] bridge0: port 3(syz_tun) entered forwarding state
[  176.143580][ T4268] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  176.214099][ T5410] netlink: 28 bytes leftover after parsing attributes in process `syz.2.224'.
[  176.227679][ T5410] netlink: 28 bytes leftover after parsing attributes in process `syz.2.224'.
[  176.296109][  T128] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  176.524223][  T128] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.545933][  T128] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  176.576185][  T128] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  176.585951][  T128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  176.594660][  T128] usb 2-1: SerialNumber: syz
[  176.711167][ T4285] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 11 /dev/loop0 scanned by udevd (4285)
[  176.847702][  T128] usb 2-1: 0:2 : does not exist
[  176.905192][  T128] usb 2-1: USB disconnect, device number 6
[  177.124132][ T5401] loop4: detected capacity change from 0 to 32768
[  177.157534][ T5417] loop2: detected capacity change from 0 to 512
[  177.164949][ T5417] EXT4-fs: Ignoring removed oldalloc option
[  177.178647][ T4458] udevd[4458]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  177.250984][ T5417] EXT4-fs (loop2): 1 truncate cleaned up
[  177.265048][ T5417] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  177.446469][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  177.545922][  T128] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  177.766152][ T4426] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  177.800358][  T128] usb 4-1: Using ep0 maxpacket: 32
[  177.807750][  T128] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  177.820350][  T128] usb 4-1: config 0 has no interface number 0
[  177.840909][  T128] usb 4-1: config 0 interface 184 has no altsetting 0
[  177.854434][ T5435] loop4: detected capacity change from 0 to 512
[  177.871367][  T128] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  177.894858][  T128] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  177.914789][  T128] usb 4-1: Product: syz
[  177.920741][  T128] usb 4-1: Manufacturer: syz
[  177.925609][  T128] usb 4-1: SerialNumber: syz
[  177.946070][  T128] usb 4-1: config 0 descriptor??
[  177.956052][ T4426] usb 1-1: Using ep0 maxpacket: 32
[  177.970343][ T5435] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  177.980369][ T4426] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.003432][  T128] smsc75xx v1.0.0
[  178.018426][ T5435] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.039782][ T4426] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.081710][ T4426] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  178.163541][ T4426] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.187140][ T4426] usb 1-1: config 0 descriptor??
[  178.194394][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  178.360344][  T128] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  178.402605][  T128] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  178.445883][  T128] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  178.477340][  T128] smsc75xx: probe of 4-1:0.184 failed with error -32
[  178.524847][ T5446] smc: ib device syz0 ibport 1 applied user defined pnetid SYZ0
[  178.717290][ T5446] vcan0 speed is unknown, defaulting to 1000
[  178.747255][ T5446] vcan0 speed is unknown, defaulting to 1000
[  178.781737][ T5446] vcan0 speed is unknown, defaulting to 1000
[  179.557882][ T4426] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  179.677795][ T5437] loop1: detected capacity change from 0 to 40427
[  179.701430][ T5437] F2FS-fs (loop1): Unrecognized mount option "errors=continue" or missing value
[  179.944025][ T5446] infiniband syz1: set active
[  179.950578][ T5446] infiniband syz1: added vcan0
[  179.956253][ T5446] rdma_rxe: unable to create cq
[  179.961863][ T5446] infiniband syz1: Couldn't create ib_mad CQ
[  179.969549][ T5446] infiniband syz1: Couldn't open port 1
[  179.980934][    T7] vcan0 speed is unknown, defaulting to 1000
[  180.128541][ T5459] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 5459 comm: syz.2.239)
[  180.207989][   T26] audit: type=1800 audit(1751627860.031:18): pid=5459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.239" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=37118 res=0 errno=0
[  180.357659][ T5446] RDS/IB: syz1: added
[  180.452456][ T5446] smc: adding ib device syz1 with port count 1
[  180.649239][ T5446] smc:    ib device syz1 port 1 has pnetid 
[  180.706389][  T128] vcan0 speed is unknown, defaulting to 1000
[  180.720115][ T5446] vcan0 speed is unknown, defaulting to 1000
[  180.902369][  T128] usb 1-1: USB disconnect, device number 8
[  180.932934][ T4429] usb 4-1: USB disconnect, device number 9
[  181.132146][ T5470] loop0: detected capacity change from 0 to 1024
[  181.158170][ T5446] vcan0 speed is unknown, defaulting to 1000
[  181.184451][ T5470] EXT4-fs: Ignoring removed orlov option
[  181.272015][ T5470] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  181.644146][ T4429] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  182.172489][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  182.277738][ T4429] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.317194][ T4429] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.348290][ T4429] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  182.363731][ T5446] vcan0 speed is unknown, defaulting to 1000
[  182.375759][ T4429] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  182.404228][ T4429] usb 4-1: SerialNumber: syz
[  182.612327][ T5446] vcan0 speed is unknown, defaulting to 1000
[  182.641364][ T4429] usb 4-1: 0:2 : does not exist
[  182.677414][ T4429] usb 4-1: USB disconnect, device number 10
[  182.751647][ T5446] vcan0 speed is unknown, defaulting to 1000
[  182.771116][    T7] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  182.879059][ T5446] vcan0 speed is unknown, defaulting to 1000
[  182.896409][ T4285] udevd[4285]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  182.969931][    T7] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  182.996044][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.014489][    T7] usb 1-1: Product: syz
[  183.019164][    T7] usb 1-1: Manufacturer: syz
[  183.023796][    T7] usb 1-1: SerialNumber: syz
[  183.067191][    T7] usb 1-1: config 0 descriptor??
[  183.086361][    T7] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  184.578993][ T5507] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 5507 comm: syz.3.252)
[  184.595551][   T26] audit: type=1800 audit(1751627864.481:19): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.252" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=37236 res=0 errno=0
[  184.667857][    T7] gspca_sunplus: reg_r err -110
[  185.125924][ T4671] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  185.146315][ T4426] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  185.315858][ T4671] usb 5-1: Using ep0 maxpacket: 32
[  185.347651][ T4671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.359152][ T4426] usb 2-1: Using ep0 maxpacket: 32
[  185.376559][ T4671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.392318][ T4671] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  185.403116][ T4426] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  185.476823][ T4671] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.522448][ T4426] usb 2-1: config 0 has no interface number 0
[  185.580858][ T4426] usb 2-1: config 0 interface 184 has no altsetting 0
[  185.609125][ T4671] usb 5-1: config 0 descriptor??
[  185.630909][ T4426] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  185.665882][    T7] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  185.694352][ T4426] usb 2-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  185.761743][ T4426] usb 2-1: Product: syz
[  185.766968][ T4426] usb 2-1: Manufacturer: syz
[  185.771730][ T4426] usb 2-1: SerialNumber: syz
[  185.791010][  T128] usb 1-1: USB disconnect, device number 9
[  185.798778][ T4426] usb 2-1: config 0 descriptor??
[  185.895848][    T7] usb 4-1: Using ep0 maxpacket: 16
[  185.903292][    T7] usb 4-1: config 4 has an invalid interface number: 69 but max is 0
[  185.908786][ T4426] smsc75xx v1.0.0
[  185.945591][    T7] usb 4-1: config 4 has no interface number 0
[  185.963004][    T7] usb 4-1: config 4 interface 69 has no altsetting 0
[  186.025919][    T7] usb 4-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49
[  186.045313][    T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.234870][    T7] usb 4-1: Product: syz
[  186.239670][    T7] usb 4-1: SerialNumber: syz
[  186.294349][ T4426] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  186.400090][ T4426] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  186.727880][ T4671] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  186.741334][ T4426] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  187.115915][ T4426] smsc75xx: probe of 2-1:0.184 failed with error -61
[  187.147309][    T7] option 4-1:4.69: GSM modem (1-port) converter detected
[  187.162039][    T7] usb 4-1: USB disconnect, device number 11
[  187.227601][    T7] option 4-1:4.69: device disconnected
[  187.612200][ T5544] loop2: detected capacity change from 0 to 16
[  187.626109][ T5544] erofs: (device loop2): mounted with root inode @ nid 36.
[  187.649822][ T4280] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  187.666142][ T5544] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  187.687609][ T5544] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  187.688789][   T26] audit: type=1800 audit(1751627867.571:20): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.262" name="file2" dev="loop2" ino=89 res=0 errno=0
[  187.700121][ T5544] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  187.730253][ T5544] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  187.741475][ T5544] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  187.941510][    T7] usb 2-1: USB disconnect, device number 7
[  189.505126][ T5553] netlink: 12 bytes leftover after parsing attributes in process `syz.1.264'.
[  190.696046][ T4820] usb 5-1: USB disconnect, device number 7
[  190.919391][ T4269] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  191.376068][ T4820] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  191.760566][ T4820] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  192.080662][ T4820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.270911][ T4820] usb 5-1: Product: syz
[  192.275151][ T4820] usb 5-1: Manufacturer: syz
[  192.311461][ T4820] usb 5-1: SerialNumber: syz
[  192.330465][ T4820] usb 5-1: config 0 descriptor??
[  192.410152][ T4820] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  192.425281][ T5573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.272'.
[  192.439640][ T5573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.272'.
[  192.967079][ T4269] Bluetooth: hci3: command 0x2016 tx timeout
[  193.016459][ T4820] gspca_sunplus: reg_r err -110
[  194.856399][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.905971][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  195.195871][ T5586] loop3: detected capacity change from 0 to 512
[  195.266002][ T4671] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  195.292020][ T5586] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  195.305943][ T5586] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.355148][ T5586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.277'.
[  195.455973][ T4671] usb 3-1: Using ep0 maxpacket: 32
[  195.501586][ T4671] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  195.516145][ T4671] usb 3-1: config 0 has no interface number 0
[  195.522781][ T4671] usb 3-1: config 0 interface 184 has no altsetting 0
[  195.540525][ T4671] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  195.550375][ T4671] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  195.560466][ T4671] usb 3-1: Product: syz
[  195.564778][ T4671] usb 3-1: Manufacturer: syz
[  195.569618][ T4671] usb 3-1: SerialNumber: syz
[  195.581925][ T4671] usb 3-1: config 0 descriptor??
[  195.736004][ T4820] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  196.008810][ T5590] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  196.028719][ T4820] usb 1-1: Using ep0 maxpacket: 32
[  196.108443][ T4820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.272790][ T4820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.396171][ T5412] usb 5-1: USB disconnect, device number 8
[  196.405274][ T4671] smsc75xx v1.0.0
[  196.426695][ T4820] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  196.470686][ T4820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.483639][ T4280] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  196.496630][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  196.528146][ T4820] usb 1-1: config 0 descriptor??
[  196.715497][ T5602] loop1: detected capacity change from 0 to 128
[  196.745053][ T5602] EXT4-fs: Ignoring removed bh option
[  196.826481][ T5602] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  196.849889][ T5602] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  196.920548][ T4671] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  196.932035][ T4671] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  196.941799][ T4671] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  196.954104][ T4671] smsc75xx: probe of 3-1:0.184 failed with error -61
[  196.970800][ T5611] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  197.290628][ T5612] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 5612 comm: syz.3.281)
[  197.315985][   T26] audit: type=1800 audit(1751627877.201:21): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.281" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=37236 res=0 errno=0
[  198.053017][ T4820] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  198.122315][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  198.486026][ T4280] Bluetooth: hci4: command 0x2016 tx timeout
[  198.505618][ T5601] loop4: detected capacity change from 0 to 8192
[  199.513229][ T5627] netlink: 28 bytes leftover after parsing attributes in process `syz.3.286'.
[  199.522293][ T5627] netlink: 28 bytes leftover after parsing attributes in process `syz.3.286'.
[  199.523453][  T128] usb 3-1: USB disconnect, device number 8
[  199.617405][ T5169] usb 1-1: USB disconnect, device number 10
[  199.869821][ T5633] bridge0: port 1(syz_tun) entered blocking state
[  199.894357][ T5633] bridge0: port 1(syz_tun) entered disabled state
[  199.917516][ T5633] device syz_tun entered promiscuous mode
[  200.025930][ T5633] bridge0: port 1(syz_tun) entered blocking state
[  200.032523][ T5633] bridge0: port 1(syz_tun) entered forwarding state
[  200.105493][   T26] audit: type=1326 audit(1751627879.991:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  200.810676][ T5640] vcan0 speed is unknown, defaulting to 1000
[  201.049934][   T26] audit: type=1326 audit(1751627880.811:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  201.160884][   T26] audit: type=1326 audit(1751627880.811:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  201.262845][   T26] audit: type=1326 audit(1751627880.811:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  201.537038][ T4273] Bluetooth: hci1: command 0x0406 tx timeout
[  201.537055][ T4280] Bluetooth: hci4: command 0x0406 tx timeout
[  201.537808][ T4276] Bluetooth: hci2: command 0x0406 tx timeout
[  201.543123][ T4269] Bluetooth: hci0: command 0x0406 tx timeout
[  201.550184][   T26] audit: type=1326 audit(1751627880.811:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  201.562300][   T26] audit: type=1326 audit(1751627880.811:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  202.240875][   T26] audit: type=1326 audit(1751627880.811:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  202.430028][   T26] audit: type=1326 audit(1751627880.811:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5638 comm="syz.0.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x7ffc0000
[  202.795228][ T5665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.301'.
[  202.809510][ T5665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.301'.
[  202.929587][  T128] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  203.005747][ T5412] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  203.135785][  T128] usb 3-1: Using ep0 maxpacket: 32
[  203.143243][  T128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.173866][  T128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.225755][ T5412] usb 5-1: Using ep0 maxpacket: 32
[  203.235525][ T5412] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  203.251419][  T128] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  203.279490][ T5412] usb 5-1: config 0 has no interface number 0
[  203.289966][  T128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.309472][ T5412] usb 5-1: config 0 interface 184 has no altsetting 0
[  203.336620][  T128] usb 3-1: config 0 descriptor??
[  203.348777][ T5412] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  203.385143][ T5412] usb 5-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  203.413465][ T5412] usb 5-1: Product: syz
[  203.429845][ T5412] usb 5-1: Manufacturer: syz
[  203.448707][ T5412] usb 5-1: SerialNumber: syz
[  203.482015][ T5412] usb 5-1: config 0 descriptor??
[  203.514859][ T5412] smsc75xx v1.0.0
[  203.666889][ T5655] loop0: detected capacity change from 0 to 32768
[  203.728922][ T5655] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  203.759736][ T5655] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  203.779349][ T5655] BTRFS info (device loop0): using free space tree
[  203.984225][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  204.001150][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  204.011400][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  204.023982][ T5412] smsc75xx: probe of 5-1:0.184 failed with error -61
[  204.844980][  T128] savu 0003:1E7D:2D5A.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  205.036951][ T5655] BTRFS error (device loop0): open_ctree failed: -22
[  205.077412][ T4285] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by udevd (4285)
[  206.235061][ T4326] usb 3-1: USB disconnect, device number 9
[  206.446528][ T4819] usb 5-1: USB disconnect, device number 9
[  206.929290][ T4326] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  207.351023][ T4326] usb 3-1: device descriptor read/64, error -71
[  207.481075][ T4819] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  207.504271][ T5713] netlink: 144 bytes leftover after parsing attributes in process `syz.0.308'.
[  208.187288][ T4326] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  208.492458][ T4819] usb 5-1: Using ep0 maxpacket: 16
[  209.038563][ T4819] usb 5-1: config 4 has an invalid interface number: 69 but max is 0
[  209.047020][ T4819] usb 5-1: config 4 has no interface number 0
[  209.053842][ T4819] usb 5-1: config 4 interface 69 has no altsetting 0
[  209.075245][ T4819] usb 5-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49
[  209.093519][ T4819] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.105906][ T4819] usb 5-1: Product: syz
[  209.110171][ T4819] usb 5-1: SerialNumber: syz
[  209.195823][ T4326] usb 3-1: device descriptor read/64, error -71
[  209.317143][ T4326] usb usb3-port1: attempt power cycle
[  209.345290][ T4819] option 5-1:4.69: GSM modem (1-port) converter detected
[  209.364770][ T4819] usb 5-1: USB disconnect, device number 10
[  209.374601][ T4819] option 5-1:4.69: device disconnected
[  209.642174][ T5728] loop2: detected capacity change from 0 to 512
[  209.712743][ T5728] EXT4-fs (loop2): orphan cleanup on readonly fs
[  209.755797][ T5728] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.314: bad orphan inode 13
[  209.794589][ T5728] ext4_test_bit(bit=12, block=18) = 1
[  209.806118][ T5728] is_bad_inode(inode)=0
[  209.810337][ T5728] NEXT_ORPHAN(inode)=2130706432
[  209.934228][ T5728] max_ino=32
[  209.944385][ T5728] i_nlink=1
[  209.954604][ T5728] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  210.125043][ T5725] loop0: detected capacity change from 0 to 32768
[  210.155169][ T5725] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  210.206949][ T5725] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  210.228243][ T5725] BTRFS info (device loop0): using free space tree
[  210.245753][ T4819] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  210.295764][ T5412] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  210.485787][ T5412] usb 5-1: Using ep0 maxpacket: 32
[  210.507265][ T5412] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  210.549024][ T5412] usb 5-1: config 0 has no interface number 0
[  210.555203][ T5412] usb 5-1: config 0 interface 184 has no altsetting 0
[  210.565754][ T4819] usb 2-1: Using ep0 maxpacket: 32
[  210.574352][ T4819] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.623070][ T4819] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.686051][ T4819] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  210.705114][ T4819] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.817746][ T4819] usb 2-1: config 0 descriptor??
[  210.845350][ T5725] BTRFS info (device loop0): enabling ssd optimizations
[  211.361609][ T5412] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  211.375260][ T5412] usb 5-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  211.415102][ T5412] usb 5-1: Product: syz
[  211.424904][ T5412] usb 5-1: Manufacturer: syz
[  211.443553][ T5412] usb 5-1: SerialNumber: syz
[  211.486897][ T5412] usb 5-1: config 0 descriptor??
[  211.513873][ T5412] smsc75xx v1.0.0
[  211.596425][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  211.624763][   T26] audit: type=1800 audit(1751627891.511:30): pid=5725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.313" name="file1" dev="loop0" ino=261 res=0 errno=0
[  212.055327][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  212.243752][ T4819] savu 0003:1E7D:2D5A.000C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  212.252450][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  212.285866][ T5412] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  212.314008][ T5412] smsc75xx: probe of 5-1:0.184 failed with error -61
[  212.326930][   T26] audit: type=1800 audit(1751627892.221:31): pid=5760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.313" name="bus" dev="loop0" ino=263 res=0 errno=0
[  212.554515][ T4268] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  212.669659][ T5412] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  212.867543][ T5412] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.883153][ T5412] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.906080][ T5412] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.924891][ T5412] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.949035][ T5412] usb 3-1: SerialNumber: syz
[  213.006171][ T5758] loop3: detected capacity change from 0 to 40427
[  213.050592][ T5758] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  213.059493][ T5758] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  213.249227][ T5758] F2FS-fs (loop3): Found nat_bits in checkpoint
[  213.309321][ T5412] usb 3-1: 0:2 : does not exist
[  213.332913][ T5412] usb 3-1: USB disconnect, device number 13
[  213.381199][ T4427] usb 5-1: USB disconnect, device number 11
[  213.447470][ T5779] loop0: detected capacity change from 0 to 512
[  213.460243][ T5779] EXT4-fs: Ignoring removed bh option
[  213.478276][ T5779] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  213.491682][ T5779] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  213.757748][ T5779] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  213.780042][ T5779] EXT4-fs (loop0): 1 truncate cleaned up
[  213.786109][ T5779] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  214.149028][ T5779] EXT4-fs error (device loop0): ext4_lookup:1858: inode #16: comm syz.0.321: iget: bad i_size value: 5497558147880
[  214.907651][ T4285] udevd[4285]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.955652][    C0] sched: RT throttling activated
[  215.066903][ T4823] usb 2-1: USB disconnect, device number 8
[  215.702585][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  215.882983][ T5794] loop0: detected capacity change from 0 to 512
[  215.912976][ T5784] loop4: detected capacity change from 0 to 40427
[  215.972324][ T5784] F2FS-fs (loop4): Unrecognized mount option "errors=continue" or missing value
[  216.076058][ T5412] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  216.266000][ T5412] usb 2-1: device descriptor read/64, error -71
[  216.532192][ T5809] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  216.542665][ T5794] EXT4-fs (loop0): Test dummy encryption mode enabled
[  216.555423][ T5794] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  217.369330][ T5794] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.326: bad orphan inode 131083
[  217.376016][ T5412] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  217.413422][ T5794] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  217.661756][ T5412] usb 2-1: device descriptor read/64, error -71
[  217.687696][ T5824] loop2: detected capacity change from 0 to 512
[  217.737279][ T5824] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  217.748656][ T5824] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.786721][ T5412] usb usb2-port1: attempt power cycle
[  217.927110][ T5828] syz.0.326 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  217.975871][ T4430] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  218.477467][ T5781] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  218.515936][ T5412] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  218.546515][ T5829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.333'.
[  218.567762][   T26] audit: type=1800 audit(1751627897.841:32): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.326" name="file1" dev="loop0" ino=15 res=0 errno=0
[  218.590964][ T5412] usb 2-1: device descriptor read/8, error -71
[  218.600988][ T4430] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  218.623235][ T4430] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.645827][ T4430] usb 4-1: Product: syz
[  218.650056][ T4430] usb 4-1: Manufacturer: syz
[  218.672894][ T4430] usb 4-1: SerialNumber: syz
[  218.776736][ T4430] usb 4-1: config 0 descriptor??
[  218.793757][ T4430] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  218.875958][ T5412] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  219.192724][ T5412] usb 2-1: device not accepting address 12, error -71
[  219.200043][ T4427] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  219.225932][ T5412] usb usb2-port1: unable to enumerate USB device
[  219.972173][ T4430] gspca_sunplus: reg_r err -110
[  220.021763][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  220.100599][ T4427] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  220.132302][ T4427] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  220.170481][ T4427] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  220.226915][ T4427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  220.259401][ T4427] usb 5-1: SerialNumber: syz
[  220.419574][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  220.493939][ T4427] usb 5-1: 0:2 : does not exist
[  220.532146][ T4427] usb 5-1: USB disconnect, device number 12
[  220.607962][ T4458] udevd[4458]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  220.641226][ T5846] loop2: detected capacity change from 0 to 128
[  220.670356][ T5846] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  220.705612][ T5846] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  220.718481][ T5844] loop0: detected capacity change from 0 to 2048
[  220.779497][ T5844]  loop0: p1 < > p3
[  220.796154][ T5844] loop0: p3 size 134217728 extends beyond EOD, truncated
[  220.827208][ T3639]  loop0: p1 < > p3
[  220.846077][ T3639] loop0: p3 size 134217728 extends beyond EOD, truncated
[  220.863285][ T4562] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  220.931054][ T5844] kvm: emulating exchange as write
[  221.087799][ T5837] block nbd3: shutting down sockets
[  221.172804][ T5412] usb 4-1: USB disconnect, device number 12
[  222.505351][ T5849] loop1: detected capacity change from 0 to 40427
[  222.515514][ T5849] F2FS-fs (loop1): Unrecognized mount option "errors=continue" or missing value
[  222.636007][ T4285] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  223.722005][ T5870] loop0: detected capacity change from 0 to 256
[  224.146985][ T5870] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  224.194757][ T5870] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  224.303846][ T5874] loop2: detected capacity change from 0 to 512
[  224.393515][ T5874] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  224.429030][ T5874] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.453186][ T5874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.348'.
[  224.747528][   T26] audit: type=1800 audit(1751627904.641:33): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.345" name="file1" dev="loop0" ino=1048607 res=0 errno=0
[  224.764827][ T5883] loop4: detected capacity change from 0 to 512
[  224.828029][ T5883] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  224.861073][ T5883] EXT4-fs (loop4): invalid journal inode
[  224.887850][ T5883] EXT4-fs (loop4): can't get journal size
[  224.926596][ T5883] EXT4-fs (loop4): 1 truncate cleaned up
[  224.935800][ T5883] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  225.126313][ T5876] loop1: detected capacity change from 0 to 32768
[  225.175738][ T5876] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.349 (5876)
[  225.303771][ T5876] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  225.319778][ T5876] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  225.332407][ T5876] BTRFS info (device loop1): using free space tree
[  225.365756][ T5872] loop3: detected capacity change from 0 to 32768
[  225.512111][ T5872] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.347 (5872)
[  225.952558][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  226.009647][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  226.628735][ T5907] loop0: detected capacity change from 0 to 512
[  226.652717][ T4792] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (4792)
[  226.657677][ T5876] BTRFS info (device loop1): enabling ssd optimizations
[  226.721146][ T5907] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  226.753476][ T5907] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.778621][ T5919] fuse: Bad value for 'fd'
[  226.796414][   T26] audit: type=1800 audit(1751627906.691:34): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.349" name="file1" dev="loop1" ino=261 res=0 errno=0
[  226.837295][ T5907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'.
[  226.905823][ T4819] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  227.062692][   T26] audit: type=1800 audit(1751627906.951:35): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.349" name="bus" dev="loop1" ino=263 res=0 errno=0
[  227.082982][    C0] vkms_vblank_simulate: vblank timer overrun
[  227.122894][ T4819] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  227.140705][ T4819] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.476010][   T26] audit: type=1804 audit(1751627907.051:36): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.349" name="/newroot/60/file0/file1" dev="loop1" ino=261 res=1 errno=0
[  227.895708][ T4819] usb 5-1: Product: syz
[  227.899979][ T4819] usb 5-1: Manufacturer: syz
[  227.904630][ T4819] usb 5-1: SerialNumber: syz
[  227.928696][ T4819] usb 5-1: config 0 descriptor??
[  227.938031][ T4819] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  228.113158][ T4266] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  228.365936][ T5918] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  229.004352][ T5936] tipc: Started in network mode
[  229.009635][ T5936] tipc: Node identity 2000007, cluster identity 4711
[  229.016631][ T5936] tipc: Node number set to 33554439
[  229.115044][ T4819] gspca_sunplus: reg_r err -110
[  230.168962][ T5933] block nbd4: shutting down sockets
[  230.260697][ T4819] usb 5-1: USB disconnect, device number 13
[  230.474622][ T5937] loop3: detected capacity change from 0 to 40427
[  230.526721][ T5937] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  230.533425][ T5937] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  230.612403][ T5937] F2FS-fs (loop3): Found nat_bits in checkpoint
[  230.906002][ T5937] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  230.946224][ T5937] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  230.981291][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  232.390399][ T5958] loop1: detected capacity change from 0 to 512
[  232.448200][ T5959] syz.4.364[5959] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.448730][ T5959] syz.4.364[5959] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.500840][ T5959] loop4: detected capacity change from 0 to 512
[  232.524889][ T5959] EXT4-fs: Ignoring removed bh option
[  232.641618][ T5959] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  232.833732][ T5959] EXT4-fs (loop4): 1 truncate cleaned up
[  232.839652][ T5959] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  233.141103][ T5958] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  233.211242][ T5958] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.367643][ T5958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.363'.
[  233.852642][ T5945] loop2: detected capacity change from 0 to 40427
[  233.987882][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  234.353959][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  234.629664][ T5971] loop1: detected capacity change from 0 to 2048
[  234.686825][ T5971] EXT4-fs: Ignoring removed bh option
[  234.782979][ T5971] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  234.875387][   T26] audit: type=1800 audit(1751627914.761:37): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.366" name="file1" dev="loop1" ino=15 res=0 errno=0
[  234.923598][ T5971] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  234.955976][ T5971] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28
[  234.986003][ T5971] EXT4-fs (loop1): This should not happen!! Data will be lost
[  234.986003][ T5971] 
[  235.005801][ T5971] EXT4-fs (loop1): Total free blocks count 0
[  235.016566][ T5971] EXT4-fs (loop1): Free/Dirty block details
[  235.026105][ T5971] EXT4-fs (loop1): free_blocks=2415919104
[  235.043030][ T5971] EXT4-fs (loop1): dirty_blocks=656
[  235.053093][ T5971] EXT4-fs (loop1): Block reservation details
[  235.075728][ T5971] EXT4-fs (loop1): i_reserved_data_blocks=41
[  235.360594][   T11] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  235.418886][ T5969] loop2: detected capacity change from 0 to 32768
[  235.441236][ T5969] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.367 (5969)
[  235.516184][ T5969] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  235.543721][ T5969] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  235.564652][ T5969] BTRFS info (device loop2): using free space tree
[  235.596428][ T5975] loop3: detected capacity change from 0 to 32768
[  235.609972][ T5975] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.365 (5975)
[  235.945708][ T4427] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  235.945892][ T5969] BTRFS info (device loop2): enabling ssd optimizations
[  235.978385][ T4458] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (4458)
[  236.095727][ T4427] usb 2-1: device descriptor read/64, error -71
[  236.366168][ T4427] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  236.396493][   T26] audit: type=1800 audit(1751627916.281:38): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.367" name="file1" dev="loop2" ino=261 res=0 errno=0
[  236.535756][ T4427] usb 2-1: device descriptor read/64, error -71
[  236.628622][   T26] audit: type=1800 audit(1751627916.471:39): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.367" name="bus" dev="loop2" ino=263 res=0 errno=0
[  236.656179][ T4427] usb usb2-port1: attempt power cycle
[  236.909902][   T26] audit: type=1804 audit(1751627916.511:40): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.367" name="/newroot/77/file0/file1" dev="loop2" ino=261 res=1 errno=0
[  236.954890][ T4274] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  237.987835][ T4427] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  238.076416][ T4427] usb 2-1: device descriptor read/8, error -71
[  238.089061][ T6016] loop4: detected capacity change from 0 to 512
[  238.197790][ T6016] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  238.215946][ T6016] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.228137][ T4285] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 10 /dev/loop2 scanned by udevd (4285)
[  238.276382][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.376'.
[  238.345776][ T4427] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  238.406420][ T4427] usb 2-1: device descriptor read/8, error -71
[  238.526522][ T6024] netlink: 'syz.3.374': attribute type 32 has an invalid length.
[  238.538127][ T4427] usb usb2-port1: unable to enumerate USB device
[  238.848915][ T6032] loop1: detected capacity change from 0 to 512
[  238.979556][ T6032] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  239.008591][ T6036] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  239.047620][ T6032] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.062715][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  239.078547][ T6032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.378'.
[  239.374369][ T6014] loop0: detected capacity change from 0 to 40427
[  239.401420][ T6014] F2FS-fs (loop0): Unrecognized mount option "errors=continue" or missing value
[  239.414176][ T6042] loop3: detected capacity change from 0 to 512
[  239.517487][ T6042] EXT4-fs: Ignoring removed orlov option
[  239.592037][ T6042] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  239.688941][ T6042] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.955055][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  240.003183][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  240.860543][ T6050] loop0: detected capacity change from 0 to 32768
[  240.892405][ T6050] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[  241.148522][ T6071] loop4: detected capacity change from 0 to 256
[  241.168103][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.389'.
[  241.183249][ T6071] FAT-fs (loop4): Unrecognized mount option "shor†name=mixed" or missing value
[  241.441793][ T4285] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[  241.476120][ T5169] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  241.666003][ T5169] usb 4-1: Using ep0 maxpacket: 32
[  241.692651][ T5169] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.081535][ T5169] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.122229][ T5169] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  242.195239][ T5169] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.227343][ T5169] usb 4-1: config 0 descriptor??
[  242.437431][ T6078] loop0: detected capacity change from 0 to 16
[  242.451100][ T6078] erofs: (device loop0): mounted with root inode @ nid 36.
[  242.463170][ T4273] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  242.474576][ T6078] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  242.486921][   T26] audit: type=1800 audit(1751627922.381:41): pid=6078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.392" name="file2" dev="loop0" ino=89 res=0 errno=0
[  242.799097][ T6084] loop0: detected capacity change from 0 to 512
[  242.837792][ T6084] EXT4-fs: Ignoring removed bh option
[  243.054532][ T6084] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  243.490357][ T6084] EXT4-fs (loop0): 1 truncate cleaned up
[  243.614052][ T6084] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  243.654384][ T5169] savu 0003:1E7D:2D5A.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  243.915065][ T6091] loop4: detected capacity change from 0 to 256
[  243.939523][ T6091] FAT-fs (loop4): Directory bread(block 64) failed
[  243.946267][ T6091] FAT-fs (loop4): Directory bread(block 65) failed
[  243.952955][ T6091] FAT-fs (loop4): Directory bread(block 66) failed
[  243.959741][ T6091] FAT-fs (loop4): Directory bread(block 67) failed
[  243.967216][ T6091] FAT-fs (loop4): Directory bread(block 68) failed
[  243.973802][ T6091] FAT-fs (loop4): Directory bread(block 69) failed
[  243.980528][ T6091] FAT-fs (loop4): Directory bread(block 70) failed
[  243.987164][ T6091] FAT-fs (loop4): Directory bread(block 71) failed
[  243.993812][ T6091] FAT-fs (loop4): Directory bread(block 72) failed
[  244.000477][ T6091] FAT-fs (loop4): Directory bread(block 73) failed
[  244.032174][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  244.761774][ T5169] usb 4-1: USB disconnect, device number 13
[  244.834688][   T26] audit: type=1326 audit(1751627924.721:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.0.400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71b2f8e929 code=0x0
[  245.030005][ T6076] loop2: detected capacity change from 0 to 40427
[  245.096658][ T6116] loop0: detected capacity change from 0 to 512
[  245.293582][ T6119] loop3: detected capacity change from 0 to 256
[  245.648241][ T6119] FAT-fs (loop3): Directory bread(block 64) failed
[  245.655206][ T6119] FAT-fs (loop3): Directory bread(block 65) failed
[  245.662639][ T6119] FAT-fs (loop3): Directory bread(block 66) failed
[  245.669428][ T6119] FAT-fs (loop3): Directory bread(block 67) failed
[  245.677236][ T6119] FAT-fs (loop3): Directory bread(block 68) failed
[  245.684034][ T6119] FAT-fs (loop3): Directory bread(block 69) failed
[  245.691458][ T6119] FAT-fs (loop3): Directory bread(block 70) failed
[  245.698329][ T6119] FAT-fs (loop3): Directory bread(block 71) failed
[  245.705717][ T6119] FAT-fs (loop3): Directory bread(block 72) failed
[  245.712948][ T6119] FAT-fs (loop3): Directory bread(block 73) failed
[  246.978595][ T6116] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  247.061795][ T6116] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.222402][ T6116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.403'.
[  247.908133][ T6129] netlink: 28 bytes leftover after parsing attributes in process `syz.2.404'.
[  247.918313][ T6129] netlink: 28 bytes leftover after parsing attributes in process `syz.2.404'.
[  248.345368][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  248.564526][ T6133] device veth1_macvtap left promiscuous mode
[  248.655815][ T6133] device macsec0 entered promiscuous mode
[  249.000850][ T6127] loop4: detected capacity change from 0 to 16
[  249.010200][ T6127] erofs: (device loop4): mounted with root inode @ nid 36.
[  249.021494][ T4273] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  249.035867][ T6127] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  249.047609][   T26] audit: type=1800 audit(1751627928.941:43): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.405" name="file2" dev="loop4" ino=89 res=0 errno=0
[  249.363002][ T6144] loop3: detected capacity change from 0 to 128
[  249.400216][ T6144] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  249.477192][ T6144] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  249.581484][ T6143] netlink: 'syz.2.411': attribute type 13 has an invalid length.
[  250.065948][ T4824] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  250.295820][ T4824] usb 5-1: Using ep0 maxpacket: 32
[  250.308989][ T4824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.441340][ T4824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.478646][ T4824] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  250.513743][ T4824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.560129][ T4824] usb 5-1: config 0 descriptor??
[  250.576034][ T6143] gretap0: refused to change device tx_queue_len
[  250.582807][ T6143] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  250.667860][ T6158] loop1: detected capacity change from 0 to 128
[  250.706341][ T6158] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fff0101)
[  250.740530][ T6158] FAT-fs (loop1): Filesystem has been set read-only
[  250.848801][ T6161] netlink: 'syz.1.414': attribute type 4 has an invalid length.
[  252.093804][ T4824] savu 0003:1E7D:2D5A.000E: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  252.548225][ T6160] loop2: detected capacity change from 0 to 40427
[  252.575603][ T6160] F2FS-fs (loop2): Unrecognized mount option "errors=continue" or missing value
[  252.720572][ T4824] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  252.827325][ T6167] loop3: detected capacity change from 0 to 32768
[  252.874226][ T6167] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  252.915764][ T4824] usb 1-1: Using ep0 maxpacket: 32
[  252.937370][ T4824] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  252.981008][ T4824] usb 1-1: config 0 has no interface number 0
[  252.999566][ T4824] usb 1-1: config 0 interface 184 has no altsetting 0
[  253.029351][ T4824] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  253.050360][ T4824] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  253.067684][ T4824] usb 1-1: Product: syz
[  253.095691][ T4824] usb 1-1: Manufacturer: syz
[  253.145676][ T4824] usb 1-1: SerialNumber: syz
[  253.224326][    T7] usb 5-1: USB disconnect, device number 14
[  253.237839][ T4824] usb 1-1: config 0 descriptor??
[  253.258680][ T4824] smsc75xx v1.0.0
[  253.279367][ T4458] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  253.402270][ T6181] loop1: detected capacity change from 0 to 1024
[  253.410054][ T6181] EXT4-fs: Ignoring removed mblk_io_submit option
[  253.416624][ T6181] EXT4-fs: Ignoring removed bh option
[  253.424295][ T6181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  253.552505][ T6181] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  254.968484][ T4824] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  254.980362][ T4824] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  254.990468][ T4824] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  255.001192][ T4824] smsc75xx: probe of 1-1:0.184 failed with error -61
[  255.021793][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  255.776394][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  255.782944][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  256.448683][ T4671] usb 1-1: USB disconnect, device number 11
[  256.975730][ T5412] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  257.166173][ T5412] usb 2-1: Using ep0 maxpacket: 16
[  257.189799][ T5412] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  257.224219][ T5412] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  257.281390][ T5412] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  257.326408][ T5412] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.364348][ T5412] usb 2-1: Product: syz
[  257.369549][ T5412] usb 2-1: Manufacturer: syz
[  257.374284][ T5412] usb 2-1: SerialNumber: syz
[  257.619585][ T5412] usb 2-1: 0:2 : does not exist
[  257.647933][ T5412] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  257.701093][ T5412] usb 2-1: USB disconnect, device number 17
[  257.850885][ T4269] Bluetooth: hci3: command 0x0406 tx timeout
[  257.953711][ T4285] udevd[4285]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  258.050617][ T6232] loop3: detected capacity change from 0 to 32768
[  258.075127][ T6232] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  258.095871][ T4671] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  258.282079][ T4285] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  258.292832][ T4671] usb 5-1: Using ep0 maxpacket: 32
[  258.300122][ T4671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  258.329269][ T4671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.340767][ T4671] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  258.356319][ T4671] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.372598][ T4671] usb 5-1: config 0 descriptor??
[  258.545889][ T4820] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  258.787430][ T4820] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  258.797007][ T4820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.805204][ T4820] usb 4-1: Product: syz
[  258.810057][ T4820] usb 4-1: Manufacturer: syz
[  258.816582][ T4820] usb 4-1: SerialNumber: syz
[  258.964549][ T4820] usb 4-1: config 0 descriptor??
[  258.982808][ T4820] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  259.643349][ T4671] savu 0003:1E7D:2D5A.000F: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  260.101254][ T4820] gspca_sunplus: reg_r err -110
[  260.736707][ T6221] netlink: 28 bytes leftover after parsing attributes in process `syz.0.431'.
[  260.749586][ T6221] netlink: 28 bytes leftover after parsing attributes in process `syz.0.431'.
[  260.895247][ T4673] usb 5-1: USB disconnect, device number 15
[  261.265197][ T6239] block nbd3: shutting down sockets
[  261.377699][ T4673] usb 4-1: USB disconnect, device number 14
[  262.872073][ T6268] syz.2.443[6268] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.872462][ T6268] syz.2.443[6268] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.919798][ T6268] loop2: detected capacity change from 0 to 512
[  262.942831][ T6268] EXT4-fs: Ignoring removed bh option
[  262.965112][ T6268] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  263.194241][ T6268] EXT4-fs (loop2): 1 truncate cleaned up
[  263.200184][ T6268] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  263.594349][ T6268] EXT4-fs error (device loop2): ext4_lookup:1858: inode #16: comm syz.2.443: iget: bad i_size value: 5497558147880
[  264.435901][ T4673] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  264.636560][ T4673] usb 4-1: Using ep0 maxpacket: 32
[  264.654307][ T4673] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.701845][ T4673] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.745291][ T4673] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  264.792396][ T4673] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.845507][ T4673] usb 4-1: config 0 descriptor??
[  265.101751][ T6281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.447'.
[  265.111188][ T6281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.447'.
[  265.152952][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  267.838501][ T4673] savu 0003:1E7D:2D5A.0010: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  268.206238][ T6288] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  268.950323][ T4820] usb 4-1: USB disconnect, device number 15
[  269.191352][ T6287] fido_id[6287]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  269.425862][ T5412] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  269.630270][ T5412] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  269.644780][ T5412] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.653839][ T5412] usb 5-1: Product: syz
[  269.664041][ T5412] usb 5-1: Manufacturer: syz
[  269.671138][ T6305] loop3: detected capacity change from 0 to 16
[  269.689788][ T6305] erofs: (device loop3): mounted with root inode @ nid 36.
[  269.704909][ T5412] usb 5-1: SerialNumber: syz
[  269.743375][ T5412] usb 5-1: config 0 descriptor??
[  269.764961][ T5412] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  269.933635][ T6309] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  271.536410][ T5412] gspca_sunplus: reg_r err -110
[  271.950323][ T6316] loop3: detected capacity change from 0 to 512
[  271.960005][ T6316] EXT4-fs: Ignoring removed oldalloc option
[  272.026746][ T6316] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  272.100302][ T6316] EXT4-fs (loop3): orphan cleanup on readonly fs
[  272.120543][ T6316] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5
[  272.131760][ T6316] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  272.141365][ T6316] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.457: Failed to acquire dquot type 1
[  272.180936][ T6316] EXT4-fs (loop3): 1 truncate cleaned up
[  272.187821][ T6316] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  273.555545][ T6293] block nbd4: shutting down sockets
[  274.137171][ T4334] usb 5-1: USB disconnect, device number 16
[  274.671506][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  275.075677][ T4820] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  275.619384][ T4820] usb 4-1: Using ep0 maxpacket: 32
[  275.645318][ T4820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.675722][ T4820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.719283][ T4820] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  275.749654][ T4820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.822801][ T4820] usb 4-1: config 0 descriptor??
[  276.155821][ T5412] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  279.302568][ T4820] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  279.325699][ T5412] usb 5-1: Using ep0 maxpacket: 16
[  279.493787][ T5412] usb 5-1: device descriptor read/all, error -71
[  279.877415][ T4673] usb 4-1: USB disconnect, device number 16
[  279.955900][ T4334] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  280.265805][ T4334] usb 2-1: Using ep0 maxpacket: 32
[  280.296583][ T4334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.323107][ T6359] syz.2.469[6359] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  280.323574][ T6359] syz.2.469[6359] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  280.392320][ T6359] loop2: detected capacity change from 0 to 512
[  280.415410][ T6359] EXT4-fs: Ignoring removed bh option
[  281.147374][ T6359] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  281.272993][ T6359] EXT4-fs (loop2): 1 truncate cleaned up
[  281.278954][ T6359] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  281.624184][ T6359] EXT4-fs error (device loop2): ext4_lookup:1858: inode #16: comm syz.2.469: iget: bad i_size value: 5497558147880
[  281.996802][ T4334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.007158][ T4334] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  282.018107][ T4334] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.028512][ T4334] usb 2-1: config 0 descriptor??
[  282.048163][ T4334] hub 2-1:0.0: USB hub found
[  282.174438][   T26] audit: type=1326 audit(2000000006.420:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.248489][ T4334] hub 2-1:0.0: 1 port detected
[  282.350082][   T26] audit: type=1326 audit(2000000006.460:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.541581][   T26] audit: type=1326 audit(2000000006.460:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.694178][   T26] audit: type=1326 audit(2000000006.460:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.724069][ T6365] loop4: detected capacity change from 0 to 512
[  282.787626][   T26] audit: type=1326 audit(2000000006.460:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.809925][   T26] audit: type=1326 audit(2000000006.460:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.837706][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  282.852440][ T6355] loop3: detected capacity change from 0 to 40427
[  282.871294][   T26] audit: type=1326 audit(2000000006.460:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.894924][ T4673] hub 2-1:0.0: activate --> -90
[  282.924393][   T26] audit: type=1326 audit(2000000006.460:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6362 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94b18e929 code=0x7ffc0000
[  282.952737][ T6355] F2FS-fs (loop3): Unrecognized mount option "errors=continue" or missing value
[  282.996037][ T6368] loop2: detected capacity change from 0 to 1024
[  283.003402][ T6368] EXT4-fs: Ignoring removed mblk_io_submit option
[  283.009953][ T6368] EXT4-fs: Ignoring removed bh option
[  283.021222][ T6368] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  283.043374][ T6365] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  283.094150][ T6368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  283.104462][ T5412] usb 2-1-port1: config error
[  283.122414][ T6365] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  283.310114][ T5412] usb 2-1: Failed to suspend device, error -71
[  283.311361][ T4829] usb 2-1: USB disconnect, device number 18
[  283.334393][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.473'.
[  284.122847][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  284.276034][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  284.713082][ T4544] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.777863][ T4544] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.931384][ T4544] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.026387][ T6393] loop2: detected capacity change from 0 to 128
[  286.095364][ T4544] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.106586][ T6393] EXT4-fs: Ignoring removed bh option
[  286.171884][ T6393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  286.192425][ T6393] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  286.225736][ T4820] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  286.438091][ T4820] usb 2-1: Using ep0 maxpacket: 32
[  286.445178][ T4820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.475740][ T4820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.505694][ T4820] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  286.525087][ T4820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.590904][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  286.594772][ T4820] usb 2-1: config 0 descriptor??
[  286.887843][ T6407] xt_bpf: check failed: parse error
[  286.938087][ T4334] hid-generic 00A1:0009:0003.0012: unknown main item tag 0x7
[  286.965737][ T4334] hid-generic 00A1:0009:0003.0012: unknown main item tag 0x6
[  287.014421][ T4334] hid-generic 00A1:0009:0003.0012: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  287.215249][ T4273] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  287.236688][ T4273] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  287.255376][ T4273] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  287.263830][ T4273] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  287.321887][ T4280] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  287.348707][ T4280] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  287.640145][ T4820] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  288.540759][ T6409] vcan0 speed is unknown, defaulting to 1000
[  289.060911][ T5412] usb 2-1: USB disconnect, device number 19
[  289.291479][ T6433] loop1: detected capacity change from 0 to 512
[  289.537961][ T4273] Bluetooth: hci1: command 0x0409 tx timeout
[  289.627955][ T6433] fscrypt (loop1, inode 2): Error -61 getting encryption context
[  289.829693][ T6433] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61
[  290.015050][ T6433] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #13: comm syz.1.487: iget: bad i_size value: 12154757448730
[  290.060673][ T6437] loop4: detected capacity change from 0 to 512
[  290.137414][ T6433] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.487: couldn't read orphan inode 13 (err -117)
[  290.214412][ T6437] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  290.253982][ T6433] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  290.281010][ T6437] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.970395][ T6395] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  290.995303][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  291.134880][ T6444] loop2: detected capacity change from 0 to 256
[  291.174752][ T6444] exfat: Bad value for 'gid'
[  291.234588][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.488'.
[  291.625818][ T4269] Bluetooth: hci1: command 0x041b tx timeout
[  291.673642][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  292.205928][ T5412] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  292.738225][ T6409] chnl_net:caif_netlink_parms(): no params data found
[  292.863241][ T6465] loop3: detected capacity change from 0 to 256
[  292.889968][ T5412] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  292.925689][ T5412] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  292.946809][ T5412] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  293.303521][ T5412] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  293.311705][ T5412] usb 2-1: SerialNumber: syz
[  293.545374][ T6409] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.564629][ T6409] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.578567][ T5412] usb 2-1: 0:2 : does not exist
[  293.654331][ T5412] usb 2-1: USB disconnect, device number 20
[  293.685972][ T4273] Bluetooth: hci1: command 0x040f tx timeout
[  293.693964][ T6409] device bridge_slave_0 entered promiscuous mode
[  293.734320][ T6409] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.780809][ T6409] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.827276][ T6409] device bridge_slave_1 entered promiscuous mode
[  293.962264][ T4544] device hsr_slave_0 left promiscuous mode
[  293.972134][ T4458] udevd[4458]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  293.999083][ T4544] device hsr_slave_1 left promiscuous mode
[  294.014657][ T4544] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  294.048422][ T4544] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.060326][ T4544] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  294.067989][ T4544] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.086175][ T4544] device bridge_slave_1 left promiscuous mode
[  294.094582][ T4544] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.151355][ T4544] device bridge_slave_0 left promiscuous mode
[  294.163817][ T4544] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.201643][ T6489] loop4: detected capacity change from 0 to 512
[  294.232766][ T6489] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  294.247816][ T6489] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  294.258713][ T4829] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  294.298711][ T6489] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[  294.324631][ T6489] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  294.344719][ T4544] device veth1_macvtap left promiscuous mode
[  294.355519][ T6489] System zones: 0-2
[  294.368556][ T4544] device veth0_macvtap left promiscuous mode
[  294.388666][ T6489] , 18-18, 34-34
[  294.405781][ T4544] device veth1_vlan left promiscuous mode
[  294.412673][ T4544] device veth0_vlan left promiscuous mode
[  294.431858][ T6489] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.498: iget: bad i_size value: 360287970189639680
[  294.455798][ T4829] usb 3-1: Using ep0 maxpacket: 32
[  294.462912][ T4829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.517722][ T4829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.538529][ T6489] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.498: couldn't read orphan inode 15 (err -117)
[  294.575959][ T4829] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  294.611500][ T6489] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  294.635972][ T4829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.667935][ T4829] usb 3-1: config 0 descriptor??
[  294.940565][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  295.177321][ T6503] loop4: detected capacity change from 0 to 512
[  295.344232][ T6503] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  295.377590][ T6503] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.796430][ T4273] Bluetooth: hci1: command 0x0419 tx timeout
[  296.022635][ T4829] savu 0003:1E7D:2D5A.0014: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  296.325248][ T4576] smc: removing ib device syz0
[  297.320153][ T6494] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  297.375534][ T4673] usb 3-1: USB disconnect, device number 14
[  298.635040][ T6517] netlink: 36 bytes leftover after parsing attributes in process `syz.2.503'.
[  299.893838][ T6521] syz.2.504[6521] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  299.893943][ T6521] syz.2.504[6521] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  300.046261][ T6521] loop2: detected capacity change from 0 to 512
[  300.069043][ T6521] EXT4-fs: Ignoring removed bh option
[  300.079506][ T6521] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  300.224590][ T6521] EXT4-fs (loop2): 1 truncate cleaned up
[  300.230429][ T6521] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  301.088558][ T4544] team0 (unregistering): Port device team_slave_1 removed
[  301.338698][ T4544] team0 (unregistering): Port device team_slave_0 removed
[  301.928248][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  302.586774][ T4544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.953812][ T6584] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 6584 comm: syz.2.506)
[  303.966433][   T26] audit: type=1800 audit(2000000028.220:52): pid=6584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.506" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=37118 res=0 errno=0
[  304.038187][ T4544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.775831][ T4824] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  304.941742][ T4544] bond0 (unregistering): Released all slaves
[  304.975054][ T4824] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  304.984424][ T4824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.992526][ T4824] usb 3-1: Product: syz
[  304.997790][ T4824] usb 3-1: Manufacturer: syz
[  305.002427][ T4824] usb 3-1: SerialNumber: syz
[  305.009599][ T4824] usb 3-1: config 0 descriptor??
[  305.017849][ T4824] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  305.036475][ T6409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  305.056470][ T6409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  305.088393][ T6508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.501'.
[  305.177578][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  305.341242][ T6409] team0: Port device team_slave_0 added
[  305.354293][ T6409] team0: Port device team_slave_1 added
[  305.541469][ T5412] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  305.755878][ T5412] usb 4-1: Using ep0 maxpacket: 32
[  305.790380][ T5412] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.880950][ T5412] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.934186][ T5412] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  305.983961][ T5412] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.125878][ T5412] usb 4-1: config 0 descriptor??
[  306.144950][ T4824] gspca_sunplus: reg_r err -110
[  306.170213][ T6602] loop4: detected capacity change from 0 to 512
[  306.261005][ T6602] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  306.296030][ T6602] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  306.834921][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  307.467396][ T5412] savu 0003:1E7D:2D5A.0015: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  307.563316][ T6599] block nbd2: shutting down sockets
[  307.633305][ T4671] usb 3-1: USB disconnect, device number 15
[  307.812335][ T6612] loop4: detected capacity change from 0 to 1024
[  307.825092][ T6612] EXT4-fs: Ignoring removed bh option
[  307.846869][ T6612] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  308.013464][ T6612] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  308.836152][ T4430] usb 4-1: USB disconnect, device number 17
[  309.365934][ T6608] fido_id[6608]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  309.544719][ T6622] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  309.745776][ T4430] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  309.758010][ T6622] loop3: detected capacity change from 0 to 8192
[  309.954064][ T4430] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  309.983171][ T4430] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  310.024060][ T4430] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  310.052468][ T4430] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  310.085353][ T4430] usb 3-1: SerialNumber: syz
[  310.134212][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  310.334992][ T4430] usb 3-1: 0:2 : does not exist
[  310.369215][ T4430] usb 3-1: USB disconnect, device number 16
[  310.535745][ T4829] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  310.600426][ T4285] udevd[4285]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  310.734220][ T4829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.746694][ T4829] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  310.756069][ T4829] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  310.765313][ T4829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.784475][ T4829] usb 5-1: config 0 descriptor??
[  311.742244][ T6409] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.749592][ T6409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.787627][ T6409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  311.822489][ T6409] batman_adv: batadv0: Adding interface: batadv_slave_1
[  311.852334][ T6409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.902246][ T6409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  312.084596][ T6409] device hsr_slave_0 entered promiscuous mode
[  312.110407][ T6409] device hsr_slave_1 entered promiscuous mode
[  312.121745][ T6409] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  312.138259][ T6409] Cannot create hsr debugfs directory
[  312.235780][    T7] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  312.484714][ T6643] loop3: detected capacity change from 0 to 512
[  312.496912][ T6643] EXT4-fs: Ignoring removed i_version option
[  312.792813][ T6643] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  313.451370][ T6643] kthread_run failed with err -4
[  314.120081][    T7] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  315.128617][    T7] usb 2-1: config 1 interface 0 has no altsetting 0
[  315.279972][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  315.679457][    T7] usb 2-1: string descriptor 0 read error: -71
[  315.699873][    T7] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  315.752051][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.765394][ T4829] usb 5-1: USB disconnect, device number 19
[  315.773306][ T6409] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  315.781538][    T7] usb 2-1: can't set config #1, error -71
[  315.817255][    T7] usb 2-1: USB disconnect, device number 21
[  315.824468][ T6656] loop3: detected capacity change from 0 to 256
[  315.850673][ T6409] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  315.888670][ T6409] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  315.920030][ T6656] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  315.938368][ T6409] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  316.424193][ T6677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.522'.
[  316.487288][ T6409] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.505921][ T4829] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  316.542275][ T6386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  316.566624][ T6386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  316.603834][   T26] audit: type=1800 audit(2000000040.850:53): pid=6677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.522" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  316.627935][ T6409] 8021q: adding VLAN 0 to HW filter on device team0
[  316.637965][ T6677] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  316.653222][ T6681] netlink: 24 bytes leftover after parsing attributes in process `syz.1.527'.
[  316.663658][ T6677] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  316.699077][ T6677] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  316.720323][ T4829] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  316.731544][ T4829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.752634][ T4829] usb 5-1: Product: syz
[  316.762857][ T4829] usb 5-1: Manufacturer: syz
[  316.772476][ T4829] usb 5-1: SerialNumber: syz
[  316.804129][ T4829] usb 5-1: config 0 descriptor??
[  316.828962][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  316.841872][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  316.843882][ T4829] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  316.863074][ T6677] syz.3.522 (6677) used greatest stack depth: 18208 bytes left
[  316.874018][ T4592] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.881256][ T4592] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.923394][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  316.960837][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  316.998167][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  317.019639][ T4592] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.026982][ T4592] bridge0: port 2(bridge_slave_1) entered forwarding state
[  318.599016][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  319.007765][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  319.128752][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  319.166767][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  319.183610][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  319.194791][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  319.206728][ T4829] gspca_sunplus: reg_r err -110
[  319.386397][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  319.429490][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  319.520285][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  319.847674][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.529'.
[  319.858897][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.529'.
[  319.912108][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  319.921039][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  319.937002][ T6409] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  319.951895][ T6409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  319.962233][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  319.972591][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  320.371851][ T6688] block nbd4: shutting down sockets
[  320.439630][ T4820] usb 5-1: USB disconnect, device number 20
[  320.826850][ T6409] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.835379][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  320.853527][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  320.926991][ T4820] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  321.132782][ T4820] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.153550][ T4820] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  321.190265][ T4820] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  321.236836][ T4820] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.293078][ T4820] usb 5-1: config 0 descriptor??
[  321.388962][ T6724] vcan0 speed is unknown, defaulting to 1000
[  322.392300][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  322.423051][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  322.448910][ T6756] loop1: detected capacity change from 0 to 16
[  322.473544][ T6756] erofs: (device loop1): mounted with root inode @ nid 36.
[  322.484647][ T4273] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  322.495987][ T6756] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  322.513033][   T26] audit: type=1800 audit(2000000046.760:54): pid=6756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.539" name="file2" dev="loop1" ino=89 res=0 errno=0
[  322.567136][ T6409] device veth0_vlan entered promiscuous mode
[  322.582022][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  322.626674][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  322.681646][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  322.706372][ T6743] loop3: detected capacity change from 0 to 32768
[  322.713720][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  322.742629][ T6743] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  322.775328][ T6409] device veth1_vlan entered promiscuous mode
[  322.825467][ T6761] loop1: detected capacity change from 0 to 1024
[  322.844153][ T6761] EXT4-fs: Ignoring removed oldalloc option
[  322.852914][ T6761] EXT4-fs: Ignoring removed orlov option
[  322.900989][ T6409] device veth0_macvtap entered promiscuous mode
[  322.934539][ T6761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  322.955937][ T2955] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  322.973810][ T2955] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  323.014197][ T6663] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  323.020644][ T2955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  323.102273][ T6761] EXT4-fs: Ignoring removed orlov option
[  323.109447][ T2955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  323.124161][ T6761] EXT4-fs (loop1): can't enable nombcache during remount
[  323.134190][ T2955] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  323.343422][ T6409] device veth1_macvtap entered promiscuous mode
[  323.371778][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.383234][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.398281][ T6761] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.540: Allocating blocks 385-513 which overlap fs metadata
[  323.413422][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.424651][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.437479][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.448784][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.472896][ T6409] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.485036][ T6768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.541'.
[  323.501484][ T6768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.541'.
[  323.675910][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  323.794808][ T6760] EXT4-fs (loop1): pa ffff888073f4e540: logic 16, phys. 129, len 24
[  323.800960][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  323.803446][ T6760] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  323.812677][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  323.865264][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.886605][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.923131][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.952107][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.970695][ T6409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.981320][ T6409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.982187][ T4390] usb 5-1: USB disconnect, device number 21
[  324.019393][ T6409] batman_adv: batadv0: Interface activated: batadv_slave_1
[  324.036950][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  324.070247][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  324.079835][ T4592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  324.178395][ T4274] bridge0: port 1(syz_tun) entered disabled state
[  324.257801][ T4274] device syz_tun left promiscuous mode
[  324.265806][ T4274] bridge0: port 1(syz_tun) entered disabled state
[  324.286393][ T6409] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.308380][ T6409] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.334820][ T6409] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.364189][ T6409] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.908310][ T4663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.926210][ T4663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.961755][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  324.993724][ T4663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.021253][ T4663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.184751][ T6386] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.255430][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  325.359514][ T6386] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.505778][    T7] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  325.674989][ T6799] loop4: detected capacity change from 0 to 512
[  325.684718][ T6799] EXT4-fs: Ignoring removed i_version option
[  325.856014][ T6386] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.946501][ T6799] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  326.508194][ T6386] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.179397][ T6386] tipc: Left network mode
[  327.524115][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  327.528805][    T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.544387][    T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  327.564785][    T7] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  327.584494][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.600721][ T6793] loop3: detected capacity change from 0 to 32768
[  327.642267][    T7] usb 2-1: config 0 descriptor??
[  327.660681][ T4269] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  327.676742][ T6793] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  327.687603][ T4269] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  327.696776][ T4269] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  327.704653][ T4269] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  327.713082][ T4280] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  327.720661][ T4280] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  327.888933][ T6820] loop4: detected capacity change from 0 to 256
[  327.977096][ T6814] vcan0 speed is unknown, defaulting to 1000
[  328.083290][    T7] cp2112 0003:10C4:EA90.0016: report_id 0 is invalid
[  328.142339][    T7] cp2112 0003:10C4:EA90.0016: item 0 0 1 8 parsing failed
[  328.204728][    T7] cp2112 0003:10C4:EA90.0016: parse failed
[  328.226943][    T7] cp2112: probe of 0003:10C4:EA90.0016 failed with error -22
[  328.295103][ T6827] syz.4.553[6827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  328.295721][ T6827] syz.4.553[6827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  328.416323][ T4673] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  328.680254][ T6827] loop4: detected capacity change from 0 to 128
[  328.702469][ T6827] EXT4-fs (loop4): Test dummy encryption mode enabled
[  329.767031][ T4280] Bluetooth: hci3: command 0x0409 tx timeout
[  330.105710][    T7] usb 2-1: USB disconnect, device number 22
[  330.869528][ T6827] EXT4-fs: error -4 creating inode table initialization thread
[  330.879194][ T6827] EXT4-fs (loop4): mount failed
[  331.855769][ T4280] Bluetooth: hci3: command 0x041b tx timeout
[  332.363493][ T4673] usb 6-1: unable to read config index 0 descriptor/all
[  332.387658][ T4673] usb 6-1: can't read configurations, error -71
[  332.430168][ T4285] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  332.795882][ T4430] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  333.199899][ T4430] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  333.981135][ T4280] Bluetooth: hci3: command 0x040f tx timeout
[  334.061527][ T4430] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.071221][ T4430] usb 5-1: Product: syz
[  334.075466][ T4430] usb 5-1: Manufacturer: syz
[  334.080587][ T4430] usb 5-1: SerialNumber: syz
[  334.097488][ T4430] usb 5-1: config 0 descriptor??
[  334.117876][ T4430] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  334.492985][ T6854] loop5: detected capacity change from 0 to 1024
[  334.549689][ T6855] loop1: detected capacity change from 0 to 512
[  334.576692][ T6854] EXT4-fs: Ignoring removed mblk_io_submit option
[  334.583188][ T6854] EXT4-fs: Ignoring removed bh option
[  334.950109][ T6854] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  334.973010][ T6855] EXT4-fs (loop1): Test dummy encryption mode enabled
[  335.021444][ T6855] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  335.261282][ T4430] gspca_sunplus: reg_r err -110
[  335.387745][ T6855] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.563: bad orphan inode 131083
[  335.402482][ T6854] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  335.425707][ T6855] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  336.050427][ T4280] Bluetooth: hci3: command 0x0419 tx timeout
[  336.272056][ T6869] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  336.330799][ T6858] block nbd4: shutting down sockets
[  336.337616][   T26] audit: type=1800 audit(2000000060.530:55): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.563" name="file1" dev="loop1" ino=15 res=0 errno=0
[  336.424404][    T7] usb 5-1: USB disconnect, device number 22
[  337.539100][ T6866] loop3: detected capacity change from 0 to 32768
[  337.580036][ T6866] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  337.702489][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  337.863593][ T6409] EXT4-fs (loop5): unmounting filesystem.
[  337.974603][ T6889] random: crng reseeded on system resumption
[  342.322399][ T4285] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10
[  342.860548][   T26] audit: type=1326 audit(2000000067.110:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.3.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3e58e929 code=0x7ffc0000
[  342.885886][ T4673] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  343.029117][   T26] audit: type=1326 audit(2000000067.110:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.3.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f0e3e58e929 code=0x7ffc0000
[  343.135331][   T26] audit: type=1326 audit(2000000067.110:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.3.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3e58e929 code=0x7ffc0000
[  343.142386][ T4673] usb 5-1: device descriptor read/all, error -71
[  343.172743][ T6913] loop3: detected capacity change from 0 to 16
[  343.225969][ T6913] erofs: (device loop3): mounted with root inode @ nid 36.
[  343.240250][   T26] audit: type=1326 audit(2000000067.110:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.3.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e3e58e929 code=0x7ffc0000
[  343.276359][ T4280] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[  343.288340][ T6913] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  343.390097][   T26] audit: type=1800 audit(2000000067.580:60): pid=6913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.572" name="file2" dev="loop3" ino=89 res=0 errno=0
[  343.415975][ T4430] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  343.582683][ T6814] chnl_net:caif_netlink_parms(): no params data found
[  343.760176][ T4430] usb 2-1: Using ep0 maxpacket: 32
[  343.766418][ T4673] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  343.776553][ T4430] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  343.784778][ T4430] usb 2-1: config 0 has no interface number 0
[  343.801461][ T4430] usb 2-1: config 0 interface 184 has no altsetting 0
[  343.833627][ T4430] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  343.882185][ T4430] usb 2-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  343.903287][ T6814] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.909227][ T4430] usb 2-1: Product: syz
[  343.911421][ T6814] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.914971][ T4430] usb 2-1: Manufacturer: syz
[  343.930929][ T6814] device bridge_slave_0 entered promiscuous mode
[  343.933493][ T4430] usb 2-1: SerialNumber: syz
[  343.962217][ T6814] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.982920][ T4430] usb 2-1: config 0 descriptor??
[  344.007769][ T4673] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  344.035691][ T4673] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.038047][ T6814] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.043749][ T4673] usb 5-1: Product: syz
[  344.043769][ T4673] usb 5-1: Manufacturer: syz
[  344.043784][ T4673] usb 5-1: SerialNumber: syz
[  344.057037][ T4430] smsc75xx v1.0.0
[  344.077762][ T4673] usb 5-1: config 0 descriptor??
[  344.098863][ T6814] device bridge_slave_1 entered promiscuous mode
[  344.100676][ T4673] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  344.232471][ T6386] device hsr_slave_0 left promiscuous mode
[  344.243189][ T6386] device hsr_slave_1 left promiscuous mode
[  344.293522][ T6386] device veth1_macvtap left promiscuous mode
[  344.306637][ T6386] device veth0_macvtap left promiscuous mode
[  344.313005][ T6386] device veth1_vlan left promiscuous mode
[  344.328227][ T6386] device veth0_vlan left promiscuous mode
[  345.226154][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  345.238596][ T4673] gspca_sunplus: reg_r err -110
[  345.258975][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  345.269254][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  345.280505][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  345.464422][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  345.476074][ T4430] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  345.523078][ T4430] smsc75xx: probe of 2-1:0.184 failed with error -61
[  345.646696][ T6949] loop3: detected capacity change from 0 to 512
[  345.657373][ T6949] EXT4-fs: Ignoring removed bh option
[  345.699374][ T6949] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  345.884115][ T6949] EXT4-fs (loop3): 1 truncate cleaned up
[  345.890131][ T6949] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  346.068387][ T6952] EXT4-fs error (device loop3): ext4_lookup:1858: inode #16: comm syz.3.577: iget: bad i_size value: 5497558147880
[  346.641888][ T6940] block nbd4: shutting down sockets
[  347.769664][ T4430] usb 5-1: USB disconnect, device number 24
[  347.792110][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  348.027722][ T6960] loop3: detected capacity change from 0 to 512
[  348.071779][ T6960] EXT4-fs (loop3): orphan cleanup on readonly fs
[  348.127775][ T6960] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.578: bad orphan inode 13
[  348.171091][ T6960] ext4_test_bit(bit=12, block=18) = 1
[  348.176659][ T6960] is_bad_inode(inode)=0
[  348.180839][ T6960] NEXT_ORPHAN(inode)=2130706432
[  348.186420][ T6960] max_ino=32
[  348.189663][ T6960] i_nlink=1
[  348.193343][ T6960] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  348.613711][ T4430] usb 2-1: USB disconnect, device number 23
[  349.116968][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  350.086901][ T5412] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  350.293994][ T5412] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.326686][ T5412] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  350.365303][ T5412] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  350.403409][ T5412] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.495083][ T5412] usb 4-1: config 0 descriptor??
[  352.380208][ T6386] bond0 (unregistering): Released all slaves
[  352.532862][ T6814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.574474][ T6814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  354.440672][ T6989] loop5: detected capacity change from 0 to 1024
[  354.448774][ T6989] EXT4-fs: Ignoring removed mblk_io_submit option
[  354.455262][ T6989] EXT4-fs: Ignoring removed bh option
[  354.462520][ T6989] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  354.612436][ T4673] usb 4-1: USB disconnect, device number 18
[  354.629043][ T6989] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  354.642587][ T6814] team0: Port device team_slave_0 added
[  354.653123][ T6814] team0: Port device team_slave_1 added
[  354.750320][ T6997] loop3: detected capacity change from 0 to 512
[  354.766604][    T7] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  354.777470][ T6997] EXT4-fs: Ignoring removed bh option
[  354.883582][ T6999] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  355.619839][ T6997] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  355.682075][    T7] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  355.707192][ T6814] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.737489][ T6997] EXT4-fs (loop3): 1 truncate cleaned up
[  355.743210][ T6997] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  355.752381][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.768739][ T6409] EXT4-fs (loop5): unmounting filesystem.
[  355.785321][ T6814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.856453][    T7] usb 5-1: Product: syz
[  355.860767][    T7] usb 5-1: Manufacturer: syz
[  355.865401][    T7] usb 5-1: SerialNumber: syz
[  355.917634][    T7] usb 5-1: config 0 descriptor??
[  355.933852][ T6814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.967249][    T7] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  356.010036][ T6814] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.095195][ T6814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.255051][ T4272] EXT4-fs (loop3): unmounting filesystem.
[  357.307553][ T6814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.430672][ T6814] device hsr_slave_0 entered promiscuous mode
[  357.445001][ T6814] device hsr_slave_1 entered promiscuous mode
[  357.453191][ T6814] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  357.467085][ T6814] Cannot create hsr debugfs directory
[  357.506045][    T7] gspca_sunplus: reg_r err -110
[  357.582474][ T4356] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  357.745320][ T7017] loop1: detected capacity change from 0 to 512
[  357.795764][ T4356] usb 6-1: Using ep0 maxpacket: 32
[  357.796705][ T7017] EXT4-fs (loop1): orphan cleanup on readonly fs
[  357.802872][ T4356] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  357.822454][ T7017] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.593: bad orphan inode 13
[  357.845470][ T7017] ext4_test_bit(bit=12, block=18) = 1
[  357.852466][ T7017] is_bad_inode(inode)=0
[  357.861594][ T7017] NEXT_ORPHAN(inode)=2130706432
[  357.865741][ T4356] usb 6-1: config 0 has no interface number 0
[  357.868331][ T7017] max_ino=32
[  357.883867][ T7017] i_nlink=1
[  357.888512][ T7017] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  357.903395][ T4356] usb 6-1: config 0 interface 184 has no altsetting 0
[  357.913612][ T7017] EXT4-fs (loop1): unmounting filesystem.
[  357.928253][ T4356] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  357.979146][ T6814] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  357.985972][ T4356] usb 6-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  357.994176][ T4356] usb 6-1: Product: syz
[  358.032388][ T4356] usb 6-1: Manufacturer: syz
[  358.051207][ T4356] usb 6-1: SerialNumber: syz
[  358.070878][ T6814] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  358.090207][ T4356] usb 6-1: config 0 descriptor??
[  358.101843][ T4356] smsc75xx v1.0.0
[  358.116272][ T6814] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  358.150110][ T6814] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  358.908739][ T7011] block nbd4: shutting down sockets
[  358.991932][ T7039] loop1: detected capacity change from 0 to 1024
[  359.042518][ T7039] EXT4-fs: Ignoring removed mblk_io_submit option
[  359.075885][ T7039] EXT4-fs: Ignoring removed bh option
[  359.125255][ T7039] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  359.316364][ T6814] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.538765][ T6814] 8021q: adding VLAN 0 to HW filter on device team0
[  359.551942][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  359.561218][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  359.592503][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  359.602124][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  359.617035][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.624287][ T6555] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.642090][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  359.652180][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  359.667084][ T6555] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.674411][ T6555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.707541][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  359.733108][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  359.768365][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  359.809465][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  359.850558][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  359.882623][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  359.904120][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  359.981830][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  360.006952][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  360.043662][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  360.120236][ T4356] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  360.166689][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  360.258498][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  360.301666][ T7039] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  360.343090][ T6814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  360.535687][ T4356] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  360.556411][ T4356] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  360.719246][ T7061] loop4: detected capacity change from 0 to 1024
[  360.772427][ T4356] smsc75xx: probe of 6-1:0.184 failed with error -71
[  360.815141][ T7061] EXT4-fs: Ignoring removed mblk_io_submit option
[  360.825730][ T4356] usb 6-1: USB disconnect, device number 4
[  360.842314][    T7] usb 5-1: USB disconnect, device number 25
[  360.869672][ T7061] EXT4-fs: Ignoring removed bh option
[  360.908890][ T7061] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  361.007845][ T7061] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  361.569523][ T7076] netlink: 28 bytes leftover after parsing attributes in process `syz.3.601'.
[  362.067520][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  362.075388][ T6555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  362.160364][ T6814] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.293333][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  362.374898][ T7064] netlink: 'syz.5.598': attribute type 12 has an invalid length.
[  362.751859][ T7098] syz.4.602[7098] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  362.752359][ T7098] syz.4.602[7098] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  362.799535][ T7098] loop4: detected capacity change from 0 to 512
[  362.821781][ T7098] EXT4-fs: Ignoring removed bh option
[  362.847422][ T7098] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  364.115297][ T7095] netlink: 28 bytes leftover after parsing attributes in process `syz.3.603'.
[  365.099793][ T7095] netlink: 28 bytes leftover after parsing attributes in process `syz.3.603'.
[  365.124735][ T7098] EXT4-fs (loop4): 1 truncate cleaned up
[  365.131103][ T7098] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  365.550822][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  365.670805][ T7106] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  366.167174][ T7113] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  367.915705][ T4673] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  368.330141][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  368.685898][ T4673] usb 4-1: Using ep0 maxpacket: 32
[  368.694894][ T4673] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  368.724137][ T4673] usb 4-1: config 0 has no interface number 0
[  368.744453][ T4673] usb 4-1: config 0 interface 184 has no altsetting 0
[  368.768622][ T4673] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  368.795792][ T4673] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  368.817702][ T4673] usb 4-1: Product: syz
[  368.821946][ T4673] usb 4-1: Manufacturer: syz
[  368.846027][ T4673] usb 4-1: SerialNumber: syz
[  368.863550][ T4673] usb 4-1: config 0 descriptor??
[  368.886192][ T4673] smsc75xx v1.0.0
[  368.926238][ T4671] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  369.163730][ T6814] device veth0_vlan entered promiscuous mode
[  369.188665][ T6814] device veth1_vlan entered promiscuous mode
[  369.218936][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  369.238870][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  369.283889][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  369.299418][ T4671] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  369.314773][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  369.323195][ T4671] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.334260][ T4671] usb 2-1: Product: syz
[  369.357910][ T4671] usb 2-1: Manufacturer: syz
[  369.362800][ T4671] usb 2-1: SerialNumber: syz
[  369.417499][ T7136] loop4: detected capacity change from 0 to 512
[  369.428392][ T7136] EXT4-fs: Ignoring removed bh option
[  369.546029][ T4671] usb 2-1: config 0 descriptor??
[  369.889704][ T4671] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  369.988727][ T4673] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  370.024976][ T4673] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  370.296569][ T4673] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  371.019633][ T4671] gspca_sunplus: reg_r err -110
[  371.067583][ T7136] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  371.244162][ T4673] smsc75xx: probe of 4-1:0.184 failed with error -32
[  371.267053][ T7136] EXT4-fs (loop4): 1 truncate cleaned up
[  371.272843][ T7136] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  371.514983][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  371.564188][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  371.631176][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  371.712837][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  371.793518][ T4560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  371.862934][ T6814] device veth0_macvtap entered promiscuous mode
[  371.921249][ T6814] device veth1_macvtap entered promiscuous mode
[  372.827930][ T7139] block nbd1: shutting down sockets
[  372.851063][ T7150] netlink: 12 bytes leftover after parsing attributes in process `syz.3.613'.
[  372.959236][ T4673] usb 4-1: USB disconnect, device number 19
[  373.032333][ T6814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.120098][ T6814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.151009][ T6814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.179645][ T6814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.219765][ T6814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.260019][ T6814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.302751][ T6814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.354428][ T6814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.849609][    C0] ==================================================================
[  373.857734][    C0] BUG: KASAN: use-after-free in rose_timer_expiry+0x470/0x490
[  373.865209][    C0] Read of size 2 at addr ffff88805610f42a by task ksoftirqd/0/15
[  373.872943][    C0] 
[  373.875286][    C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.1.142-syzkaller #0
[  373.883280][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  373.893358][    C0] Call Trace:
[  373.896646][    C0]  <TASK>
[  373.899586][    C0]  dump_stack_lvl+0x168/0x22e
[  373.904285][    C0]  ? __lock_acquire+0x7c50/0x7c50
[  373.909356][    C0]  ? show_regs_print_info+0x12/0x12
[  373.914571][    C0]  ? load_image+0x3b0/0x3b0
[  373.919087][    C0]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  373.924465][    C0]  ? __virt_addr_valid+0x188/0x540
[  373.929595][    C0]  ? __virt_addr_valid+0x465/0x540
[  373.934721][    C0]  ? rose_timer_expiry+0x470/0x490
[  373.939843][    C0]  print_report+0xa8/0x220
[  373.944267][    C0]  kasan_report+0x10b/0x140
[  373.948792][    C0]  ? rose_timer_expiry+0x470/0x490
[  373.953918][    C0]  rose_timer_expiry+0x470/0x490
[  373.958874][    C0]  call_timer_fn+0x1a0/0x670
[  373.963473][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  373.968508][    C0]  ? call_timer_fn+0xc1/0x670
[  373.973192][    C0]  ? __run_timers+0x7c0/0x7c0
[  373.977882][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  373.983098][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  373.988310][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  373.993345][    C0]  __run_timers+0x525/0x7c0
[  373.997857][    C0]  ? detach_timer+0x350/0x350
[  374.002544][    C0]  ? lock_chain_count+0x20/0x20
[  374.007413][    C0]  run_timer_softirq+0x63/0xf0
[  374.012190][    C0]  handle_softirqs+0x2a1/0x920
[  374.016975][    C0]  ? run_ksoftirqd+0x98/0xf0
[  374.021568][    C0]  ? do_softirq+0x200/0x200
[  374.026102][    C0]  run_ksoftirqd+0x98/0xf0
[  374.030545][    C0]  ? ksoftirqd_should_run+0x20/0x20
[  374.035771][    C0]  ? preempt_schedule_thunk+0x16/0x18
[  374.041223][    C0]  ? takeover_tasklets+0x800/0x800
[  374.046356][    C0]  ? ksoftirqd_should_run+0x20/0x20
[  374.051577][    C0]  smpboot_thread_fn+0x64a/0xa40
[  374.056545][    C0]  ? smpboot_thread_fn+0x4c/0xa40
[  374.061651][    C0]  kthread+0x29d/0x330
[  374.065764][    C0]  ? cpu_report_death+0x230/0x230
[  374.070813][    C0]  ? kthread_blkcg+0xd0/0xd0
[  374.075428][    C0]  ret_from_fork+0x1f/0x30
[  374.079867][    C0]  </TASK>
[  374.082905][    C0] 
[  374.085232][    C0] Allocated by task 6814:
[  374.089562][    C0]  kasan_set_track+0x4b/0x70
[  374.094174][    C0]  __kasan_kmalloc+0x8e/0xa0
[  374.098776][    C0]  __kmalloc_node_track_caller+0xae/0x230
[  374.104813][    C0]  __alloc_skb+0x22a/0x7e0
[  374.109346][    C0]  alloc_uevent_skb+0x7d/0x230
[  374.114122][    C0]  kobject_uevent_net_broadcast+0x17e/0x530
[  374.120119][    C0]  kobject_uevent_env+0x54c/0x8a0
[  374.125176][    C0]  __kobject_del+0xd2/0x2f0
[  374.129708][    C0]  kobject_put+0x235/0x460
[  374.134146][    C0]  netdev_queue_update_kobjects+0x3e9/0x480
[  374.140060][    C0]  netif_set_real_num_tx_queues+0x17f/0x8d0
[  374.145962][    C0]  veth_init_queues+0x83/0x180
[  374.150753][    C0]  veth_newlink+0x96f/0xbe0
[  374.155268][    C0]  rtnl_newlink+0x14c4/0x1ff0
[  374.159958][    C0]  rtnetlink_rcv_msg+0x79b/0xed0
[  374.164912][    C0]  netlink_rcv_skb+0x1de/0x420
[  374.169799][    C0]  netlink_unicast+0x74c/0x8c0
[  374.174585][    C0]  netlink_sendmsg+0x89e/0xbc0
[  374.179382][    C0]  __sys_sendto+0x44f/0x5c0
[  374.183910][    C0]  __x64_sys_sendto+0xda/0xf0
[  374.188612][    C0]  do_syscall_64+0x4c/0xa0
[  374.193074][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  374.198992][    C0] 
[  374.201350][    C0] Freed by task 6814:
[  374.205358][    C0]  kasan_set_track+0x4b/0x70
[  374.209972][    C0]  kasan_save_free_info+0x2d/0x50
[  374.215011][    C0]  ____kasan_slab_free+0x126/0x1e0
[  374.220142][    C0]  slab_free_freelist_hook+0x131/0x1a0
[  374.225647][    C0]  __kmem_cache_free+0xb6/0x1f0
[  374.230531][    C0]  skb_release_data+0x5db/0x7c0
[  374.235433][    C0]  consume_skb+0xa2/0x100
[  374.239784][    C0]  netlink_broadcast+0xff6/0x10f0
[  374.244832][    C0]  kobject_uevent_net_broadcast+0x497/0x530
[  374.250753][    C0]  kobject_uevent_env+0x54c/0x8a0
[  374.255807][    C0]  __kobject_del+0xd2/0x2f0
[  374.260335][    C0]  kobject_put+0x235/0x460
[  374.264783][    C0]  netdev_queue_update_kobjects+0x3e9/0x480
[  374.270698][    C0]  netif_set_real_num_tx_queues+0x17f/0x8d0
[  374.276608][    C0]  veth_init_queues+0x83/0x180
[  374.281395][    C0]  veth_newlink+0x96f/0xbe0
[  374.285917][    C0]  rtnl_newlink+0x14c4/0x1ff0
[  374.290614][    C0]  rtnetlink_rcv_msg+0x79b/0xed0
[  374.295581][    C0]  netlink_rcv_skb+0x1de/0x420
[  374.300368][    C0]  netlink_unicast+0x74c/0x8c0
[  374.305152][    C0]  netlink_sendmsg+0x89e/0xbc0
[  374.309937][    C0]  __sys_sendto+0x44f/0x5c0
[  374.314476][    C0]  __x64_sys_sendto+0xda/0xf0
[  374.319185][    C0]  do_syscall_64+0x4c/0xa0
[  374.323614][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  374.329537][    C0] 
[  374.331876][    C0] Last potentially related work creation:
[  374.337608][    C0]  kasan_save_stack+0x3a/0x60
[  374.342312][    C0]  __kasan_record_aux_stack+0xb2/0xc0
[  374.347704][    C0]  insert_work+0x54/0x3c0
[  374.352047][    C0]  __queue_work+0xba3/0xfb0
[  374.356568][    C0]  call_timer_fn+0x1a0/0x670
[  374.361166][    C0]  __run_timers+0x550/0x7c0
[  374.365677][    C0]  run_timer_softirq+0x63/0xf0
[  374.370458][    C0]  handle_softirqs+0x2a1/0x920
[  374.375236][    C0]  __irq_exit_rcu+0x12f/0x220
[  374.379930][    C0]  irq_exit_rcu+0x5/0x20
[  374.384200][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  374.389878][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  374.395890][    C0] 
[  374.398232][    C0] The buggy address belongs to the object at ffff88805610f400
[  374.398232][    C0]  which belongs to the cache kmalloc-512 of size 512
[  374.412320][    C0] The buggy address is located 42 bytes inside of
[  374.412320][    C0]  512-byte region [ffff88805610f400, ffff88805610f600)
[  374.425538][    C0] 
[  374.427878][    C0] The buggy address belongs to the physical page:
[  374.434311][    C0] page:ffffea0001584300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5610c
[  374.444487][    C0] head:ffffea0001584300 order:2 compound_mapcount:0 compound_pincount:0
[  374.452840][    C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  374.460857][    C0] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017441c80
[  374.469542][    C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  374.478226][    C0] page dumped because: kasan: bad access detected
[  374.484659][    C0] page_owner tracks the page as allocated
[  374.490418][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4274, tgid 4274 (syz-executor), ts 80754629725, free_ts 80748699363
[  374.512766][    C0]  post_alloc_hook+0x173/0x1a0
[  374.517559][    C0]  get_page_from_freelist+0x1a26/0x1ac0
[  374.523111][    C0]  __alloc_pages+0x1df/0x4e0
[  374.527709][    C0]  alloc_slab_page+0x5d/0x160
[  374.532406][    C0]  new_slab+0x87/0x2c0
[  374.536488][    C0]  ___slab_alloc+0xbc6/0x1220
[  374.541181][    C0]  __kmem_cache_alloc_node+0x1a0/0x260
[  374.546647][    C0]  __kmalloc_node_track_caller+0x9e/0x230
[  374.552376][    C0]  pskb_expand_head+0x1a6/0x12a0
[  374.557330][    C0]  netlink_trim+0x180/0x220
[  374.561897][    C0]  netlink_broadcast+0x75/0x10f0
[  374.566845][    C0]  nlmsg_notify+0xe7/0x1a0
[  374.571271][    C0]  fib_table_insert+0xd5d/0x1b50
[  374.576222][    C0]  fib_magic+0x2c1/0x390
[  374.580471][    C0]  fib_add_ifaddr+0x140/0x5e0
[  374.585152][    C0]  fib_inetaddr_event+0x13c/0x1c0
[  374.590185][    C0] page last free stack trace:
[  374.594863][    C0]  free_unref_page_prepare+0x8b4/0x9a0
[  374.600358][    C0]  free_unref_page+0x2e/0x3f0
[  374.605086][    C0]  __stack_depot_save+0x435/0x460
[  374.610142][    C0]  kasan_set_track+0x60/0x70
[  374.614754][    C0]  __kasan_slab_alloc+0x6b/0x80
[  374.619628][    C0]  slab_post_alloc_hook+0x4b/0x480
[  374.624761][    C0]  kmem_cache_alloc+0x123/0x2f0
[  374.629618][    C0]  debug_objects_fill_pool+0x438/0x650
[  374.635091][    C0]  __debug_object_init+0x29/0x420
[  374.640125][    C0]  wg_peer_create+0x306/0x840
[  374.644806][    C0]  wg_set_device+0x100b/0x1ee0
[  374.649589][    C0]  genl_family_rcv_msg_doit+0x22e/0x320
[  374.655149][    C0]  genl_rcv_msg+0x5f2/0x780
[  374.659674][    C0]  netlink_rcv_skb+0x1de/0x420
[  374.664449][    C0]  genl_rcv+0x24/0x40
[  374.668448][    C0]  netlink_unicast+0x74c/0x8c0
[  374.673227][    C0] 
[  374.675556][    C0] Memory state around the buggy address:
[  374.681194][    C0]  ffff88805610f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  374.689271][    C0]  ffff88805610f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  374.697348][    C0] >ffff88805610f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.705432][    C0]                                   ^
[  374.710802][    C0]  ffff88805610f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.718867][    C0]  ffff88805610f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.726940][    C0] ==================================================================
[  374.735116][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  374.742625][    C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.1.142-syzkaller #0
[  374.750639][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  374.760730][    C0] Call Trace:
[  374.764028][    C0]  <TASK>
[  374.766983][    C0]  dump_stack_lvl+0x168/0x22e
[  374.769663][ T4277] EXT4-fs (loop4): unmounting filesystem.
[  374.777409][    C0]  ? memcpy+0x3c/0x60
[  374.781398][    C0]  ? show_regs_print_info+0x12/0x12
[  374.786614][    C0]  ? load_image+0x3b0/0x3b0
[  374.791142][    C0]  panic+0x2c9/0x710
[  374.795047][    C0]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  374.801913][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  374.806432][    C0]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  374.812349][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  374.818271][    C0]  ? _raw_spin_unlock+0x40/0x40
[  374.823133][    C0]  check_panic_on_warn+0x80/0xa0
[  374.828086][    C0]  ? rose_timer_expiry+0x470/0x490
[  374.833222][    C0]  end_report+0x66/0x110
[  374.837477][    C0]  kasan_report+0x118/0x140
[  374.842023][    C0]  ? rose_timer_expiry+0x470/0x490
[  374.847146][    C0]  rose_timer_expiry+0x470/0x490
[  374.852092][    C0]  call_timer_fn+0x1a0/0x670
[  374.856683][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  374.861712][    C0]  ? call_timer_fn+0xc1/0x670
[  374.866390][    C0]  ? __run_timers+0x7c0/0x7c0
[  374.871075][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  374.876305][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  374.881523][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  374.886557][    C0]  __run_timers+0x525/0x7c0
[  374.891111][    C0]  ? detach_timer+0x350/0x350
[  374.895790][    C0]  ? lock_chain_count+0x20/0x20
[  374.900653][    C0]  run_timer_softirq+0x63/0xf0
[  374.905426][    C0]  handle_softirqs+0x2a1/0x920
[  374.910203][    C0]  ? run_ksoftirqd+0x98/0xf0
[  374.914797][    C0]  ? do_softirq+0x200/0x200
[  374.919312][    C0]  run_ksoftirqd+0x98/0xf0
[  374.923729][    C0]  ? ksoftirqd_should_run+0x20/0x20
[  374.928927][    C0]  ? preempt_schedule_thunk+0x16/0x18
[  374.934409][    C0]  ? takeover_tasklets+0x800/0x800
[  374.939524][    C0]  ? ksoftirqd_should_run+0x20/0x20
[  374.944725][    C0]  smpboot_thread_fn+0x64a/0xa40
[  374.949668][    C0]  ? smpboot_thread_fn+0x4c/0xa40
[  374.954698][    C0]  kthread+0x29d/0x330
[  374.958771][    C0]  ? cpu_report_death+0x230/0x230
[  374.963812][    C0]  ? kthread_blkcg+0xd0/0xd0
[  374.968409][    C0]  ret_from_fork+0x1f/0x30
[  374.972840][    C0]  </TASK>
[  374.976153][    C0] Kernel Offset: disabled
[  374.980477][    C0] Rebooting in 86400 seconds..