last executing test programs:

15m25.630854804s ago: executing program 1 (id=428):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2d, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180))

15m25.30311092s ago: executing program 1 (id=430):
dup(0xffffffffffffffff)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x6900e0bffa064139)
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x40102)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x40e)
mknod(0x0, 0x400, 0xffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f00000009c0)={0xf, {"a2e3ad214fc752f90b5e09094bf70e0dd038e7ff7fc6e5539b1b48078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d07420736cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e2c5070000179c6f30e065cd5b91cd0ae17d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3bb469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918070000003f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860421c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2f09000000000000007747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847354b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042ffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9d1a3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdfa1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442748af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000001c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500", 0x1009}}, 0x1006)

15m23.316234279s ago: executing program 1 (id=436):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000540)={0x7, @pix={0x40, 0x2800000, 0x35315258, 0x8, 0x74a0, 0xfffffff7, 0x2, 0x3, 0x1, 0x7, 0x1, 0x7}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000640)='afs_make_fs_call1\x00', r3, 0x0, 0x8}, 0x18)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_emit_vhci(0x0, 0x3)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x24, 0x0)
socket(0x2c, 0x2, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c1"], 0x0}, 0x94)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)

15m22.240457675s ago: executing program 1 (id=446):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
rt_sigprocmask(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000000)={0xfffffc64, 0x0})

15m20.912749622s ago: executing program 1 (id=450):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0x4008094)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000100)={@my=0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r10, 0x7b1, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x8})

15m19.278183953s ago: executing program 1 (id=455):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x9a)
write$cgroup_subtree(r2, 0x0, 0xfe33)

15m18.983684106s ago: executing program 32 (id=455):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x9a)
write$cgroup_subtree(r2, 0x0, 0xfe33)

5m14.415715963s ago: executing program 0 (id=1862):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$ndb(&(0x7f0000000340), 0x0, 0xc8040)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
sendmsg$can_raw(r4, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x210}}, 0x0)
ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000380))

5m11.395491557s ago: executing program 0 (id=1869):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000003c0)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00', <r2=>0x0})
sendmsg$can_raw(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x210}}, 0x0)
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000380))
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0xc14)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000003c40)='./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc1b, &(0x7f0000003d40)="$eJzs3V1oXOl5B/DnnSOtRtp8aLOJN2mz6UBKYpTa+Cu2gkuQs4ragOMNkRW6V9How86w8oyR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0blTPzjjSyZXuy/pC8/v2W2f/MmeeM3o/xmSPQOycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIjPff7CiZPpoFsBADxKl6a/fOK0z38AeKJc9vs/AAAAAAAAAAAAAAAcdimKOBIpRl7fSrPtxx3Vi43mjZszk1P77zacIkUlinZ9eauePHX6zKfPnhvv5t33f9A+Ei9OX75Qe6F17fry4srK4kJtptmYby0s9v0K97v/rcbaA1C79vKNhStXVmqnjp/e8/TN0TeHnj4yev7csbPj3dqZyamp6Z6agcF3/NNvc6cVHk9FEfVI8fboW6keEZW4/7G4x3vnYRtud2Ks3YmZyal2R5Ya9eZq+WSq5KpKRK1np4nuGD2CubgvExFrZfPLBo+V3Zu+Xl+uzy0t1r5UX15trDZazVTptLbsTy0qMZ4i1iNic+j2lxuMIj4WKV49sZXmIqLojsOn2guD792eykPoYx/KdtYGI9Yrj8GcHWJDUcSlSPHzN47GfDlm+RafiPhima9HvFbmZyNS+cY4E/Gzfd5HPJ4Gooh/ixSttJUW2seD7nHl4ldqX2heafXUdo8rj/3nw6N0yI9N1Shirn3E30rv/GQHAAAAAAAAAAAAAAAAgAdtOIr4TqT44+d/t72uONrr0t9/fvw9L/1W75rx5+7xOmXt8YhYq/S3JncwLx1OlfK/h9Ax+lKNIr6Z1//94UE3BgAAAAAAAAAAAAAAAAAA4IlWxEuR4qvHjqb16L2meKN5tXa5PrfUuSps99q/3Wumb29vb9dSJydyzuZcy7mecyPnZs6o5P1zTuSczbmWcz3nRs7NnFHk/XNO5JzNuZZzPedGzs2cMZD3zzmRczbnWs71nBs5N3PGIbl2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAu0klivhFpPj217dSpIiYiJiNTm4MHXTrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSNRVxPFJsvFRtP16vRFyOiF9sb293bxGxVeb9Oui+AgAAAAAAAAAAAAAAAAAAwKGVivh4pHj2f7dSLSJujr459PSR0fPnjp0dL6KIVJb01r84fflC7YXWtevLiysriwu1mWZjvrWw2O+Pq15sNG/cnJmceiiduafhh9z+4eoLreuvLDeufm113+dHqhfmVlaX6/P7Px3DUYmY7d0y1m7wzORUu9FLjXqzvWuq3KGBlYiJfjsDAAAAAAAAAAAAAAAAAADAoTGSivh8pPjpf55J3XXjA501/+/tPCp2al/7/d3vAli6Jbt6vz+gn/up34aOtRfe12Ymp6amezYPDN5eWrYppSKeixSffPXD7fXwKUb2XRtf1r2vrLt2JteN/mpZt7anqjo2MzlVu9RqHruwtNSar6/W55YWa9PX6/N9f3EAAAAAAAAAAAAAAAAAAAAA3MVIKuLHkeK//+7fU/e683n9/0DnUc/6/99sL6Fvq6a9uaO9tv997bX9nfvvPz8+8rHn77T9Yaz/L9uUUhHfihSnf/zh9vX0u+v/Z2+pLev+NFK89fxHc13lqbKu3u1O5xWvNJYWT5S1fxUpfu3tbm20a6/m2md3a0+WtcOR4i+29tZ+Ldd+cLf2VFl7NFJ8/7/2r/3Qbu3psvankeIf/7bWrR0pa38v1x7ZrT0+31pauNewlvP/3UjxN5d+O3X7fMf57/n+h7Vbcsdtc373+w9q/kd7tq3lef2TPP/1e8z/2Ujx3epHc11n7Ofy88+0/787/5+MFP/xr3trr+TaD+zWnuy3WwetnP/vRIrv/eVPdvqc5z+P7O4M9c7/rwzszZ13yQHN/zM920Zzu+Z/ybF4Eq288o2X60tLi8vuPGl3qg/4Bd8bEYehX+48kDsHfWTiUSg///8sUvzfkSJ1z2Py5/97Oo92z//+55u7n//nb8kdB/T5/4GebefzWcvgQER19dr1weciqiuvfONY41r96uLVxeapkyc+85mzJ0+cPDv4VPfkbvde32P3blDO/w8jxY/+/kc7v8fsPf/b//x/5JbccUDz/2xvn/ac1/Q9FE+kcv7/OlI887mf7Py+ebfz/+7v/0c/vjd3/v0d0Px/sGfbaG5X45ccCwAAAAAAAAAAgMfJSCrizyPF7/zRb6TuGqJ+/v5v4ZbccUB//3WkZ9vCI1rX0PcgAwAcIuX534cixT9t/2BnLffe87/49W5t7/nfnRyG6/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjLkURfxApRl7fShtD5eOO6sVG88bNmcmp/XcbTpGiEkW7vrxVT546febTZ8+Nd/Pu+z9oH4kXpy9fqL3QunZ9eXFlZXGhNtNszLcWFvt+hfvd/1Zj7QGoXXv5xsKVKyu1U8dP73n65uibQ08fGT1/7tjZ8W7tzOTU1HRPzcDgO/7pt0l32P5UFPGDSPH26Fvpe0MRlbj/sbjHe+dhG253YqzdiZnJqXZHlhr15mr5ZKrkqkpErWenie4YPYK5uC8TEWtl88sGj5Xdm75eX67PLS3WvlRfXm2sNlrNVOm0tuxPLSoxniLWI2Jz6PaXG4wivhUpXj2xlf55KKLojsOnLk1/+cTpe7en8hD62IeynbXBiPXKYzBnh9hQFPEPkeLnbxyN7w9FDETnFp+I+GKZr0e8VuZnI1L5xjgT8bN93kc8ngaiiDORopW20htD5fGge1y5+JXaF5pXWj213ePKY//58Cgd8mNTNYr4YfuIv5X+xb9rAAAAAAAAAAAAAAAAgEOkiPVI8dVjR1N3SVpnTXGjebV2uT631FnW1137110zvb29vV1LnZzIOZtzLed6zo2cmzmjkvfPOZFzNudazvWcGzk3c0aR9885kXM251rO9ZwbOTdzxkDeP+dEztmcaznXc27k3MwZh2TtHgAAAAAAAAAAAAAAAAAA8O5SiaJ9Ffdvf30rbQ91ri89G53ccD3Qd73/DwAA//8/u3FK")
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r4, r4, 0x0, 0x800000009)
setresgid(0x0, 0xee01, 0xffffffffffffffff)

5m10.840497302s ago: executing program 0 (id=1872):
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, 0x0, 0x20008045)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
io_submit(0x0, 0x1, &(0x7f0000000a00)=[0x0])
syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0xf11, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x104}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1b, 0x1d}}]}}}, @IFLA_LINK={0x8, 0x5, r0}, @IFLA_MASTER={0x8, 0xa, r0}]}, 0x50}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

5m7.629798161s ago: executing program 0 (id=1879):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x406, r0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'ni_at_a2150\x00', [0x4f27, 0x3, 0x10000, 0x2f, 0x66, 0xcc7, 0xe, 0x0, 0xa, 0x100, 0x9, 0x1, 0x1db, 0x5, 0x0, 0x80000101, 0x5, 0x1a449, 0x3, 0x40020003, 0x208d, 0x2, 0xd27, 0xae, 0x7fff, 0x8, 0x3c, 0x1, 0x6, 0x0, 0x1000000]})

5m6.15264722s ago: executing program 0 (id=1885):
fremovexattr(0xffffffffffffffff, &(0x7f0000001200)=ANY=[])
socket(0x80000000000000a, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000580)=@ringbuf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1, 0x401, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f00000000c0)={0x8, 0x2})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000200), 0x3})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x12, 0x4, 0x8, 0xb}, 0x50)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x3)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x7c}}, 0x0)

5m5.03642888s ago: executing program 0 (id=1889):
gettid()
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file0\x00', 0x8, &(0x7f00000000c0)=ANY=[@ANYRES8=0x0, @ANYRESDEC=0x0], 0x1, 0x1c8, &(0x7f0000000600)="$eJzslT/P0lAUxp97iy0YP4GLgyTiYGmLGhcSWJwcTPxDHEwkUghaxEAHITHGT+Du5uDHMNHVD2HQxOiCizrX3D+0VwIovPB2eM8v4fC0997Tc89NnguCIE4sXz7/niW/6t+KAM6gDEe//25lc7gx/1Pxx/MPN663Xt1/+9GZuaVVOZPk/79fAPC+aSFO1/69uqz/b4On+g44LmrdAoOr9QNw3NU6BMM9rR8Zeijmu263H4Xuw2HUEcITwRchEKG2XN/8JUPHqI8Z4+PJ9HE7isLRAcW/+jdvctSN+szzcqGq9Yz++eDwta6B4ZbW1+AseqNaYuz/bCHLb23cv40jbvsrgOxN95CdtcWndloOsGM5+wMLC1IsTjT3evYuUNhbwsQB8t7OGvGuoc4vLfWFet4uT2PNkL1lHt351J+SNwwXDH9SVvJaXjXVePC0Op5ML/UH7V7YC58EQe2qd9nzrgRVaUQqbvC/kvSn01n+lXeSwGY2nrXjeOSrmD4HKq5yXC79j6NyHqfEs3BTeynvT0Mz/ePyX6iKtbZ4giCIHDkHJj1Z+vJC6NskHUiS4GbOdRIEQRAEQRAEQRAEsTt/AgAA//80fl+r")
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$kcm(0x2, 0x1, 0x84)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000280)='./file2\x00', 0x3200c00, &(0x7f0000000340)=ANY=[], 0x2, 0xa8a, &(0x7f0000000640)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWgTftry091ms4SfCJqquRA1FbdKFZcoTUtEGhCpBK0qkeTUG62qcIUiTkWiAoTUXlDUE5dKNBKXngoHDkRBqsQBShNX633PO35rd+zdzdpef5/09vnNG/u9mZ0Zj2fmvReAsVVt/l1YmKmEcOXNV47/695/Ti9Oeag1R735d7KQqoUQKjE9mX3eexNL8c33XzjdKa6E+ebflA6P3Wi9d3sI4WI4EK6Geth75drLb88/evLSicsH33nt6PXbs/QAADBevnv16MKev/91364PXr/7WNjSmp7Oz+sxvSOe9x+LJ/7p/L8a2tOVQiiayuabjKGazTfRYb5iObVsvsku5U9ln1tr5e9rm29LSfkThWmdlhtGWdqO66FSnW1LV6uzs0u/yUPzd/1UZfb82XNPXRhQRYF19597QggHhH5Do9H4WXMFDkFdBGG1obFz0EcggCX5/cIVLuZXFtam9WmTvZV/4+Fq5/fDOtjo7V/5o1X+by454rB+NuvWlJYr7Uc7Yjq/j5A/v9Tv/p8+L78fUeuxnt3uI4zK/YVu9ZzY4HqsVrf659vFZvWtGKf18O0sv7j/5P/TUfkfA539d6Ou/786PfBrnYvhwBDUYVOH2hDUQeg5NAZ9AAKG1vJzc0saUcrPn+vL87eU5G8tyZ8uyd9Wkr+9JB/G2R+f/Xl4qbL8Oz//Td/v9bB0ne2OGH+iz/rk1yP7LT9/7rdfay0/f54Yhtkbpx4/8/Unn7i29Px/pbX934rb+4GYrsd962qcIV0vzK+rt579r7eXU+0y351Zfe5YMX9jqcTd7fNVdi9/TigcZ1bUY6b9fTu7zbe/fb56Nt90DFuz+ubnJ9uy96Xzj3RcTetrMlveWrYcU1k90nFlV4zzesBqpO2x2/P/afucCbXKU2fPnXkwptN2+peJ2pbF6YeKH/rbjak7sDa9tv+ZCe3tf3a0pteqxePCzuXpleJxoZ5Nn19Ktm6Tp+mHYzp9z31/Yro5ffb0D889ud4LD2PuwnPP/+DUuXNnfuxFejE9EqslHTmHpT69vPiwMRTV8KKXF2VHjs365CCMj7lnn/nR3IXnnn/g7DOnnj7z9Jnzh48cOTw/f+Qbhxfmmuf1c8Wze2AzWf7SH3RNAAAAAAAAAAAAgF795MTxa39762vvLrX/X27/l9r/pyd/U/v/F7P2/3k7+dQqILUD3NUhvznu3hvt9ZjK5qvF8MmsvruzcvZk7/tUjFvj+MX2/6m9fd6va6rPXdn0vP/eNF/WncCK/lKmsj5IWuMFxgb7n43pyzH+dYABqkx3nhzjj+3f+ncvtuZP/VPol2I0pf9b2hpSPyap/Xe3fp3S8X/XBtSR9bcRzQkHvYxAZ/8e+vE/C2fiA6/Lx4ZGY/B1WHsY/vUsrGNoNIziAQyHQY//ma57pvj8n7+zdTGk2W483H68zPsvhbUY9vEnlb+5xv9sjX/X0/GvQ+/qbf089z66wv9+ef3dQrFhb6/H33z5Uz/Qu8vLLPoglp+W/77QW/mNV7Py8xtCPfp/Vv62Hstfsfz7V1f+h7H8tNru/1yv5S/VuFJtr0d+3Tjd/8uvGyc3s+VPfXv2vfyrHKjxViwfxln3cWZ7HcF2OHUa/3dyCMf/7SZ/DuOrMZ0OhOk5h/wbud/6p+cr0vfAnuzzKyXfb6MyTnE34z7+7zdjXLY/pPF/0/ZY75CuFtK1Dut21LcV2GzeG/r7fyMWLg5BHYQhDcMxBnYxNBqNgXbkrRfxwRr0+h/03edBlz/o9V8mH/83P4fPx/+tZj8g8vF/8/fn4//m+fn4enl+Pv5vvj7z8X/z/Luyz82vYM+U5H+6JH9vSf6+5fzpTvn7S97/mZL8gyX5d5fk31OSf2dJ/kRJ/udL8r9Qkn9vSf79JflfLMnf7JrtUQo71bgtP4yzvH2e/R/GR7r/023/312SD4yuX7x+6JEn/vC9+lL7/6nW77V0H+9YTNfib+efxnR+3zsU0ot5b8X0P7L8Yb/eAeMk7z8j/36/ryQfGF3pOS/7N4yhSucee/L7bd36rep2ns9o+VKMvxzjr8T4gRjPxnguxodiPL9B9eP2eOT3fzr6UmX59/7OLL/X58nz9kB5P1GHe6xPfn2g3+fZ8378+rXW8lfZHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBgqs2/CwszlRCuvPnK8cdPnp1bnPJQa4568+9kIVVrvS+EB2M8EeNfxRc333/hdDG+FeNKmA+VUGlND4/daJW0PYRwMRwIV0M97L1y7eW35x89eenE5YPvvHb0+u1bAwAAALD5fRQAAP//ZcAZ4Q==")
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x8, 0x0, 0x0)

4m49.065795809s ago: executing program 33 (id=1889):
gettid()
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file0\x00', 0x8, &(0x7f00000000c0)=ANY=[@ANYRES8=0x0, @ANYRESDEC=0x0], 0x1, 0x1c8, &(0x7f0000000600)="$eJzslT/P0lAUxp97iy0YP4GLgyTiYGmLGhcSWJwcTPxDHEwkUghaxEAHITHGT+Du5uDHMNHVD2HQxOiCizrX3D+0VwIovPB2eM8v4fC0997Tc89NnguCIE4sXz7/niW/6t+KAM6gDEe//25lc7gx/1Pxx/MPN663Xt1/+9GZuaVVOZPk/79fAPC+aSFO1/69uqz/b4On+g44LmrdAoOr9QNw3NU6BMM9rR8Zeijmu263H4Xuw2HUEcITwRchEKG2XN/8JUPHqI8Z4+PJ9HE7isLRAcW/+jdvctSN+szzcqGq9Yz++eDwta6B4ZbW1+AseqNaYuz/bCHLb23cv40jbvsrgOxN95CdtcWndloOsGM5+wMLC1IsTjT3evYuUNhbwsQB8t7OGvGuoc4vLfWFet4uT2PNkL1lHt351J+SNwwXDH9SVvJaXjXVePC0Op5ML/UH7V7YC58EQe2qd9nzrgRVaUQqbvC/kvSn01n+lXeSwGY2nrXjeOSrmD4HKq5yXC79j6NyHqfEs3BTeynvT0Mz/ePyX6iKtbZ4giCIHDkHJj1Z+vJC6NskHUiS4GbOdRIEQRAEQRAEQRAEsTt/AgAA//80fl+r")
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$kcm(0x2, 0x1, 0x84)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000280)='./file2\x00', 0x3200c00, &(0x7f0000000340)=ANY=[], 0x2, 0xa8a, &(0x7f0000000640)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWgTftry091ms4SfCJqquRA1FbdKFZcoTUtEGhCpBK0qkeTUG62qcIUiTkWiAoTUXlDUE5dKNBKXngoHDkRBqsQBShNX633PO35rd+zdzdpef5/09vnNG/u9mZ0Zj2fmvReAsVVt/l1YmKmEcOXNV47/695/Ti9Oeag1R735d7KQqoUQKjE9mX3eexNL8c33XzjdKa6E+ebflA6P3Wi9d3sI4WI4EK6Geth75drLb88/evLSicsH33nt6PXbs/QAADBevnv16MKev/91364PXr/7WNjSmp7Oz+sxvSOe9x+LJ/7p/L8a2tOVQiiayuabjKGazTfRYb5iObVsvsku5U9ln1tr5e9rm29LSfkThWmdlhtGWdqO66FSnW1LV6uzs0u/yUPzd/1UZfb82XNPXRhQRYF19597QggHhH5Do9H4WXMFDkFdBGG1obFz0EcggCX5/cIVLuZXFtam9WmTvZV/4+Fq5/fDOtjo7V/5o1X+by454rB+NuvWlJYr7Uc7Yjq/j5A/v9Tv/p8+L78fUeuxnt3uI4zK/YVu9ZzY4HqsVrf659vFZvWtGKf18O0sv7j/5P/TUfkfA539d6Ou/786PfBrnYvhwBDUYVOH2hDUQeg5NAZ9AAKG1vJzc0saUcrPn+vL87eU5G8tyZ8uyd9Wkr+9JB/G2R+f/Xl4qbL8Oz//Td/v9bB0ne2OGH+iz/rk1yP7LT9/7rdfay0/f54Yhtkbpx4/8/Unn7i29Px/pbX934rb+4GYrsd962qcIV0vzK+rt579r7eXU+0y351Zfe5YMX9jqcTd7fNVdi9/TigcZ1bUY6b9fTu7zbe/fb56Nt90DFuz+ubnJ9uy96Xzj3RcTetrMlveWrYcU1k90nFlV4zzesBqpO2x2/P/afucCbXKU2fPnXkwptN2+peJ2pbF6YeKH/rbjak7sDa9tv+ZCe3tf3a0pteqxePCzuXpleJxoZ5Nn19Ktm6Tp+mHYzp9z31/Yro5ffb0D889ud4LD2PuwnPP/+DUuXNnfuxFejE9EqslHTmHpT69vPiwMRTV8KKXF2VHjs365CCMj7lnn/nR3IXnnn/g7DOnnj7z9Jnzh48cOTw/f+Qbhxfmmuf1c8Wze2AzWf7SH3RNAAAAAAAAAAAAgF795MTxa39762vvLrX/X27/l9r/pyd/U/v/F7P2/3k7+dQqILUD3NUhvznu3hvt9ZjK5qvF8MmsvruzcvZk7/tUjFvj+MX2/6m9fd6va6rPXdn0vP/eNF/WncCK/lKmsj5IWuMFxgb7n43pyzH+dYABqkx3nhzjj+3f+ncvtuZP/VPol2I0pf9b2hpSPyap/Xe3fp3S8X/XBtSR9bcRzQkHvYxAZ/8e+vE/C2fiA6/Lx4ZGY/B1WHsY/vUsrGNoNIziAQyHQY//ma57pvj8n7+zdTGk2W483H68zPsvhbUY9vEnlb+5xv9sjX/X0/GvQ+/qbf089z66wv9+ef3dQrFhb6/H33z5Uz/Qu8vLLPoglp+W/77QW/mNV7Py8xtCPfp/Vv62Hstfsfz7V1f+h7H8tNru/1yv5S/VuFJtr0d+3Tjd/8uvGyc3s+VPfXv2vfyrHKjxViwfxln3cWZ7HcF2OHUa/3dyCMf/7SZ/DuOrMZ0OhOk5h/wbud/6p+cr0vfAnuzzKyXfb6MyTnE34z7+7zdjXLY/pPF/0/ZY75CuFtK1Dut21LcV2GzeG/r7fyMWLg5BHYQhDcMxBnYxNBqNgXbkrRfxwRr0+h/03edBlz/o9V8mH/83P4fPx/+tZj8g8vF/8/fn4//m+fn4enl+Pv5vvj7z8X/z/Luyz82vYM+U5H+6JH9vSf6+5fzpTvn7S97/mZL8gyX5d5fk31OSf2dJ/kRJ/udL8r9Qkn9vSf79JflfLMnf7JrtUQo71bgtP4yzvH2e/R/GR7r/023/312SD4yuX7x+6JEn/vC9+lL7/6nW77V0H+9YTNfib+efxnR+3zsU0ot5b8X0P7L8Yb/eAeMk7z8j/36/ryQfGF3pOS/7N4yhSucee/L7bd36rep2ns9o+VKMvxzjr8T4gRjPxnguxodiPL9B9eP2eOT3fzr6UmX59/7OLL/X58nz9kB5P1GHe6xPfn2g3+fZ8378+rXW8lfZHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBgqs2/CwszlRCuvPnK8cdPnp1bnPJQa4568+9kIVVrvS+EB2M8EeNfxRc333/hdDG+FeNKmA+VUGlND4/daJW0PYRwMRwIV0M97L1y7eW35x89eenE5YPvvHb0+u1bAwAAALD5fRQAAP//ZcAZ4Q==")
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x8, 0x0, 0x0)

46.665685045s ago: executing program 5 (id=2380):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
semop(0x0, &(0x7f0000000080), 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, 0x0, 0x0)
sendto$inet6(r2, &(0x7f00000003c0)="d963c9f4e85e727c5964e3143f0f99d23f309eef0a1296e6c7c3704cf6deb8acb341b47e1a60a4a00d725fff3e721fdddd4879fe34dfb940c7e0849e8f3915e8ae01004b9e756c98388bb387ed9f4aa6186f04f561ff629425615736d8b42877970000c03cf51f85a9fbf99e695e98733b538a9dbde6ffa337c9b26bdc72695f05003ec9de5f807dc76e91a7a3db133a8bb5ae4a3c44819aaf56496fbad213f21b1a0a32e2ac17d5069fde917155cb8b1208cd8e08a7c0f480000000", 0x11c259e35b9f2599, 0x0, 0x0, 0x3000137)
semctl$SETVAL(0x0, 0x1, 0x10, &(0x7f0000000180)=0xfffffffa)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)

42.288957568s ago: executing program 5 (id=2389):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = signalfd(r0, &(0x7f00000000c0)={[0xe]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x0, 0x3a, 0x0, 0x1}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c80)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000400010db3c6e2300"/27], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r5, 0x0)
read$FUSE(r6, 0x0, 0x38)
dup2(r6, r5)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8)
r7 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, 0x0, 0x40100c5)
sendmsg$nl_crypto(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl(r0, 0x8b2c, &(0x7f0000000040))
open(&(0x7f0000000480)='./file0\x00', 0x2000, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r8, &(0x7f00000015c0)=[{0x0}], 0x1)

41.174336278s ago: executing program 5 (id=2394):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r0 = socket$xdp(0x2c, 0x3, 0x0)
socket$inet6(0xa, 0x1, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x1000)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
fspick(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x1)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, &(0x7f0000000200), 0x4001)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x4000, 0x1000, 0xff, 0x1aa98a3d0e10db04}, 0x20)

39.77347559s ago: executing program 5 (id=2396):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x24004885}, 0x24000800)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0)

39.742618273s ago: executing program 5 (id=2397):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet(0x2, 0x2, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$sndseq(r4, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x100, {}, {}, @quote={{0xfb, 0x1}}}, {0x0, 0xfe, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38)
getpid()
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r5, &(0x7f0000000340)="18000000", 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

38.805644279s ago: executing program 5 (id=2399):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
semop(0x0, &(0x7f0000000080), 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "982e8c12e5407a28", "030f97945be2be0d7639c15eed73d9e3eef85fc33df3a0bb9bdbe7225ca64454", "5ee3e0f8", "e3acd909a6fc2ea6"}, 0x38)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
semctl$SETVAL(0x0, 0x1, 0x10, &(0x7f0000000180)=0xfffffffa)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)

23.583888597s ago: executing program 34 (id=2399):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
semop(0x0, &(0x7f0000000080), 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "982e8c12e5407a28", "030f97945be2be0d7639c15eed73d9e3eef85fc33df3a0bb9bdbe7225ca64454", "5ee3e0f8", "e3acd909a6fc2ea6"}, 0x38)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
semctl$SETVAL(0x0, 0x1, 0x10, &(0x7f0000000180)=0xfffffffa)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)

14.24777981s ago: executing program 3 (id=2440):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x8c57, &(0x7f0000000340)=ANY=[@ANYBLOB="666c7573682c756e695f786c6174653d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c646f733178666c6f7070792c636865636b3d72656c617865642c73686f72746e616d653d77696e6e742c726f6469722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c6e6f6e756d7461696c3d302c757365667265652c757466383d312c00b3c6df3745b1b2f7ea92d20d3f3ffa31ec18e46c7acb9a9107d3ce985f76b3a3dc9d46f6169759de80d2f3cf06d8371513b924dffc1f6593f8aebd687934be114c6763c847faf7c4d3fae3941cabc5ab2e9e5b3d2c39a940e89c46b2a11ff48439b8c9df29ab8fa870da2aea26caf8c72d4e9b093cf5f95b64d5864755b8be6e0fcb0e3d58e260b9ba7f96d7f8d7a853964b0aba61dc573dfb949cc8e577059a6abd2708ab31a9c71522fca70047fcc10e67fe50d6af857dee630aaa3c192f7a1a8f33"], 0xf5, 0x2e6, &(0x7f0000000540)="$eJzs3ctrE18UwPGTV5O0v/6ShYiIwqWCKNKhCbhz0SItiAGlbQQrCFM71ZBpUjKhEBGbheDWtYsuXIoggjs3Im678S/wteumOwsWR6Yzk6bJGNNqX/b7WTSnOffMvZm56eO2uVm59GSuOGtp321XdFjqshaStIQlIq66nH+/9On0xLv/3M+VGhuZzGSVCovIrQcvBt5W+268/v9NXJbTt1dWs1+XT02K/Ji8V7BUwVIl21a6mi6XqyGneKZgFTWlrpuGbhmqULKMStXL69OmoWbN8vx8Temlmf7e+YphWUov1VTRqKlqWVUrNaXf1QslpWma6u8ViEi6EYXbcqFOhfnna7Ytq86Fj9fFtu2A1nU/iHm38T8bLA6SluvfsW3b5Ijs5siwF9bsaNfXH/8e9/n/+SnX/2iauDl1dSSXGx1XKiEy93ghv5B3b938xz4piCmGLI1fmFoXsRsk5Hwcu5IbHVIb0nJ2btGrX1zIu98cRma9+oyknJ9TmurFr8+49WprfUx6m+uzkpJjwfVZv17CTfU9cu5MU70mKflwR8piyow4tZv1DzNKXb6Wa+k/udEOAAAAAAAAAIDDSFMNm+v3oc0/9WpafOM/Phr5pHOv087NN9bXhyQl68Hr80OB6/tRORndv8cNAAAAAMBRYtXuF3XTNCq7E0SeJTt0ERMRJxB5NOAMpuMBj3sj7q73HhFpT0U6d7ElSF50+3s57g1MdvNE/aXAf7FGUTdf+amkBDUOb2sCDPYEnvnEnj5A6aaxJHY2seNdT63WILTu33MisI0d+v1xbN2Mba/34W09HX4ZJFpP1OAX97hmhy8a3xpLfAAAAAAOkaZfnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD7Z0eZh/r79W1PivUV8+5Zsre8Tz77/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6gnwEAAP//JZK+GA==")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x38, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ptrace$ARCH_GET_FS(0x1e, 0x0, &(0x7f0000000240), 0x1003)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

12.947258985s ago: executing program 3 (id=2443):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet(0x2, 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x100, {}, {}, @quote={{0xfb, 0x1}}}, {0x0, 0xfe, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38)
getpid()
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r6, &(0x7f0000000340)="18000000", 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

11.555200407s ago: executing program 3 (id=2445):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f00000009c0)={0xf, {"a2e3ad214fc752f90b5e09094bf70e0dd038e7ff7fc6e5539b1b48078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d07420736cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e2c5070000179c6f30e065cd5b91cd0ae17d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3bb469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918070000003f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860421c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2f09000000000000007747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847354b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042ffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9d1a3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdfa1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442748af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000001c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500", 0x1009}}, 0x1006)

11.52598198s ago: executing program 4 (id=2446):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0x4008094)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000100)={@my=0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r10, 0x7b1, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x8})

9.601376425s ago: executing program 2 (id=2448):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
rt_sigprocmask(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000000)={0xfffffc64, 0x0})

9.574243167s ago: executing program 3 (id=2449):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet(0x2, 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x100, {}, {}, @quote={{0xfb, 0x1}}}, {0x0, 0xfe, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38)
getpid()
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r6, &(0x7f0000000340)="18000000", 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.350691915s ago: executing program 4 (id=2450):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000240)="409d9c33a1c36c897478387c8625c23acdbd4f8fd2b1e711c20904142bd2a76020ffc2c5cc198e9f4520fb8171c716", 0x2f, 0x841, &(0x7f00000001c0)={0xa, 0x2, 0x1, @loopback, 0x7ff}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0xfffa, @empty}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000140), &(0x7f0000000480)=0x4)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180100, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r6, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, &(0x7f0000000100)='barrier')

8.599256376s ago: executing program 2 (id=2451):
fremovexattr(0xffffffffffffffff, &(0x7f0000001200)=ANY=[])
socket(0x80000000000000a, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000580)=@ringbuf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1, 0x401, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f00000000c0)={0x8, 0x2})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r5=>0x0], &(0x7f0000000200), 0x3})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x12, 0x4, 0x8, 0xb}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@map=r6, 0xffffffffffffffff, 0x4, 0x0, 0x0, @void, @value=r3}, 0x20)
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000500)={0x200, 0x0, 0x0, &(0x7f0000000200), &(0x7f0000000580)=[r5], 0x0})
keyctl$set_reqkey_keyring(0xe, 0x3)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x7c}}, 0x0)

8.55357641s ago: executing program 3 (id=2452):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x60000, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dfe, 0xfffffffffffffffe)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r2=>0x0}, 0x0)
syz_open_procfs$namespace(r2, &(0x7f0000000280)='ns/ipc\x00')
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
syz_usb_connect$uac1(0x2, 0xa5, &(0x7f00000002c0)=ANY=[], 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="480200001a0007000000000000000000fc020000000000000000000000000000e0000002000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000000000000000000b40000000000000200000000000000000000007ffffffe0000000100000000e40c00000000000007000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a000200700000000000000014000e"], 0x248}, 0x1, 0x0, 0x0, 0x4}, 0x0)

7.566752489s ago: executing program 2 (id=2453):
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000280)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x10}, 0x20008045)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\x00\x00\x00\x00\x00\x00\x00\t8f\xf2\xde\xa0xk>\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000ac0)={0x0, {}, 0x0, {}, 0x201, 0x4, 0xfffffffd, 0x10, "28f5da69a14f0000200000000070aa3aaf6ec3bd5bba00005f17bf01d7ecdd91b59ca8d54100000000001b00", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0xa, 0x3]})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)

7.141566583s ago: executing program 6 (id=2454):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r3, 0x0, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1413, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000000000000000891d00000000007ab63d8cc89d26126eb5e6d4d3779590dd4fb9a2b49b8c13a36e1d833fd837bd51f08a51c747724ce9d923a449a102cf1feaf37097b019026b35b63bffdf5b89b185d365369ff04c918fa5689528e9ec29b3fa996e6ccd410126ce9d1153ac5340053602d08ecbc20b7eb8ba5f5ba22ae6296921f5c18c493749f45ed626f935577bb1259ebc363f5e1f5e971f0d1fda3766328ad1e9fc69d51d5875e223fa9faaa2b8de70"], 0x0, 0x26, 0x0, 0x1}, 0x28)
connect$inet6(r5, 0x0, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

6.101843997s ago: executing program 6 (id=2455):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000001a00)=""/4099, 0x1003}], 0x1}}], 0x1003, 0x10122, 0x0)

5.93414943s ago: executing program 6 (id=2456):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0x4008094)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r10, 0x7b1, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x8})

5.859165237s ago: executing program 4 (id=2457):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x10, 0x1413, 0x1, 0x70bd2d}, 0x10}, 0x1, 0x0, 0x0, 0x854}, 0x0)

4.983342427s ago: executing program 4 (id=2458):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r2, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000280)}], 0x2, 0x4000001, 0x0)
sendfile(r1, r2, 0x0, 0x8000fb00)

4.154994804s ago: executing program 6 (id=2459):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f00000007c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0x4008094)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000100)={@my=0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r10, 0x7b1, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x8})

4.008548126s ago: executing program 3 (id=2460):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x48)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x24004885}, 0x24000800)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r3, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}}, 0x28}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x4}]}, 0x24}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0xc48e, 0x4, 0x1, 0x0, r1}, 0x50)

2.385650857s ago: executing program 2 (id=2461):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = signalfd(r0, &(0x7f00000000c0)={[0xe]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x0, 0x3a, 0x0, 0x1}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c80)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000400010db3c6e2300"/27], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r3, 0x0)
read$FUSE(r4, 0x0, 0x38)
dup2(r4, r3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
ioctl(r0, 0x8b2c, &(0x7f0000000040))

2.179916673s ago: executing program 6 (id=2462):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r4}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
r5 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1})
io_uring_enter(r5, 0x47ba, 0x3000000, 0x0, 0x0, 0x0)

1.185468664s ago: executing program 4 (id=2463):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x406, r0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$packet(0x11, 0x7a6f938d2aadffed, 0x300)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)

1.037377116s ago: executing program 2 (id=2464):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[])
read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0x2020)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1)
r3 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
r4 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2c2c288c58efee92347fb77a92d8980066d2253d578d8ae4fb5d55b6b89bb023d4f8405e8271e048227c0a32b7515684a732b2dfa45dc118237a1973e486cfccf3ee0e987566857964f5e606196bc4077ff1a3cb98ff407908d06c385cf6e57a4d3d34e343f9d609673cb584b51f95b987cd3eb574f8cfd69bcf6847d2b9f310831a820a20e92da511d217c9e167d0b8c4cdc5fe71871cf027727c200e0dbda03df729e9336b29d7ec8f9ff96715df8e6c5a38dfcd4bfc1a1e851ef6f9ff150f7f57156202d594"])
close_range(r0, 0xffffffffffffffff, 0x0)

932.434194ms ago: executing program 2 (id=2465):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffbc, 0x10, 0x20}, [@ldst={0x7, 0xff05, 0x0, 0x0, 0xa}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x48)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x24004885}, 0x24000800)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}}, 0x28}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x4}]}, 0x24}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

695.897283ms ago: executing program 6 (id=2466):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
semop(0x0, &(0x7f0000000080)=[{0x1, 0xfff9, 0x1000}], 0x1)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "982e8c12e5407a28", "030f97945be2be0d7639c15eed73d9e3eef85fc33df3a0bb9bdbe7225ca64454", "5ee3e0f8", "e3acd909a6fc2ea6"}, 0x38)
sendto$inet6(r3, &(0x7f00000003c0)="d963c9f4e85e727c5964e3143f0f99d23f309eef0a1296e6c7c3704cf6deb8acb341b47e1a60a4a00d725fff3e721fdddd4879fe34dfb940c7e0849e8f3915e8ae01004b9e756c98388bb387ed9f4aa6186f04f561ff629425615736d8b42877970000c03cf51f85a9fbf99e695e98733b538a9dbde6ffa337c9b26bdc72695f05003ec9de5f807dc76e91a7a3db133a8bb5ae4a3c44819aaf56496fbad213f21b1a0a32e2ac17d5069fde917155cb8b1208cd8e08a7c0f480000000", 0x11c259e35b9f2599, 0x0, 0x0, 0x3000137)
semctl$SETVAL(0x0, 0x1, 0x10, &(0x7f0000000180)=0xfffffffa)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
close(r0)
socket$kcm(0x2b, 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)

0s ago: executing program 4 (id=2467):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
connect$unix(0xffffffffffffffff, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$sndseq(r3, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x100, {}, {}, @quote={{0xfb, 0x1}}}, {0x0, 0xfe, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38)

kernel console output (not intermixed with test programs):

0 to 2048
[  742.171055][T10581] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  742.171055][T10582] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  742.189519][   T26] audit: type=1800 audit(1754877122.902:37): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1673" name="file1" dev="loop0" ino=1415 res=0 errno=0
[  742.210808][   T22] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  742.260711][   T26] audit: type=1800 audit(1754877122.902:38): pid=10582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1676" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  742.385465][   T22] usb 3-1: device descriptor read/64, error -71
[  742.875521][   T22] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  743.709227][   T22] usb 3-1: device descriptor read/64, error -71
[  744.057130][T10607] loop4: detected capacity change from 0 to 2048
[  744.127317][T10607] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  744.158076][   T26] audit: type=1800 audit(1754877124.852:39): pid=10607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1679" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  744.216273][   T22] usb usb3-port1: attempt power cycle
[  744.635282][   T22] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  745.334762][T10614] Bluetooth: MGMT ver 1.22
[  745.356609][   T22] usb 3-1: device descriptor read/8, error -71
[  747.129814][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  747.136802][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  750.171785][T10657] loop5: detected capacity change from 0 to 2048
[  750.272437][T10657] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  750.289537][   T26] audit: type=1800 audit(1754877130.992:40): pid=10657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1693" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  752.630819][T10682] loop0: detected capacity change from 0 to 2048
[  753.067849][T10682] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  753.112283][   T26] audit: type=1800 audit(1754877133.812:41): pid=10681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1701" name="file1" dev="loop0" ino=1415 res=0 errno=0
[  756.251241][T10693] loop2: detected capacity change from 0 to 256
[  756.472618][ T4456] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  756.712653][T10702] loop5: detected capacity change from 0 to 2048
[  756.843485][T10702] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  757.076206][   T26] audit: type=1800 audit(1754877137.562:42): pid=10702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1706" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  757.531033][T10708] fuse: Bad value for 'fd'
[  757.680183][T10710] loop5: detected capacity change from 0 to 1024
[  757.699362][T10712] team0: No ports can be present during mode change
[  757.790852][T10712] netlink: 'syz.2.1712': attribute type 10 has an invalid length.
[  757.882024][T10712] 8021q: adding VLAN 0 to HW filter on device bond0
[  757.913287][T10689] loop0: detected capacity change from 0 to 32768
[  757.933358][T10712] team0: Port device bond0 added
[  757.951388][T10714] netlink: 1184 bytes leftover after parsing attributes in process `syz.2.1712'.
[  758.123948][T10689] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  758.145745][T10689] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  758.169156][T10689] BTRFS info (device loop0): setting nodatacow, compression disabled
[  758.205292][T10689] BTRFS error (device loop0): unrecognized mount option 'max_inline='
[  758.255045][T10689] BTRFS error (device loop0): open_ctree failed: -22
[  758.493863][ T4380] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by udevd (4380)
[  758.781535][T10726] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1715'.
[  759.374310][T10733] loop5: detected capacity change from 0 to 1024
[  760.145953][T10714] team0 (unregistering): Port device team_slave_0 removed
[  760.291965][T10714] team0 (unregistering): Port device team_slave_1 removed
[  760.463865][T10714] team0 (unregistering): Port device bond0 removed
[  760.826057][T10738] loop5: detected capacity change from 0 to 2048
[  760.850336][T10738] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  760.985404][   T26] audit: type=1800 audit(1754877141.582:43): pid=10738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1717" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  762.252703][T10751] loop2: detected capacity change from 0 to 128
[  762.377306][ T8219] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  762.501762][T10753] fuse: Invalid rootmode
[  762.801501][T10760] loop3: detected capacity change from 0 to 1024
[  763.584627][T10770] loop3: detected capacity change from 0 to 256
[  763.589432][ T4255] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  763.650916][ T4456] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  764.616478][ T4255] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  765.081566][ T4255] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  765.343314][ T4255] usb 6-1: config 0 interface 0 has no altsetting 0
[  765.350161][ T4255] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  765.397162][ T4255] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.584641][ T4255] usb 6-1: config 0 descriptor??
[  768.693747][ T4255] usb 6-1: can't set config #0, error -71
[  768.714988][ T4255] usb 6-1: USB disconnect, device number 4
[  768.830618][T10785] fuse: Invalid rootmode
[  769.100476][T10794] loop2: detected capacity change from 0 to 128
[  770.165342][T10792] sd 0:0:1:0: PR command failed: 1026
[  770.214392][T10792] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  770.255582][T10792] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  771.298925][T10808] loop3: detected capacity change from 0 to 4096
[  771.441031][T10808] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  771.590636][T10808] ntfs3: loop3: Failed to load $Extend.
[  772.155934][T10817] loop5: detected capacity change from 0 to 2048
[  772.197438][T10817] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  772.211577][   T26] audit: type=1800 audit(1754877152.912:44): pid=10817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1743" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  772.711667][T10828] loop2: detected capacity change from 0 to 2048
[  772.826675][T10828] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  772.859460][   T26] audit: type=1800 audit(1754877153.552:45): pid=10828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1745" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  773.675392][ T8630] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  774.687505][ T8630] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  775.045110][ T8630] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  776.654541][ T8630] usb 3-1: config 0 interface 0 has no altsetting 0
[  776.813571][ T8630] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  777.013507][ T8630] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.194435][ T8630] usb 3-1: config 0 descriptor??
[  777.246339][ T8630] usb 3-1: can't set config #0, error -71
[  777.310772][ T8630] usb 3-1: USB disconnect, device number 16
[  777.484605][T10859] netlink: 'syz.2.1754': attribute type 10 has an invalid length.
[  777.715553][T10864] netlink: 1184 bytes leftover after parsing attributes in process `syz.2.1754'.
[  779.207142][T10880] loop2: detected capacity change from 0 to 4096
[  779.577913][T10882] loop0: detected capacity change from 0 to 2048
[  779.710151][T10882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  779.815422][   T26] audit: type=1800 audit(1754877160.452:46): pid=10882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1760" name="file1" dev="loop0" ino=1415 res=0 errno=0
[  780.087687][T10880] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  780.172547][T10880] ntfs3: loop2: Failed to load $Extend.
[  782.437315][T10896] loop4: detected capacity change from 0 to 1764
[  782.740413][   T26] audit: type=1326 audit(1754877163.442:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10893 comm="syz.4.1763" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4ddcb8ebe9 code=0x0
[  782.785334][ T8754] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  783.117837][T10901] loop2: detected capacity change from 0 to 2048
[  783.189209][T10901] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  783.347550][   T26] audit: type=1800 audit(1754877163.932:48): pid=10901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1765" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  783.436277][ T8754] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  783.455441][ T8754] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  783.492879][ T8754] usb 1-1: config 0 interface 0 has no altsetting 0
[  783.536643][ T8754] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  783.580259][ T8754] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.630436][ T8754] usb 1-1: config 0 descriptor??
[  784.462672][ T8754] usbhid 1-1:0.0: can't add hid device: -71
[  784.481386][ T8754] usbhid: probe of 1-1:0.0 failed with error -71
[  784.520746][ T8754] usb 1-1: USB disconnect, device number 7
[  785.013978][T10905] loop5: detected capacity change from 0 to 32768
[  785.610578][T10923] loop3: detected capacity change from 0 to 2048
[  785.686507][T10923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  785.736983][   T26] audit: type=1800 audit(1754877166.442:49): pid=10922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1771" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  785.792121][T10905] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  785.865584][T10905] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  785.896126][T10905] BTRFS info (device loop5): setting nodatacow, compression disabled
[  785.985417][T10905] BTRFS error (device loop5): unrecognized mount option 'max_inline='
[  785.994191][T10905] BTRFS error (device loop5): open_ctree failed: -22
[  787.301084][ T4380] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (4380)
[  788.003207][T10925] loop2: detected capacity change from 0 to 32768
[  788.056749][T10925] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  788.089171][T10925] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  788.116909][T10925] BTRFS info (device loop2): setting nodatacow, compression disabled
[  788.144161][T10925] BTRFS error (device loop2): unrecognized mount option 'max_inline='
[  788.186338][T10925] BTRFS error (device loop2): open_ctree failed: -22
[  789.246981][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (4456)
[  790.344479][T10958] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1779'.
[  790.722257][T10951] loop0: detected capacity change from 0 to 32768
[  791.350932][T10951] JBD2: Ignoring recovery information on journal
[  791.590446][T10951] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  792.565236][ T8754] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  792.567541][ T4269] ocfs2: Unmounting device (7,0) on (node local)
[  792.812262][ T8754] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  793.606952][T10986] loop2: detected capacity change from 0 to 40427
[  793.627439][T10986] F2FS-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value
[  794.865723][T10984] hpfs: Bad magic ... probably not HPFS
[  795.055684][ T8754] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  795.065941][ T8754] usb 6-1: config 0 interface 0 has no altsetting 0
[  795.077204][ T8754] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  795.087564][ T8754] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.307479][ T8754] usb 6-1: config 0 descriptor??
[  795.771059][ T8754] usb 6-1: can't set config #0, error -71
[  795.846083][ T8754] usb 6-1: USB disconnect, device number 5
[  796.724996][T10997] loop2: detected capacity change from 0 to 4096
[  796.797895][T10997] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  796.842987][T10997] ntfs3: loop2: Failed to load $Extend.
[  800.044994][ T8752] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  800.056959][T11023] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1797'.
[  800.182808][T11038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1800'.
[  800.261914][ T8752] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  801.594821][T11043] loop4: detected capacity change from 0 to 40427
[  801.616727][T11043] F2FS-fs (loop4): invalid crc value
[  801.622264][T11043] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  801.667233][T11043] F2FS-fs (loop4): Found nat_bits in checkpoint
[  801.749233][T11043] F2FS-fs (loop4): recover fsync data on readonly fs
[  801.757777][T11043] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  801.765462][T11043] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  801.773567][T11043] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  801.897007][ T8752] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  802.416501][ T8752] usb 3-1: config 0 interface 0 has no altsetting 0
[  802.428741][ T8752] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  802.438140][ T8752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.458170][ T8752] usb 3-1: config 0 descriptor??
[  802.492295][ T8752] usb 3-1: can't set config #0, error -71
[  802.510078][ T8752] usb 3-1: USB disconnect, device number 17
[  803.916181][T11074] sd 0:0:1:0: PR command failed: 1026
[  803.921651][T11074] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  803.928426][T11074] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  805.389773][T11082] hfsplus: unable to find HFS+ superblock
[  805.947883][T11089] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1815'.
[  806.179503][T11085] team0: No ports can be present during mode change
[  806.261899][T11085] netlink: 'syz.3.1816': attribute type 10 has an invalid length.
[  806.329770][T11085] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.343314][T11085] team0: Port device bond0 added
[  806.349257][T11090] netlink: 1184 bytes leftover after parsing attributes in process `syz.3.1816'.
[  806.756153][T11094] loop2: detected capacity change from 0 to 40427
[  806.779700][T11094] F2FS-fs (loop2): invalid crc value
[  806.785026][T11094] F2FS-fs (loop2): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  806.812281][T11094] F2FS-fs (loop2): Found nat_bits in checkpoint
[  806.834387][T11094] F2FS-fs (loop2): recover fsync data on readonly fs
[  806.841295][T11094] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  806.847919][T11094] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[  806.856240][T11094] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  807.228132][T11103] loop4: detected capacity change from 0 to 2048
[  807.599487][T11103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  807.648810][   T26] audit: type=1800 audit(1754877188.352:50): pid=11098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1818" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  808.548504][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  808.557677][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  808.875100][T11108] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1820'.
[  808.941595][T11090] team0 (unregistering): Port device team_slave_0 removed
[  808.984496][T11090] team0 (unregistering): Port device team_slave_1 removed
[  809.004425][T11090] team0 (unregistering): Port device bond0 removed
[  810.886624][T11129] loop5: detected capacity change from 0 to 16
[  812.340613][T11137] loop2: detected capacity change from 0 to 40427
[  812.761661][T11137] F2FS-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value
[  813.139603][T11129] erofs: (device loop5): mounted with root inode @ nid 36.
[  813.556440][T11151] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1830'.
[  814.812333][T11142] loop2: detected capacity change from 0 to 32768
[  815.240051][T11142] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  815.299154][T11142] XFS (loop2): Mounting V5 Filesystem
[  815.422389][ T8752] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  816.205283][ T8752] usb 4-1: Using ep0 maxpacket: 32
[  816.237346][ T8752] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  816.275215][ T8752] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  816.312252][ T8752] usb 4-1: config 0 has no interface number 0
[  816.346410][T11142] XFS (loop2): Ending clean mount
[  816.353298][ T8752] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  816.373138][T11142] XFS (loop2): Quotacheck needed: Please wait.
[  816.387076][ T8752] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.406415][ T8752] usb 4-1: Product: syz
[  816.413248][ T8752] usb 4-1: Manufacturer: syz
[  816.423265][T11142] XFS (loop2): Quotacheck: Done.
[  816.467315][ T8752] usb 4-1: SerialNumber: syz
[  816.514102][ T8752] usb 4-1: config 0 descriptor??
[  816.539008][ T4273] XFS (loop2): Unmounting Filesystem
[  816.736937][T11183] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1839'.
[  817.061188][T11188] loop4: detected capacity change from 0 to 1024
[  819.309400][   T22] usb 4-1: USB disconnect, device number 13
[  819.763587][T11205] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1844'.
[  822.624459][T11228] hfsplus: unable to find HFS+ superblock
[  824.407556][T11250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1856'.
[  825.721239][T11262] sd 0:0:1:0: PR command failed: 1026
[  825.726758][T11262] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  825.733515][T11262] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  826.315547][T11260] loop5: detected capacity change from 0 to 1764
[  828.285071][   T26] audit: type=1326 audit(1754877208.982:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.5.1860" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb7b5d8ebe9 code=0x0
[  828.952535][T11286] loop3: detected capacity change from 0 to 2048
[  828.997760][T11286] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  829.205325][   T26] audit: type=1800 audit(1754877209.742:52): pid=11286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1865" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  829.804933][T11295] loop0: detected capacity change from 0 to 2048
[  829.854160][T11295] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  829.890420][   T26] audit: type=1800 audit(1754877210.592:53): pid=11295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1869" name="file1" dev="loop0" ino=1415 res=0 errno=0
[  830.695268][ T8633] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  831.189422][ T8633] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  831.220740][ T8633] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  831.247119][ T8633] usb 1-1: config 0 interface 0 has no altsetting 0
[  831.266197][ T8633] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  831.286926][ T8633] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.307868][ T8633] usb 1-1: config 0 descriptor??
[  831.739805][T11315] loop5: detected capacity change from 0 to 1024
[  832.459764][ T8633] usbhid 1-1:0.0: can't add hid device: -71
[  832.467472][ T8633] usbhid: probe of 1-1:0.0 failed with error -71
[  832.501760][ T8633] usb 1-1: USB disconnect, device number 8
[  833.565210][ T8630] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  833.835215][ T8630] usb 6-1: Using ep0 maxpacket: 32
[  833.853458][ T8630] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  833.989668][ T8630] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.216012][T11342] sd 0:0:1:0: PR command failed: 1026
[  834.221586][T11342] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  834.228500][T11342] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  834.780802][ T8630] usb 6-1: config 0 has no interface number 0
[  834.855313][ T8630] usb 6-1: config 0 interface 132 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  834.927009][ T8630] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  834.946691][ T8630] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.954755][ T8630] usb 6-1: Product: syz
[  834.973297][ T8630] usb 6-1: Manufacturer: syz
[  835.117156][ T8630] usb 6-1: SerialNumber: syz
[  835.144596][ T8630] usb 6-1: config 0 descriptor??
[  837.194120][T11364] loop0: detected capacity change from 0 to 16
[  837.255389][ T8633] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  837.352541][T11364] erofs: (device loop0): mounted with root inode @ nid 36.
[  837.381265][ T4255] usb 6-1: USB disconnect, device number 6
[  837.499630][ T8633] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  837.622324][ T8633] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  837.791011][ T8633] usb 4-1: config 0 interface 0 has no altsetting 0
[  838.062497][ T8633] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  838.370900][ T8633] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.521855][ T8633] usb 4-1: config 0 descriptor??
[  838.902271][ T8633] usbhid 4-1:0.0: can't add hid device: -71
[  838.911592][ T8633] usbhid: probe of 4-1:0.0 failed with error -71
[  838.930264][ T8633] usb 4-1: USB disconnect, device number 14
[  839.272160][T11383] sd 0:0:1:0: PR command failed: 1026
[  839.277770][T11383] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  839.284599][T11383] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  841.755864][T11397] sd 0:0:1:0: PR command failed: 1026
[  841.761517][T11397] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  841.768476][T11397] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  843.915079][T11413] loop4: detected capacity change from 0 to 1024
[  846.736006][T11440] fuse: Unknown parameter 'user_i00000000000000000000'
[  846.755404][T11435] sd 0:0:1:0: PR command failed: 1026
[  846.760861][T11435] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  846.767724][T11435] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  847.830051][T11446] loop4: detected capacity change from 0 to 2048
[  847.871121][T11446] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  847.889231][T11443] loop5: detected capacity change from 0 to 1024
[  847.928706][   T26] audit: type=1800 audit(1754877228.632:54): pid=11446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1911" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  851.342482][T11470] loop4: detected capacity change from 0 to 128
[  852.257523][T11474] loop5: detected capacity change from 0 to 4096
[  852.406159][T11474] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  852.481723][T11474] ntfs3: loop5: Failed to load $Extend.
[  853.499126][T11484] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  853.544678][T11484] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  853.554082][T11484] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  853.563113][T11484] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  853.572546][T11484] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  853.580432][T11484] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  853.634267][T11486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1923'.
[  854.048872][T11491] sd 0:0:1:0: PR command failed: 1026
[  854.054322][T11491] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  854.061212][T11491] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  855.192718][ T8754] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  855.356175][T11503] loop2: detected capacity change from 0 to 1024
[  855.490693][ T8754] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  855.736707][ T4266] Bluetooth: hci5: command 0x0409 tx timeout
[  855.859560][ T8754] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  855.982980][T11483] chnl_net:caif_netlink_parms(): no params data found
[  855.994469][ T8754] usb 5-1: config 0 interface 0 has no altsetting 0
[  856.060165][ T8754] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  856.090571][ T8754] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.160264][ T8754] usb 5-1: config 0 descriptor??
[  856.974986][ T8754] usbhid 5-1:0.0: can't add hid device: -71
[  856.981091][ T8754] usbhid: probe of 5-1:0.0 failed with error -71
[  856.989373][ T8754] usb 5-1: USB disconnect, device number 8
[  857.094176][T11483] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.124027][T11483] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.172214][T11483] device bridge_slave_0 entered promiscuous mode
[  857.194902][T11483] bridge0: port 2(bridge_slave_1) entered blocking state
[  857.215341][T11483] bridge0: port 2(bridge_slave_1) entered disabled state
[  857.243225][T11483] device bridge_slave_1 entered promiscuous mode
[  857.407262][T11483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  857.515805][T11515] loop2: detected capacity change from 0 to 1024
[  857.875364][ T4266] Bluetooth: hci5: command 0x041b tx timeout
[  858.290128][ T4352] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  858.346070][T11483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  858.558721][ T4352] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  858.676490][T11483] team0: Port device team_slave_0 added
[  858.902583][ T4352] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.020799][T11483] team0: Port device team_slave_1 added
[  859.208391][T11530] sd 0:0:1:0: PR command failed: 1026
[  859.213865][T11530] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  859.221570][T11530] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  859.390698][ T4352] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.412689][T11483] batman_adv: batadv0: Adding interface: batadv_slave_0
[  859.420231][T11483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  859.446197][    C0] vkms_vblank_simulate: vblank timer overrun
[  859.457122][T11483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  859.487589][T11483] batman_adv: batadv0: Adding interface: batadv_slave_1
[  859.511372][T11483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  859.627167][T11483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  859.838677][T11483] device hsr_slave_0 entered promiscuous mode
[  859.871550][T11483] device hsr_slave_1 entered promiscuous mode
[  859.884480][T11483] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  859.905389][T11484] Bluetooth: hci5: command 0x040f tx timeout
[  859.929981][T11483] Cannot create hsr debugfs directory
[  860.012961][ T4352] tipc: Left network mode
[  860.051650][T11534] loop4: detected capacity change from 0 to 32768
[  860.084103][T11534] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  860.103992][T11534] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  860.133405][T11534] BTRFS info (device loop4): setting nodatacow, compression disabled
[  860.185269][T11534] BTRFS error (device loop4): unrecognized mount option 'max_inline='
[  860.208999][T11534] BTRFS error (device loop4): open_ctree failed: -22
[  860.269008][T11541] loop5: detected capacity change from 0 to 4096
[  860.325232][T11541] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  860.367640][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4456)
[  860.431926][T11544] tipc: Started in network mode
[  860.436921][T11544] tipc: Node identity 4, cluster identity 4711
[  860.443135][T11544] tipc: Node number set to 4
[  860.517056][T11541] ntfs3: loop5: Failed to load $Extend.
[  861.472371][   T26] audit: type=1800 audit(1754877241.992:55): pid=11554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1935" name="file1" dev="loop5" ino=30 res=0 errno=0
[  861.561902][T11556] sd 0:0:1:0: PR command failed: 1026
[  861.567510][T11556] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  861.574312][T11556] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  862.094989][T11484] Bluetooth: hci5: command 0x0419 tx timeout
[  863.561439][T11483] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  863.781782][T11483] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  863.821600][T11483] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  863.947184][T11483] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  866.350635][T11609] loop2: detected capacity change from 0 to 1764
[  866.370544][T11483] 8021q: adding VLAN 0 to HW filter on device bond0
[  866.639766][T11612] sd 0:0:1:0: PR command failed: 1026
[  866.645383][T11612] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  866.652216][T11612] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  866.815898][ T4352] device hsr_slave_0 left promiscuous mode
[  866.981145][ T4352] device hsr_slave_1 left promiscuous mode
[  867.050511][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  867.058184][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0
[  867.066183][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  867.073811][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1
[  867.083130][ T4352] device bridge_slave_1 left promiscuous mode
[  867.089567][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state
[  867.098289][ T4352] device bridge_slave_0 left promiscuous mode
[  867.167856][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state
[  867.634350][   T26] audit: type=1326 audit(1754877248.332:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11608 comm="syz.2.1945" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f22a118ebe9 code=0x0
[  868.029448][ T4352] device veth1_macvtap left promiscuous mode
[  868.101360][ T4352] device veth0_macvtap left promiscuous mode
[  868.120478][ T4352] device veth1_vlan left promiscuous mode
[  868.132765][ T4352] device veth0_vlan left promiscuous mode
[  869.117410][T11627] loop4: detected capacity change from 0 to 4096
[  869.222216][T11627] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  869.706995][T11637] loop5: detected capacity change from 0 to 2048
[  870.011732][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  870.018097][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  870.073337][T11637] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  870.078522][T11627] ntfs3: loop4: Failed to load $Extend.
[  870.115080][   T26] audit: type=1800 audit(1754877250.812:57): pid=11635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1951" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  870.763734][T11625] loop3: detected capacity change from 0 to 32768
[  870.863960][T11625] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  871.029890][T11625] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  871.109491][T11625] BTRFS info (device loop3): setting nodatacow, compression disabled
[  871.187888][T11625] BTRFS error (device loop3): unrecognized mount option 'max_inline='
[  871.318696][T11625] BTRFS error (device loop3): open_ctree failed: -22
[  871.526439][ T4380] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (4380)
[  872.484595][ T4352] team0 (unregistering): Port device team_slave_1 removed
[  872.676604][ T4352] team0 (unregistering): Port device team_slave_0 removed
[  872.805557][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  872.877708][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  873.005285][T11661] loop3: detected capacity change from 0 to 2048
[  873.113856][T11661] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  873.150950][   T26] audit: type=1800 audit(1754877253.852:58): pid=11660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1955" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  873.669566][ T4352] bond0 (unregistering): Released all slaves
[  873.758370][T11483] 8021q: adding VLAN 0 to HW filter on device team0
[  873.765579][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  873.773572][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  873.840963][T11658] netlink: 'syz.4.1956': attribute type 10 has an invalid length.
[  873.920159][T11658] 8021q: adding VLAN 0 to HW filter on device bond0
[  873.951796][T11658] team0: Port device bond0 added
[  874.075724][T11659] netlink: 1184 bytes leftover after parsing attributes in process `syz.4.1956'.
[  874.221871][T11668] loop5: detected capacity change from 0 to 1024
[  875.219106][T11659] team0 (unregistering): Port device team_slave_0 removed
[  875.253006][T11659] team0 (unregistering): Port device team_slave_1 removed
[  875.278916][T11659] team0 (unregistering): Port device bond0 removed
[  875.361454][T11673] netlink: 'syz.5.1959': attribute type 10 has an invalid length.
[  875.488253][T11673] 8021q: adding VLAN 0 to HW filter on device bond0
[  875.665985][T11673] team0: Port device bond0 added
[  875.687583][T11674] netlink: 1184 bytes leftover after parsing attributes in process `syz.5.1959'.
[  880.260519][T11674] team0 (unregistering): Port device team_slave_0 removed
[  880.321556][T11674] team0 (unregistering): Port device team_slave_1 removed
[  880.391971][T11674] team0 (unregistering): Port device bond0 removed
[  880.440540][T11708] 9pnet_fd: Insufficient options for proto=fd
[  880.471722][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  880.492204][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  880.556722][ T8787] bridge0: port 1(bridge_slave_0) entered blocking state
[  880.565497][ T8787] bridge0: port 1(bridge_slave_0) entered forwarding state
[  880.583031][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  880.594449][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  880.603814][ T8787] bridge0: port 2(bridge_slave_1) entered blocking state
[  880.610999][ T8787] bridge0: port 2(bridge_slave_1) entered forwarding state
[  880.626354][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  880.681602][T11710] fuse: Bad value for 'fd'
[  881.496485][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  881.505057][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  881.555646][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  881.604957][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  881.650121][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  881.838247][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  885.054074][T11749] loop2: detected capacity change from 0 to 2048
[  885.230555][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  885.253712][T11749] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  885.297693][   T26] audit: type=1800 audit(1754877266.002:59): pid=11748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1976" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  885.319125][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  885.328624][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  885.337234][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  885.346067][ T4557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  885.478364][T11757] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1978'.
[  885.954141][T11761] loop2: detected capacity change from 0 to 4096
[  886.122564][T11761] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  886.187605][T11761] ntfs3: loop2: Failed to load $Extend.
[  886.449932][T11772] loop5: detected capacity change from 0 to 1024
[  886.938964][T11774] loop4: detected capacity change from 0 to 1764
[  887.268160][T11781] fuse: Bad value for 'fd'
[  887.274381][T11483] 8021q: adding VLAN 0 to HW filter on device batadv0
[  887.384517][   T26] audit: type=1326 audit(1754877268.082:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11773 comm="syz.4.1981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4ddcb8ebe9 code=0x0
[  887.406320][    C0] vkms_vblank_simulate: vblank timer overrun
[  887.812512][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  887.826550][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  888.231282][T11785] loop2: detected capacity change from 0 to 4096
[  888.708160][T11785] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  888.803024][T11785] ntfs3: loop2: Failed to load $Extend.
[  891.741131][T11834] loop3: detected capacity change from 0 to 128
[  891.749853][T11834] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  892.452958][   T26] audit: type=1326 audit(1754877273.152:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11833 comm="syz.3.1991" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f31c558ebe9 code=0x0
[  892.474730][    C0] vkms_vblank_simulate: vblank timer overrun
[  892.575831][T11841] loop5: detected capacity change from 0 to 2048
[  892.589683][T11841] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  892.898092][   T26] audit: type=1800 audit(1754877273.302:62): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1993" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  892.970480][T11850] loop2: detected capacity change from 0 to 1024
[  893.498452][T11853] fuse: Bad value for 'fd'
[  893.937863][T11870] loop5: detected capacity change from 0 to 2048
[  894.334896][T11858] netlink: 1184 bytes leftover after parsing attributes in process `syz.4.1996'.
[  894.369264][T11870] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  894.413410][   T26] audit: type=1800 audit(1754877275.112:63): pid=11861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1995" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  894.516528][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  894.533129][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  894.613784][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  894.633748][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  894.653271][T11483] device veth0_vlan entered promiscuous mode
[  894.660531][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  894.806052][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  894.818813][T11483] device veth1_vlan entered promiscuous mode
[  894.895327][T11483] device veth0_macvtap entered promiscuous mode
[  894.913263][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  895.081262][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  895.582373][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  896.750601][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  896.759397][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  896.781075][T11483] device veth1_macvtap entered promiscuous mode
[  896.885219][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  896.933768][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  896.966618][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  897.001346][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  897.035553][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  897.080861][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  897.118347][T11483] batman_adv: batadv0: Interface activated: batadv_slave_0
[  897.149844][ T4608] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  897.176978][ T4608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  897.247788][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  897.276606][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  897.315150][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  897.350823][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  897.401353][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.213505][T11889] loop3: detected capacity change from 0 to 32768
[  898.285154][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.308988][T11889] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  898.320102][T11484] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  898.325346][T11889] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  898.330238][T11484] CPU: 0 PID: 11484 Comm: kworker/u5:0 Not tainted 6.1.147-syzkaller #0
[  898.347126][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  898.357201][T11484] Workqueue: hci4 hci_rx_work
[  898.361917][T11484] Call Trace:
[  898.365204][T11484]  <TASK>
[  898.368141][T11484]  dump_stack_lvl+0x168/0x22e
[  898.372839][T11484]  ? show_regs_print_info+0x12/0x12
[  898.378058][T11484]  ? load_image+0x3b0/0x3b0
[  898.382601][T11484]  sysfs_create_dir_ns+0x252/0x280
[  898.387732][T11484]  ? hci_rx_work+0x3eb/0xd40
[  898.390874][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.392331][T11484]  ? sysfs_warn_dup+0xa0/0xa0
[  898.407443][T11484]  ? do_raw_spin_unlock+0x11d/0x230
[  898.412674][T11484]  kobject_add_internal+0x6b8/0xc80
[  898.417908][T11484]  kobject_add+0x152/0x210
[  898.422359][T11484]  ? kobject_init+0x1d0/0x1d0
[  898.427065][T11484]  ? klist_children_get+0x50/0x50
[  898.432109][T11484]  ? get_device_parent+0x121/0x3f0
[  898.435243][T11889] BTRFS info (device loop3): setting nodatacow, compression disabled
[  898.437224][T11484]  device_add+0x483/0xfb0
[  898.449635][T11484]  ? kmem_cache_free+0xf7/0x290
[  898.454521][T11484]  hci_conn_add_sysfs+0xd1/0x1e0
[  898.459486][T11484]  le_conn_complete_evt+0xd1d/0x1320
[  898.464815][T11484]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  898.471081][T11484]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  898.476722][T11484]  ? skb_pull_data+0xf7/0x200
[  898.481414][T11484]  hci_le_conn_complete_evt+0x183/0x440
[  898.486971][T11484]  ? hci_remote_host_features_evt+0x270/0x270
[  898.493041][T11484]  hci_event_packet+0x791/0x1210
[  898.497980][T11484]  ? bis_list+0x280/0x280
[  898.502381][T11484]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  898.508291][T11484]  ? kcov_remote_start+0x4c7/0x7e0
[  898.513396][T11484]  ? default_do_nmi+0xf0/0x150
[  898.518182][T11484]  ? hci_send_to_monitor+0x9c/0x4a0
[  898.523385][T11484]  hci_rx_work+0x3eb/0xd40
[  898.527798][T11484]  ? _raw_spin_unlock+0x40/0x40
[  898.532647][T11484]  ? process_one_work+0x7a1/0x1160
[  898.537748][T11484]  process_one_work+0x898/0x1160
[  898.542701][T11484]  ? worker_detach_from_pool+0x240/0x240
[  898.548325][T11484]  ? _raw_spin_lock_irq+0xab/0xe0
[  898.553340][T11484]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  898.558702][T11484]  ? kthread_data+0x4b/0xc0
[  898.563203][T11484]  worker_thread+0xaa2/0x1250
[  898.567901][T11484]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  898.573810][T11484]  ? __kthread_parkme+0x162/0x1c0
[  898.578831][T11484]  kthread+0x29d/0x330
[  898.582888][T11484]  ? worker_clr_flags+0x1a0/0x1a0
[  898.587899][T11484]  ? kthread_blkcg+0xd0/0xd0
[  898.592480][T11484]  ret_from_fork+0x1f/0x30
[  898.596908][T11484]  </TASK>
[  898.600910][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.602153][T11484] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  898.612074][T11483] batman_adv: batadv0: Interface activated: batadv_slave_1
[  898.624333][T11484] Bluetooth: hci4: failed to register connection device
[  898.640074][T11889] BTRFS error (device loop3): unrecognized mount option 'max_inline='
[  898.691130][T11889] BTRFS error (device loop3): open_ctree failed: -22
[  898.712170][T11891] loop4: detected capacity change from 0 to 32768
[  898.755069][T11891] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2002 (11891)
[  898.755790][ T4608] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  898.799520][T11891] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  898.857245][ T4608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  898.938345][T11891] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  898.966939][T11891] BTRFS info (device loop4): setting nodatacow, compression disabled
[  899.130040][T11891] BTRFS error (device loop4): unrecognized mount option 'max_inline='
[  899.133821][T11483] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  900.072146][T11483] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  900.112326][T11483] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  900.152848][T11483] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.317744][T11891] BTRFS error (device loop4): open_ctree failed: -22
[  900.317853][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (4456)
[  900.507751][ T4608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.550824][ T4608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.597209][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  900.652414][ T4608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.694951][ T4608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.853075][ T8787] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  901.901449][T11918] loop5: detected capacity change from 0 to 40427
[  901.969915][T11918] F2FS-fs (loop5): invalid crc value
[  902.453577][T11918] F2FS-fs (loop5): Found nat_bits in checkpoint
[  902.522356][T11920] loop2: detected capacity change from 0 to 32768
[  902.581410][T11918] F2FS-fs (loop5): Cannot turn on quotas: -2 on 0
[  902.617424][T11920] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  902.652543][T11918] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  902.665222][T11920] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  902.765194][T11920] BTRFS info (device loop2): setting nodatacow, compression disabled
[  902.773416][T11920] BTRFS error (device loop2): unrecognized mount option 'max_inline='
[  902.872715][T11920] BTRFS error (device loop2): open_ctree failed: -22
[  902.990499][ T5983] syz-executor: attempt to access beyond end of device
[  902.990499][ T5983] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  903.267860][ T4384] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (4384)
[  903.307813][T11962] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2014'.
[  903.329672][T11968] tipc: Started in network mode
[  903.440196][T11968] tipc: Node identity 4, cluster identity 4711
[  903.545319][T11968] tipc: Node number set to 4
[  904.243116][T11979] loop3: detected capacity change from 0 to 2048
[  904.366844][T11979] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  904.479798][T11985] loop6: detected capacity change from 0 to 1024
[  904.834834][   T26] audit: type=1800 audit(1754877285.532:64): pid=11966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2012" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  905.871247][T11988] loop5: detected capacity change from 0 to 40427
[  905.955064][T11988] F2FS-fs (loop5): invalid crc value
[  906.177155][T12003] loop4: detected capacity change from 0 to 2048
[  906.667034][T12003] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  906.739398][   T26] audit: type=1800 audit(1754877287.442:65): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2019" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  906.770185][T11988] F2FS-fs (loop5): Found nat_bits in checkpoint
[  907.195205][T12007] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2020'.
[  907.417827][T11988] F2FS-fs (loop5): Cannot turn on quotas: -2 on 0
[  907.430427][T11988] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  907.855320][T11988] syz.5.2018: attempt to access beyond end of device
[  907.855320][T11988] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  909.057577][T12015] loop6: detected capacity change from 0 to 32768
[  909.805500][T12015] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  909.865335][T12015] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  909.874120][T12015] BTRFS info (device loop6): setting nodatacow, compression disabled
[  909.979745][T12015] BTRFS error (device loop6): unrecognized mount option 'max_inline='
[  910.033022][T12015] BTRFS error (device loop6): open_ctree failed: -22
[  911.066180][ T4380] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by udevd (4380)
[  911.659478][T12048] loop3: detected capacity change from 0 to 2048
[  912.468484][T12058] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  913.767401][T12065] loop4: detected capacity change from 0 to 128
[  914.000233][T12068] loop5: detected capacity change from 0 to 4096
[  914.035734][T12068] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  914.101777][T12068] ntfs3: loop5: Failed to load $Extend.
[  920.047664][T12098] loop3: detected capacity change from 0 to 4096
[  920.173085][T12098] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  920.771820][T12125] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2045'.
[  920.830550][T12113] loop6: detected capacity change from 0 to 2048
[  920.978108][T12113] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  921.016925][   T26] audit: type=1800 audit(1754877301.722:66): pid=12113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2040" name="file1" dev="loop6" ino=1415 res=0 errno=0
[  921.059013][T12126] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2044'.
[  921.451281][T12124] loop5: detected capacity change from 0 to 4096
[  921.622393][T12124] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  921.687365][T12124] ntfs3: loop5: Failed to load $Extend.
[  922.914990][   T26] audit: type=1107 audit(1754877303.612:67): pid=12132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='p	�gÏ[*~J?;¥Û‘)c±‡2¼£4'>eËhÂ&7êl�ö´(ž]ßð5MH!'-;=.ÿÞÖŒMþßÌ䵚´kåUN‹W1”cá@j®Žê~5¾Ä®½‹ž¶�è|W׎¢¸ˆ¬ÿò5üx2Ü©qëP£"äµHq’`æ7,mÇnƒ]ç3Åæì[ؔĨ¹rEM «U·l­iÅ«E��DàoÄ„üýã·ùÑ‚Œpù!Ùf^'
[  923.283977][   T26] audit: type=1800 audit(1754877303.682:68): pid=12139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2046" name="file1" dev="loop5" ino=30 res=0 errno=0
[  926.942693][T12183] loop6: detected capacity change from 0 to 128
[  927.451348][T12171] loop4: detected capacity change from 0 to 32768
[  927.536600][T12171] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  927.577781][T12171] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  927.628029][T12171] BTRFS info (device loop4): setting nodatacow, compression disabled
[  927.690896][T12196] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2059'.
[  927.708650][T12171] BTRFS error (device loop4): unrecognized mount option 'max_inline='
[  927.792402][T12171] BTRFS error (device loop4): open_ctree failed: -22
[  928.943634][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4456)
[  928.968793][ T4266] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  928.978887][ T4266] CPU: 0 PID: 4266 Comm: kworker/u5:1 Not tainted 6.1.147-syzkaller #0
[  928.987147][ T4266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  928.997217][ T4266] Workqueue: hci1 hci_rx_work
[  929.001919][ T4266] Call Trace:
[  929.005209][ T4266]  <TASK>
[  929.008160][ T4266]  dump_stack_lvl+0x168/0x22e
[  929.012860][ T4266]  ? show_regs_print_info+0x12/0x12
[  929.018076][ T4266]  ? load_image+0x3b0/0x3b0
[  929.022609][ T4266]  sysfs_create_dir_ns+0x252/0x280
[  929.027732][ T4266]  ? hci_rx_work+0x3eb/0xd40
[  929.032339][ T4266]  ? sysfs_warn_dup+0xa0/0xa0
[  929.037016][T12206] 9pnet_fd: Insufficient options for proto=fd
[  929.037031][ T4266]  ? do_raw_spin_unlock+0x11d/0x230
[  929.048277][ T4266]  kobject_add_internal+0x6b8/0xc80
[  929.053471][ T4266]  kobject_add+0x152/0x210
[  929.057873][ T4266]  ? kobject_init+0x1d0/0x1d0
[  929.062536][ T4266]  ? klist_children_get+0x50/0x50
[  929.067575][ T4266]  ? get_device_parent+0x121/0x3f0
[  929.072699][ T4266]  device_add+0x483/0xfb0
[  929.077015][ T4266]  ? kmem_cache_free+0xf7/0x290
[  929.081854][ T4266]  hci_conn_add_sysfs+0xd1/0x1e0
[  929.086821][ T4266]  le_conn_complete_evt+0xd1d/0x1320
[  929.092098][ T4266]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  929.098327][ T4266]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  929.103945][ T4266]  ? skb_pull_data+0xf7/0x200
[  929.108607][ T4266]  hci_le_conn_complete_evt+0x183/0x440
[  929.114161][ T4266]  ? hci_remote_host_features_evt+0x270/0x270
[  929.120230][ T4266]  hci_event_packet+0x791/0x1210
[  929.125161][ T4266]  ? bis_list+0x280/0x280
[  929.129511][ T4266]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  929.135411][ T4266]  ? kcov_remote_start+0x4c7/0x7e0
[  929.140509][ T4266]  ? default_do_nmi+0xf0/0x150
[  929.145262][ T4266]  ? hci_send_to_monitor+0x9c/0x4a0
[  929.150449][ T4266]  hci_rx_work+0x3eb/0xd40
[  929.154873][ T4266]  ? _raw_spin_unlock+0x40/0x40
[  929.159715][ T4266]  ? process_one_work+0x7a1/0x1160
[  929.164812][ T4266]  process_one_work+0x898/0x1160
[  929.170038][ T4266]  ? worker_detach_from_pool+0x240/0x240
[  929.175693][ T4266]  ? _raw_spin_lock_irq+0xab/0xe0
[  929.180763][ T4266]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  929.186127][ T4266]  ? kthread_data+0x4b/0xc0
[  929.190623][ T4266]  worker_thread+0xaa2/0x1250
[  929.195297][ T4266]  kthread+0x29d/0x330
[  929.199346][ T4266]  ? worker_clr_flags+0x1a0/0x1a0
[  929.204395][ T4266]  ? kthread_blkcg+0xd0/0xd0
[  929.208971][ T4266]  ret_from_fork+0x1f/0x30
[  929.213381][ T4266]  </TASK>
[  929.217918][ T4266] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  929.231236][ T4266] Bluetooth: hci1: failed to register connection device
[  930.215256][T12223] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2064'.
[  931.439156][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  931.445597][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  933.206908][T12244] loop2: detected capacity change from 0 to 128
[  933.309037][T12244] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  933.965804][   T26] audit: type=1326 audit(1754877314.512:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12243 comm="syz.2.2069" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f22a118ebe9 code=0x0
[  933.987775][    C0] vkms_vblank_simulate: vblank timer overrun
[  934.162210][T12251] loop6: detected capacity change from 0 to 128
[  934.423319][T12254] loop4: detected capacity change from 0 to 2048
[  934.882627][T12261] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  935.424667][T12270] loop6: detected capacity change from 0 to 128
[  935.425339][ T4266] Bluetooth: hci1: command 0x0406 tx timeout
[  935.583519][T12272] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2073'.
[  935.867114][T12270] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  936.315285][   T26] audit: type=1326 audit(1754877317.012:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12268 comm="syz.6.2074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f556cb8ebe9 code=0x0
[  936.695220][   T41] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  936.905256][   T41] usb 4-1: Using ep0 maxpacket: 32
[  936.919456][   T41] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  937.043612][T12284] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2076'.
[  937.285390][   T41] usb 4-1: config 0 has no interface number 0
[  937.291527][   T41] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  937.318155][   T41] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  937.328862][   T41] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.433619][   T41] usb 4-1: Product: syz
[  937.442890][   T41] usb 4-1: Manufacturer: syz
[  937.470264][   T41] usb 4-1: SerialNumber: syz
[  937.491826][   T41] usb 4-1: config 0 descriptor??
[  937.530766][   T41] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  937.565268][   T41] em28xx 4-1:0.132: Video interface 132 found:
[  937.897943][T12292] loop6: detected capacity change from 0 to 128
[  937.916156][   T41] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  937.944892][T12292] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  938.824032][T12274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  938.833568][   T26] audit: type=1326 audit(1754877319.052:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12291 comm="syz.6.2078" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f556cb8ebe9 code=0x0
[  938.925803][T12274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  938.989860][T12285] loop2: detected capacity change from 0 to 32768
[  939.026548][T12274] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2075'.
[  939.101812][T12285] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  939.234955][   T41] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  939.315828][T12285] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  940.098554][T12285] BTRFS info (device loop2): setting nodatacow, compression disabled
[  940.233065][   T41] em28xx 4-1:0.132: board has no eeprom
[  940.260260][T12285] BTRFS error (device loop2): unrecognized mount option 'max_inline='
[  940.377039][   T41] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  940.385039][   T41] em28xx 4-1:0.132: analog set to bulk mode.
[  940.732183][T12285] BTRFS error (device loop2): open_ctree failed: -22
[  940.737270][   T41] usb 4-1: USB disconnect, device number 15
[  940.787521][ T8754] em28xx 4-1:0.132: Registering V4L2 extension
[  940.823850][   T41] em28xx 4-1:0.132: Disconnecting em28xx
[  942.340263][T12310] loop6: detected capacity change from 0 to 40427
[  942.387046][T12310] F2FS-fs (loop6): invalid crc value
[  942.392523][T12310] F2FS-fs (loop6): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  943.492044][ T8219] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (8219)
[  943.568989][T12330] loop5: detected capacity change from 0 to 128
[  943.876553][T12310] F2FS-fs (loop6): Found nat_bits in checkpoint
[  944.110154][T12310] F2FS-fs (loop6): recover fsync data on readonly fs
[  944.117802][T12310] F2FS-fs (loop6): Cannot turn on quotas: -2 on 0
[  944.125497][T12310] F2FS-fs (loop6): Cannot turn on quotas: -2 on 1
[  944.452075][T12310] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  944.910300][T12339] netlink: 'syz.4.2086': attribute type 10 has an invalid length.
[  945.511337][ T8754] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  945.518847][T12337] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2087'.
[  945.535331][ T8754] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  945.579750][ T8754] em28xx 4-1:0.132: No AC97 audio processor
[  945.621329][ T8754] usb 4-1: Decoder not found
[  945.651714][ T8754] em28xx 4-1:0.132: failed to create media graph
[  945.814408][ T8754] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  946.797628][ T8754] em28xx 4-1:0.132: Remote control support is not available for this card.
[  946.869251][   T41] em28xx 4-1:0.132: Closing input extension
[  946.883810][   T41] em28xx 4-1:0.132: Freeing device
[  947.481937][T12361] loop5: detected capacity change from 0 to 2048
[  948.100379][T12372] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  948.750431][T12378] loop4: detected capacity change from 0 to 2048
[  948.866977][T12378] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  948.909952][   T26] audit: type=1800 audit(1754877329.612:72): pid=12377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2091" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  951.590846][T12399] netlink: 1184 bytes leftover after parsing attributes in process `syz.4.2098'.
[  952.667198][T12416] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2102'.
[  953.232061][T12418] loop6: detected capacity change from 0 to 2048
[  953.348936][T12418] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  953.398827][   T26] audit: type=1800 audit(1754877334.102:73): pid=12417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2099" name="file1" dev="loop6" ino=1415 res=0 errno=0
[  953.790111][T12422] loop4: detected capacity change from 0 to 2048
[  954.534791][T12428] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  954.784611][T12432] loop5: detected capacity change from 0 to 2048
[  954.941442][T12435] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  954.965747][T12434] loop6: detected capacity change from 0 to 2048
[  955.034846][T12434] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  957.118795][T12460] loop3: detected capacity change from 0 to 2048
[  957.138246][T12460] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  957.238950][T12465] team0: No ports can be present during mode change
[  957.273142][T12465] netlink: 'syz.6.2110': attribute type 10 has an invalid length.
[  957.426697][T12465] 8021q: adding VLAN 0 to HW filter on device bond0
[  957.745792][T12465] team0: Port device bond0 added
[  957.759653][T12468] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2110'.
[  959.002389][T12491] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2113'.
[  959.585798][T12468] team0 (unregistering): Port device team_slave_0 removed
[  959.670323][T12468] team0 (unregistering): Port device team_slave_1 removed
[  959.727169][T12468] team0 (unregistering): Port device bond0 removed
[  960.227013][T12500] loop5: detected capacity change from 0 to 2048
[  960.661333][T12500] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  960.708631][   T26] audit: type=1800 audit(1754877341.412:74): pid=12497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2115" name="file1" dev="loop5" ino=1415 res=0 errno=0
[  963.860257][T12530] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[  963.860257][T12530]    program syz.5.2120 not setting count and/or reply_len properly
[  965.952842][T12549] loop6: detected capacity change from 0 to 2048
[  966.387939][T12549] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  966.423079][   T26] audit: type=1800 audit(1754877347.122:75): pid=12544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2125" name="file1" dev="loop6" ino=1415 res=0 errno=0
[  966.718106][T12551] loop2: detected capacity change from 0 to 1024
[  967.818083][T12557] loop4: detected capacity change from 0 to 1024
[  969.856350][T12576] loop4: detected capacity change from 0 to 4096
[  969.910114][T12582] loop2: detected capacity change from 0 to 2048
[  969.922811][T12582] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  969.935718][   T26] audit: type=1800 audit(1754877350.642:76): pid=12582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2129" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  970.009193][T12576] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  970.208915][T12576] ntfs3: loop4: Failed to load $Extend.
[  970.294874][T12585] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[  970.294874][T12585]    program syz.5.2133 not setting count and/or reply_len properly
[  971.742289][T12594] loop6: detected capacity change from 0 to 2048
[  971.994002][T12601] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  976.169836][T12622] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2138'.
[  978.573218][T12644] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2144'.
[  979.114796][T12648] loop2: detected capacity change from 0 to 1024
[  979.615212][ T4266] Bluetooth: hci5: command 0x0406 tx timeout
[  980.464394][T12661] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[  980.464394][T12661]    program syz.2.2148 not setting count and/or reply_len properly
[  981.352152][T12667] loop3: detected capacity change from 0 to 2048
[  981.455240][T12668] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  982.202280][T12655] loop5: detected capacity change from 0 to 32768
[  982.382930][T12655] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  982.481804][T12655] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  982.517459][T12655] BTRFS info (device loop5): setting nodatacow, compression disabled
[  982.625595][T12655] BTRFS error (device loop5): unrecognized mount option 'max_inline='
[  982.680542][T12655] BTRFS error (device loop5): open_ctree failed: -22
[  982.959082][ T4380] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (4380)
[  983.582144][T12686] loop4: detected capacity change from 0 to 2048
[  983.690707][T12694] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  984.954916][T12705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2158'.
[  986.202294][T12716] loop3: detected capacity change from 0 to 2048
[  986.645563][T12716] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  986.681519][   T26] audit: type=1800 audit(1754877367.382:77): pid=12714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2160" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  986.973944][T12719] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[  986.973944][T12719]    program syz.3.2161 not setting count and/or reply_len properly
[  988.017657][T12727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2163'.
[  992.870639][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  992.877334][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  992.989797][T11484] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  992.990805][T12771] 9pnet_fd: Insufficient options for proto=fd
[  993.351545][T12758] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2171'.
[  994.328753][T12784] loop2: detected capacity change from 0 to 4096
[  994.485266][T11630] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  994.533834][T12784] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  994.567972][T12784] ntfs3: loop2: Failed to load $Extend.
[  994.635927][T12795] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[  994.635927][T12795]    program syz.6.2178 not setting count and/or reply_len properly
[  994.812680][T11630] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  994.993832][T11630] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  995.158404][T11630] usb 4-1: config 0 interface 0 has no altsetting 0
[  995.285982][T11630] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  995.295973][T11630] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.315311][T11630] usb 4-1: config 0 descriptor??
[  996.104857][T11630] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0
[  996.383518][T12812] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2179'.
[  997.012678][T11630] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0
[  997.544402][T12805] device vlan2 entered promiscuous mode
[  997.550160][T12805] device bond0 entered promiscuous mode
[  997.555906][T12805] device bond_slave_0 entered promiscuous mode
[  997.563524][T12805] device bond_slave_1 entered promiscuous mode
[  997.578730][T12805] bond0: (slave vlan2): Opening slave failed
[  997.868201][T11630] hid-steam 0003:28DE:1102.0003: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[  997.931588][T11630] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0
[  997.971480][T11630] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0
[  997.995846][T11630] hid-steam 0003:28DE:1102.0004: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[  998.572921][T11630] hid-steam 0003:28DE:1102.0003: Steam Controller 'XXXXXXXXXX' connected
[  998.780151][T11630] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0003/input/input10
[  999.225366][ T8633] usb 4-1: reset full-speed USB device number 16 using dummy_hcd
[  999.756940][ T4266] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  999.773606][T12835] 9pnet_fd: Insufficient options for proto=fd
[ 1000.513228][T11630] usb 4-1: USB disconnect, device number 16
[ 1002.068304][T11630] hid-steam 0003:28DE:1102.0003: Steam Controller 'XXXXXXXXXX' disconnected
[ 1002.515834][T12849] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2190'.
[ 1002.920340][T11630] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[ 1003.230431][T11630] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1003.297862][T11630] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1003.385332][T11630] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1003.447720][T11630] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1003.530072][T11630] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.798725][T11630] usb 4-1: config 0 descriptor??
[ 1004.052266][T12866] loop4: detected capacity change from 0 to 128
[ 1004.212292][T11630] hid-steam 0003:28DE:1102.0005: unknown main item tag 0x0
[ 1004.355214][ T4456] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1004.364782][T11630] hid-steam 0003:28DE:1102.0005: unknown main item tag 0x0
[ 1004.398945][T11630] hid-steam 0003:28DE:1102.0005: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[ 1004.401574][T12867] loop5: detected capacity change from 0 to 4096
[ 1005.264355][T11630] hid-steam 0003:28DE:1102.0006: unknown main item tag 0x0
[ 1005.334913][T11630] hid-steam 0003:28DE:1102.0006: unknown main item tag 0x0
[ 1005.420569][T11630] hid-steam 0003:28DE:1102.0006: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[ 1005.535294][T11630] hid-steam 0003:28DE:1102.0005: Steam Controller 'XXXXXXXXXX' connected
[ 1005.631688][T11630] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0005/input/input11
[ 1005.773155][T11630] usb 4-1: USB disconnect, device number 17
[ 1006.174630][T12867] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[ 1006.338220][T12867] ntfs3: loop5: Failed to load $Extend.
[ 1006.357450][T11630] hid-steam 0003:28DE:1102.0005: Steam Controller 'XXXXXXXXXX' disconnected
[ 1008.052991][   T26] audit: type=1800 audit(1754877388.702:78): pid=12895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2192" name="file1" dev="loop5" ino=30 res=0 errno=0
[ 1009.511614][T12880] fido_id[12880]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1009.665967][T12901] [U] 
[ 1009.668709][T12901] [U] 
[ 1009.671409][T12901] [U] 
[ 1009.674122][T12901] [U] 
[ 1009.676821][T12901] [U] 
[ 1009.679527][T12901] [U] 
[ 1009.682210][T12901] [U] 
[ 1009.684915][T12901] [U] 
[ 1009.799504][T12904] 9pnet_fd: Insufficient options for proto=fd
[ 1009.826109][T12901] [U] 
[ 1009.828855][T12901] [U] 
[ 1009.831564][T12901] [U] 
[ 1009.866613][T12899] [U] 
[ 1011.089694][T12926] loop4: detected capacity change from 0 to 2048
[ 1011.183283][T12926] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1011.214426][   T26] audit: type=1800 audit(1754877391.912:79): pid=12926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2205" name="file1" dev="loop4" ino=1415 res=0 errno=0
[ 1011.235079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1011.434211][T12925] comedi comedi3: 8255: I/O port conflict (0x5,4)
[ 1011.449951][T12930] loop6: detected capacity change from 0 to 128
[ 1011.606247][T12925] comedi comedi3: 8255: I/O port conflict (0x2,4)
[ 1012.107870][T12925] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1012.291489][T12925] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[ 1012.300235][T12925] comedi comedi3: 8255: I/O port conflict (0x5,4)
[ 1012.307140][T12925] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[ 1012.314279][T12925] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1012.322398][T12925] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1012.335741][T12925] comedi comedi3: 8255: I/O port conflict (0x9,4)
[ 1012.343273][T12925] comedi comedi3: 8255: I/O port conflict (0x6,4)
[ 1012.350352][T12925] comedi comedi3: 8255: I/O port conflict (0x4,4)
[ 1012.357495][T12925] comedi comedi3: 8255: I/O port conflict (0x3,4)
[ 1012.364793][T12925] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[ 1012.372909][T12925] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[ 1015.422840][T12961] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1015.422840][T12961]    program syz.2.2215 not setting count and/or reply_len properly
[ 1019.044826][T12986] loop2: detected capacity change from 0 to 128
[ 1023.135307][   T22] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[ 1023.424545][T13033] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1023.424545][T13033]    program syz.2.2230 not setting count and/or reply_len properly
[ 1023.447276][   T22] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1023.465121][   T22] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1023.608472][T13037] loop3: detected capacity change from 0 to 1024
[ 1024.050096][   T22] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1024.056872][   T22] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1024.066467][   T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.083756][   T22] usb 5-1: config 0 descriptor??
[ 1024.726220][   T22] hid-steam 0003:28DE:1102.0007: unknown main item tag 0x0
[ 1024.735205][   T22] hid-steam 0003:28DE:1102.0007: unknown main item tag 0x0
[ 1024.755119][   T22] hid-steam 0003:28DE:1102.0007: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[ 1024.818542][   T22] hid-steam 0003:28DE:1102.0008: unknown main item tag 0x0
[ 1024.825973][   T22] hid-steam 0003:28DE:1102.0008: unknown main item tag 0x0
[ 1024.837519][   T22] hid-steam 0003:28DE:1102.0008: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[ 1024.915189][   T22] hid-steam 0003:28DE:1102.0007: Steam Controller 'XXXXXXXXXX' connected
[ 1025.079455][   T22] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0007/input/input12
[ 1025.221150][T13048] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1025.221150][T13048]    program syz.3.2237 not setting count and/or reply_len properly
[ 1027.134941][T12317] usb 5-1: USB disconnect, device number 9
[ 1027.169114][T12317] hid-steam 0003:28DE:1102.0007: Steam Controller 'XXXXXXXXXX' disconnected
[ 1028.477558][T13049] fido_id[13049]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1029.816645][T13070] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1029.816645][T13070]    program syz.3.2243 not setting count and/or reply_len properly
[ 1032.311559][T13077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2245'.
[ 1034.014370][T13091] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2248'.
[ 1035.888492][T13097] loop6: detected capacity change from 0 to 40427
[ 1035.908837][T13097] F2FS-fs (loop6): invalid crc value
[ 1035.914285][T13097] F2FS-fs (loop6): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[ 1036.365425][T13097] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1036.445865][T13097] F2FS-fs (loop6): recover fsync data on readonly fs
[ 1036.453762][T13097] F2FS-fs (loop6): Cannot turn on quotas: -2 on 0
[ 1036.460835][T13097] F2FS-fs (loop6): Cannot turn on quotas: -2 on 1
[ 1036.470048][T13097] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1037.801694][T13114] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2254'.
[ 1040.361400][T13132] loop3: detected capacity change from 0 to 1024
[ 1045.545196][T13162] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2265'.
[ 1046.577942][T13174] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2268'.
[ 1049.205252][  T951] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[ 1049.617491][  T951] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1049.718164][  T951] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1049.838128][T13203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2279'.
[ 1050.218037][  T951] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1050.243233][  T951] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1050.292199][  T951] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1050.325772][  T951] usb 4-1: config 0 descriptor??
[ 1051.309049][  T951] hid-steam 0003:28DE:1102.0009: unknown main item tag 0x0
[ 1051.316546][  T951] hid-steam 0003:28DE:1102.0009: unknown main item tag 0x0
[ 1051.324529][  T951] hid-steam 0003:28DE:1102.0009: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[ 1051.630492][T13198] device vlan2 entered promiscuous mode
[ 1051.636728][T13198] bond0: (slave vlan2): Opening slave failed
[ 1051.857538][  T951] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[ 1051.864816][  T951] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[ 1051.965077][  T951] hid-steam 0003:28DE:1102.000A: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[ 1052.090367][  T951] hid-steam 0003:28DE:1102.0009: Steam Controller 'XXXXXXXXXX' connected
[ 1052.120557][  T951] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0009/input/input13
[ 1052.220452][  T951] usb 4-1: USB disconnect, device number 18
[ 1053.124217][  T951] hid-steam 0003:28DE:1102.0009: Steam Controller 'XXXXXXXXXX' disconnected
[ 1053.197806][T13217] fido_id[13217]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1053.455195][ T4333] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[ 1053.534039][T13212] loop2: detected capacity change from 0 to 32768
[ 1053.604481][T13212] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1053.620197][T13212] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1053.631146][T13212] BTRFS info (device loop2): setting nodatacow, compression disabled
[ 1053.639714][T13212] BTRFS error (device loop2): unrecognized mount option 'max_inline='
[ 1053.653892][T13212] BTRFS error (device loop2): open_ctree failed: -22
[ 1053.656957][ T4333] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1053.721173][ T4333] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1053.772063][ T4333] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1053.795373][ T4333] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1053.840229][ T4333] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.864391][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (4456)
[ 1053.919151][ T4333] usb 6-1: config 0 descriptor??
[ 1054.328961][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.487129][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.969374][ T4333] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[ 1054.999942][ T4333] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[ 1055.091172][ T4333] hid-steam 0003:28DE:1102.000B: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1055.380111][ T4333] hid-steam 0003:28DE:1102.000C: unknown main item tag 0x0
[ 1055.513142][ T4333] hid-steam 0003:28DE:1102.000C: unknown main item tag 0x0
[ 1055.688764][T13234] device vlan2 entered promiscuous mode
[ 1055.694473][T13234] device bond0 entered promiscuous mode
[ 1055.700196][T13234] device bond_slave_0 entered promiscuous mode
[ 1055.708035][T13234] device bond_slave_1 entered promiscuous mode
[ 1055.723631][T13234] bond0: (slave vlan2): Opening slave failed
[ 1055.843520][ T4333] hid-steam 0003:28DE:1102.000C: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1056.215290][ T4333] hid-steam 0003:28DE:1102.000B: Steam Controller 'XXXXXXXXXX' connected
[ 1056.245661][ T4333] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.000B/input/input14
[ 1056.298432][T13243] [U] 
[ 1056.301186][T13243] [U] 
[ 1056.303887][T13243] [U] 
[ 1056.306579][T13243] [U] 
[ 1056.309262][T13243] [U] 
[ 1056.311945][T13243] [U] 
[ 1056.314624][T13243] [U] 
[ 1056.317396][T13243] [U] 
[ 1056.525336][T13243] [U] 
[ 1056.528079][T13243] [U] 
[ 1056.530788][T13243] [U] 
[ 1057.261770][T13241] [U] 
[ 1057.395122][T11630] usb 6-1: reset full-speed USB device number 7 using dummy_hcd
[ 1058.174286][T13262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2294'.
[ 1059.454878][ T4333] usb 6-1: USB disconnect, device number 7
[ 1059.528782][ T4333] hid-steam 0003:28DE:1102.000B: Steam Controller 'XXXXXXXXXX' disconnected
[ 1060.117439][T13257] loop4: detected capacity change from 0 to 32768
[ 1060.226566][T13257] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1060.297129][T13257] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[ 1060.325253][T13257] BTRFS info (device loop4): setting nodatacow, compression disabled
[ 1060.350035][T13257] BTRFS error (device loop4): unrecognized mount option 'max_inline='
[ 1060.400669][T13272] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2299'.
[ 1060.414649][T13257] BTRFS error (device loop4): open_ctree failed: -22
[ 1060.560147][ T4456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by udevd (4456)
[ 1060.723523][ T4266] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[ 1060.733644][ T4266] CPU: 1 PID: 4266 Comm: kworker/u5:1 Not tainted 6.1.147-syzkaller #0
[ 1060.741906][ T4266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1060.752053][ T4266] Workqueue: hci3 hci_rx_work
[ 1060.756745][ T4266] Call Trace:
[ 1060.760018][ T4266]  <TASK>
[ 1060.762946][ T4266]  dump_stack_lvl+0x168/0x22e
[ 1060.767631][ T4266]  ? show_regs_print_info+0x12/0x12
[ 1060.772820][ T4266]  ? load_image+0x3b0/0x3b0
[ 1060.777331][ T4266]  sysfs_create_dir_ns+0x252/0x280
[ 1060.782444][ T4266]  ? hci_rx_work+0x3eb/0xd40
[ 1060.787043][ T4266]  ? sysfs_warn_dup+0xa0/0xa0
[ 1060.791713][ T4266]  ? do_raw_spin_unlock+0x11d/0x230
[ 1060.796929][ T4266]  kobject_add_internal+0x6b8/0xc80
[ 1060.802143][ T4266]  kobject_add+0x152/0x210
[ 1060.806566][ T4266]  ? kobject_init+0x1d0/0x1d0
[ 1060.811247][ T4266]  ? klist_children_get+0x50/0x50
[ 1060.816269][ T4266]  ? get_device_parent+0x121/0x3f0
[ 1060.821379][ T4266]  device_add+0x483/0xfb0
[ 1060.825711][ T4266]  ? kmem_cache_free+0xf7/0x290
[ 1060.830579][ T4266]  hci_conn_add_sysfs+0xd1/0x1e0
[ 1060.835527][ T4266]  le_conn_complete_evt+0xd1d/0x1320
[ 1060.840827][ T4266]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[ 1060.847073][ T4266]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 1060.852700][ T4266]  ? skb_pull_data+0xf7/0x200
[ 1060.857374][ T4266]  hci_le_conn_complete_evt+0x183/0x440
[ 1060.862919][ T4266]  ? hci_remote_host_features_evt+0x270/0x270
[ 1060.868979][ T4266]  hci_event_packet+0x791/0x1210
[ 1060.873924][ T4266]  ? bis_list+0x280/0x280
[ 1060.878244][ T4266]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 1060.884134][ T4266]  ? kcov_remote_start+0x4c7/0x7e0
[ 1060.889236][ T4266]  ? default_do_nmi+0xf0/0x150
[ 1060.893993][ T4266]  ? hci_send_to_monitor+0x9c/0x4a0
[ 1060.899186][ T4266]  hci_rx_work+0x3eb/0xd40
[ 1060.903599][ T4266]  ? _raw_spin_unlock+0x40/0x40
[ 1060.908450][ T4266]  ? process_one_work+0x7a1/0x1160
[ 1060.913552][ T4266]  process_one_work+0x898/0x1160
[ 1060.918496][ T4266]  ? worker_detach_from_pool+0x240/0x240
[ 1060.924121][ T4266]  ? _raw_spin_lock_irq+0xab/0xe0
[ 1060.929228][ T4266]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 1060.934593][ T4266]  ? kthread_data+0x4b/0xc0
[ 1060.939094][ T4266]  worker_thread+0xaa2/0x1250
[ 1060.943784][ T4266]  kthread+0x29d/0x330
[ 1060.947850][ T4266]  ? worker_clr_flags+0x1a0/0x1a0
[ 1060.952865][ T4266]  ? kthread_blkcg+0xd0/0xd0
[ 1060.957454][ T4266]  ret_from_fork+0x1f/0x30
[ 1060.961884][ T4266]  </TASK>
[ 1060.965667][ T4266] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1060.978964][ T4266] Bluetooth: hci3: failed to register connection device
[ 1061.097930][T13274] 9pnet_fd: Insufficient options for proto=fd
[ 1062.002275][  T951] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[ 1062.620642][  T951] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1063.095181][  T951] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1063.100147][ T4333] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[ 1063.111237][  T951] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1063.119742][  T951] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1063.133614][  T951] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1063.246071][  T951] usb 6-1: config 0 descriptor??
[ 1063.331491][ T4333] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1063.383797][ T4333] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1063.895619][  T951] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0
[ 1063.903261][  T951] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0
[ 1063.958598][  T951] hid-steam 0003:28DE:1102.000D: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1063.987379][  T951] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0
[ 1063.995083][  T951] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0
[ 1064.008913][  T951] hid-steam 0003:28DE:1102.000E: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1064.024012][ T4333] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1064.041001][ T4333] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1064.057361][T13309] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2311'.
[ 1064.066560][ T4333] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1064.076993][ T4333] usb 5-1: config 0 descriptor??
[ 1064.085122][  T951] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' connected
[ 1064.170624][  T951] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.000D/input/input15
[ 1064.418448][T13314] device vlan2 entered promiscuous mode
[ 1064.430547][T13314] bond0: (slave vlan2): Opening slave failed
[ 1064.919124][ T4333] hid-steam 0003:28DE:1102.000F: unknown main item tag 0x0
[ 1064.958549][ T4333] hid-steam 0003:28DE:1102.000F: unknown main item tag 0x0
[ 1065.185451][ T8754] usb 6-1: reset full-speed USB device number 8 using dummy_hcd
[ 1065.345814][ T4333] hid-steam 0003:28DE:1102.000F: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[ 1066.030733][ T4333] hid-steam 0003:28DE:1102.0010: unknown main item tag 0x0
[ 1066.082726][ T4333] hid-steam 0003:28DE:1102.0010: unknown main item tag 0x0
[ 1066.111386][ T4333] hid-steam 0003:28DE:1102.0010: hidraw1: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[ 1066.185190][ T4333] hid-steam 0003:28DE:1102.000F: Steam Controller 'XXXXXXXXXX' connected
[ 1066.226104][ T4333] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.000F/input/input16
[ 1066.344131][ T4333] usb 5-1: USB disconnect, device number 10
[ 1066.418414][ T4333] hid-steam 0003:28DE:1102.000F: Steam Controller 'XXXXXXXXXX' disconnected
[ 1066.494601][T13332] 9pnet_fd: Insufficient options for proto=fd
[ 1066.592786][T13327] loop2: detected capacity change from 0 to 4096
[ 1066.918416][  T951] usb 6-1: USB disconnect, device number 8
[ 1066.918648][T13338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2317'.
[ 1067.249202][  T951] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' disconnected
[ 1067.261573][T13329] fido_id[13329]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1067.276443][T13337] loop5: detected capacity change from 0 to 2048
[ 1067.285144][ T4266] Bluetooth: hci3: command 0x0406 tx timeout
[ 1067.299974][T13327] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[ 1067.351545][T13340] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1067.410759][T13327] ntfs3: loop2: Failed to load $Extend.
[ 1068.047604][T13347] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2321'.
[ 1068.444805][T13345] loop5: detected capacity change from 0 to 4096
[ 1068.697635][T13351] ptrace attach of "./syz-executor exec"[4273] was attempted by "./syz-executor exec"[13351]
[ 1069.458678][T13345] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[ 1069.513905][T13345] ntfs3: loop5: Failed to load $Extend.
[ 1069.720218][T13339] loop4: detected capacity change from 0 to 32768
[ 1070.832250][   T26] audit: type=1800 audit(1754877451.452:80): pid=13361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2320" name="file1" dev="loop5" ino=30 res=0 errno=0
[ 1071.265287][ T4255] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[ 1071.505585][ T4255] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1071.529747][ T4255] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1072.270777][T13378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2326'.
[ 1072.426405][T13381] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2327'.
[ 1072.435479][ T4255] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1072.442100][ T4255] usb 7-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1072.512976][ T4255] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1072.547204][T13380] loop5: detected capacity change from 0 to 2048
[ 1072.567552][ T4255] usb 7-1: config 0 descriptor??
[ 1072.660739][T13383] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1072.984965][ T4255] hid-steam 0003:28DE:1102.0011: unknown main item tag 0x0
[ 1073.025425][ T4255] hid-steam 0003:28DE:1102.0011: unknown main item tag 0x0
[ 1073.098748][ T4255] hid-steam 0003:28DE:1102.0011: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0
[ 1074.209705][T13397] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1074.209705][T13397]    program syz.3.2332 not setting count and/or reply_len properly
[ 1074.212847][ T4255] hid-steam 0003:28DE:1102.0012: unknown main item tag 0x0
[ 1074.510228][ T4255] hid-steam 0003:28DE:1102.0012: unknown main item tag 0x0
[ 1074.744689][ T4255] hid-steam 0003:28DE:1102.0012: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0
[ 1075.105272][ T4255] hid-steam 0003:28DE:1102.0011: Steam Controller 'XXXXXXXXXX' connected
[ 1075.260517][ T4255] input: Steam Controller as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:28DE:1102.0011/input/input17
[ 1075.584978][  T951] usb 7-1: USB disconnect, device number 2
[ 1075.710202][  T951] hid-steam 0003:28DE:1102.0011: Steam Controller 'XXXXXXXXXX' disconnected
[ 1075.830413][T13402] fido_id[13402]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 1076.085217][ T8754] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[ 1076.411846][ T8754] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1076.423906][ T8754] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1076.945132][ T8754] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1076.956546][ T8754] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1076.974738][ T8754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1077.026847][ T8754] usb 3-1: config 0 descriptor??
[ 1079.294148][T13419] loop4: detected capacity change from 0 to 4096
[ 1079.327856][ T8754] usbhid 3-1:0.0: can't add hid device: -71
[ 1079.333873][ T8754] usbhid: probe of 3-1:0.0 failed with error -71
[ 1079.353381][T13426] 9pnet_fd: Insufficient options for proto=fd
[ 1079.419844][ T8754] usb 3-1: USB disconnect, device number 18
[ 1079.463116][T13419] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[ 1079.521441][T13419] ntfs3: loop4: Failed to load $Extend.
[ 1080.805730][   T26] audit: type=1800 audit(1754877460.912:81): pid=13434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2339" name="file1" dev="loop4" ino=30 res=0 errno=0
[ 1081.941261][T13446] loop2: detected capacity change from 0 to 512
[ 1081.990075][T13446] EXT4-fs: Ignoring removed orlov option
[ 1082.008352][T13438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2343'.
[ 1082.026794][T13446] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1082.130125][T13446] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1082.171707][T13446] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2344: bg 0: block 248: padding at end of block bitmap is not set
[ 1082.558732][T13446] Quota error (device loop2): write_blk: dquota write failed
[ 1082.614554][T13446] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1082.641655][T13446] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.2344: Failed to acquire dquot type 1
[ 1082.676331][T13446] EXT4-fs (loop2): 1 truncate cleaned up
[ 1082.704325][T13446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1082.909931][T13446] EXT4-fs: Ignoring removed orlov option
[ 1082.979098][T13446] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1083.076042][T13462] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1083.076042][T13462]    program syz.3.2349 not setting count and/or reply_len properly
[ 1083.094874][T13446] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[ 1083.182845][T13446] EXT4-fs error (device loop2): __ext4_remount:6623: comm syz.2.2344: Abort forced by user
[ 1083.203334][T13446] EXT4-fs (loop2): Remounting filesystem read-only
[ 1083.214595][T13446] EXT4-fs (loop2): re-mounted. Quota mode: writeback.
[ 1083.227998][T13446] ext4 filesystem being remounted at /506/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1083.356748][T11484] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1083.369533][T11484] CPU: 0 PID: 11484 Comm: kworker/u5:0 Not tainted 6.1.147-syzkaller #0
[ 1083.377906][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1083.387987][T11484] Workqueue: hci5 hci_rx_work
[ 1083.392693][T11484] Call Trace:
[ 1083.395984][T11484]  <TASK>
[ 1083.398929][T11484]  dump_stack_lvl+0x168/0x22e
[ 1083.403637][T11484]  ? show_regs_print_info+0x12/0x12
[ 1083.408849][T11484]  ? load_image+0x3b0/0x3b0
[ 1083.413386][T11484]  sysfs_create_dir_ns+0x252/0x280
[ 1083.418527][T11484]  ? hci_rx_work+0x3eb/0xd40
[ 1083.423138][T11484]  ? sysfs_warn_dup+0xa0/0xa0
[ 1083.427827][T11484]  ? do_raw_spin_unlock+0x11d/0x230
[ 1083.433048][T11484]  kobject_add_internal+0x6b8/0xc80
[ 1083.438269][T11484]  kobject_add+0x152/0x210
[ 1083.442706][T11484]  ? kobject_init+0x1d0/0x1d0
[ 1083.447400][T11484]  ? klist_children_get+0x50/0x50
[ 1083.452439][T11484]  ? get_device_parent+0x121/0x3f0
[ 1083.457569][T11484]  device_add+0x483/0xfb0
[ 1083.461911][T11484]  ? kmem_cache_free+0xf7/0x290
[ 1083.466784][T11484]  hci_conn_add_sysfs+0xd1/0x1e0
[ 1083.471739][T11484]  le_conn_complete_evt+0xd1d/0x1320
[ 1083.477063][T11484]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[ 1083.483335][T11484]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 1083.488993][T11484]  ? skb_pull_data+0xf7/0x200
[ 1083.493697][T11484]  hci_le_conn_complete_evt+0x183/0x440
[ 1083.499263][T11484]  ? hci_remote_host_features_evt+0x270/0x270
[ 1083.505377][T11484]  hci_event_packet+0x791/0x1210
[ 1083.507468][T13471] 9pnet_fd: Insufficient options for proto=fd
[ 1083.510321][T11484]  ? bis_list+0x280/0x280
[ 1083.520756][T11484]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 1083.526674][T11484]  ? kcov_remote_start+0x4c7/0x7e0
[ 1083.531800][T11484]  ? default_do_nmi+0xf0/0x150
[ 1083.536583][T11484]  ? hci_send_to_monitor+0x9c/0x4a0
[ 1083.541804][T11484]  hci_rx_work+0x3eb/0xd40
[ 1083.546243][T11484]  ? _raw_spin_unlock+0x40/0x40
[ 1083.551128][T11484]  ? process_one_work+0x7a1/0x1160
[ 1083.556254][T11484]  process_one_work+0x898/0x1160
[ 1083.561226][T11484]  ? worker_detach_from_pool+0x240/0x240
[ 1083.566885][T11484]  ? _raw_spin_lock_irq+0xab/0xe0
[ 1083.571930][T11484]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 1083.577327][T11484]  ? kthread_data+0x4b/0xc0
[ 1083.581851][T11484]  worker_thread+0xaa2/0x1250
[ 1083.586556][T11484]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[ 1083.592474][T11484]  ? __kthread_parkme+0x162/0x1c0
[ 1083.597528][T11484]  kthread+0x29d/0x330
[ 1083.601614][T11484]  ? worker_clr_flags+0x1a0/0x1a0
[ 1083.606646][T11484]  ? kthread_blkcg+0xd0/0xd0
[ 1083.611254][T11484]  ret_from_fork+0x1f/0x30
[ 1083.615708][T11484]  </TASK>
[ 1083.618839][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1083.664128][T11484] kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1083.677483][T11484] Bluetooth: hci5: failed to register connection device
[ 1083.769997][T13476] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1083.769997][T13476]    program syz.5.2351 not setting count and/or reply_len properly
[ 1084.405111][ T8635] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 1084.560574][T13484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2354'.
[ 1084.655584][T13487] ptrace attach of "./syz-executor exec"[11483] was attempted by "./syz-executor exec"[13487]
[ 1085.445258][ T8635] usb 3-1: Using ep0 maxpacket: 8
[ 1085.567262][ T8635] usb 3-1: device descriptor read/all, error -71
[ 1085.601657][ T4273] EXT4-fs (loop2): unmounting filesystem.
[ 1085.699322][T13493] loop6: detected capacity change from 0 to 4096
[ 1085.775962][T13493] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[ 1085.856178][T13493] ntfs3: loop6: Failed to load $Extend.
[ 1086.408175][T13495] loop2: detected capacity change from 0 to 4096
[ 1086.564952][T13495] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[ 1086.633254][T13495] ntfs3: loop2: Failed to load $Extend.
[ 1087.507778][T13512] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1087.507778][T13512]    program syz.3.2359 not setting count and/or reply_len properly
[ 1088.707229][T13517] 9pnet_fd: Insufficient options for proto=fd
[ 1089.448829][T13524] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1089.448829][T13524]    program syz.3.2364 not setting count and/or reply_len properly
[ 1089.693955][T13529] loop4: detected capacity change from 0 to 2048
[ 1089.825462][   T41] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1089.921382][T13533] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1090.035369][   T41] usb 7-1: Using ep0 maxpacket: 32
[ 1090.076152][   T41] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[ 1090.214112][   T41] usb 7-1: config 0 has no interface number 0
[ 1090.248159][   T41] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1090.282020][   T41] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1090.360730][   T41] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1090.515115][   T41] usb 7-1: Product: syz
[ 1090.519866][   T41] usb 7-1: Manufacturer: syz
[ 1090.524491][   T41] usb 7-1: SerialNumber: syz
[ 1090.892004][T13546] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1090.892004][T13546]    program syz.2.2371 not setting count and/or reply_len properly
[ 1091.241064][   T41] usb 7-1: config 0 descriptor??
[ 1091.260417][   T41] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1091.276420][   T41] em28xx 7-1:0.132: Video interface 132 found:
[ 1091.422912][T13547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2368'.
[ 1091.671561][   T41] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[ 1091.724446][T13554] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2374'.
[ 1091.769711][ T8754] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[ 1091.987510][ T8754] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1092.055668][ T8754] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1092.083545][T13526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1092.318629][T13526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1092.346698][ T8754] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1092.358314][T13526] netlink: 324 bytes leftover after parsing attributes in process `syz.6.2365'.
[ 1092.365179][ T8754] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1092.386972][ T8754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1092.397518][ T8754] usb 3-1: config 0 descriptor??
[ 1092.406870][   T41] em28xx 7-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[ 1092.423156][   T41] em28xx 7-1:0.132: board has no eeprom
[ 1092.495193][   T41] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1092.511494][   T41] em28xx 7-1:0.132: analog set to bulk mode.
[ 1092.533687][   T41] usb 7-1: USB disconnect, device number 3
[ 1092.543427][   T41] em28xx 7-1:0.132: Disconnecting em28xx
[ 1092.554521][   T22] em28xx 7-1:0.132: Registering V4L2 extension
[ 1092.814464][ T8754] hid-steam 0003:28DE:1102.0013: unknown main item tag 0x0
[ 1092.835227][ T8754] hid-steam 0003:28DE:1102.0013: unknown main item tag 0x0
[ 1092.852246][ T8754] hid-steam 0003:28DE:1102.0013: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 1092.881911][ T8754] hid-steam 0003:28DE:1102.0014: unknown main item tag 0x0
[ 1092.899974][ T8754] hid-steam 0003:28DE:1102.0014: unknown main item tag 0x0
[ 1092.921167][ T8754] hid-steam 0003:28DE:1102.0014: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 1092.974351][   T22] em28xx 7-1:0.132: Config register raw data: 0xffffffed
[ 1092.985881][   T22] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[ 1092.995078][ T8754] hid-steam 0003:28DE:1102.0013: Steam Controller 'XXXXXXXXXX' connected
[ 1093.008050][ T8754] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.0013/input/input18
[ 1093.020122][   T22] em28xx 7-1:0.132: No AC97 audio processor
[ 1093.028260][   T22] usb 7-1: Decoder not found
[ 1093.034595][   T22] em28xx 7-1:0.132: failed to create media graph
[ 1093.055189][   T22] em28xx 7-1:0.132: V4L2 device video103 deregistered
[ 1093.063683][   T22] em28xx 7-1:0.132: Remote control support is not available for this card.
[ 1093.074271][   T41] em28xx 7-1:0.132: Closing input extension
[ 1093.085834][   T41] em28xx 7-1:0.132: Freeing device
[ 1093.779034][T13552] device vlan2 entered promiscuous mode
[ 1093.784700][T13552] device bond0 entered promiscuous mode
[ 1093.790480][T13552] device bond_slave_0 entered promiscuous mode
[ 1093.797422][T13552] device bond_slave_1 entered promiscuous mode
[ 1093.804400][T13552] bond0: (slave vlan2): Opening slave failed
[ 1094.177154][   T41] usb 3-1: reset full-speed USB device number 21 using dummy_hcd
[ 1094.334693][T13580] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1094.334693][T13580]    program syz.6.2379 not setting count and/or reply_len properly
[ 1095.161084][   T22] usb 3-1: USB disconnect, device number 21
[ 1095.194606][   T22] hid-steam 0003:28DE:1102.0013: Steam Controller 'XXXXXXXXXX' disconnected
[ 1095.264241][T13590] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1095.264241][T13590]    program syz.2.2381 not setting count and/or reply_len properly
[ 1097.138403][T13605] hfsplus: unable to find HFS+ superblock
[ 1097.665280][   T22] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1097.865106][   T22] usb 5-1: Using ep0 maxpacket: 32
[ 1097.873197][   T22] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 1097.881695][   T22] usb 5-1: config 0 has no interface number 0
[ 1097.920848][   T22] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1098.000746][   T22] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1098.058106][   T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1098.066815][   T22] usb 5-1: Product: syz
[ 1098.071086][   T22] usb 5-1: Manufacturer: syz
[ 1098.078515][   T22] usb 5-1: SerialNumber: syz
[ 1098.104891][   T22] usb 5-1: config 0 descriptor??
[ 1098.158312][   T22] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1098.168364][   T22] em28xx 5-1:0.132: Video interface 132 found:
[ 1098.554914][   T22] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 1098.868693][T13618] loop3: detected capacity change from 0 to 1024
[ 1099.255540][T13606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1099.412429][T13606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1099.586921][T13606] netlink: 324 bytes leftover after parsing attributes in process `syz.4.2387'.
[ 1099.633403][   T22] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[ 1099.659457][   T22] em28xx 5-1:0.132: board has no eeprom
[ 1099.747101][   T22] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1099.764873][   T22] em28xx 5-1:0.132: analog set to bulk mode.
[ 1100.274578][   T22] usb 5-1: USB disconnect, device number 11
[ 1100.291357][   T22] em28xx 5-1:0.132: Disconnecting em28xx
[ 1100.297869][   T41] em28xx 5-1:0.132: Registering V4L2 extension
[ 1100.702656][T13632] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2393'.
[ 1101.341046][T13642] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1101.341046][T13642]    program syz.5.2397 not setting count and/or reply_len properly
[ 1102.161503][   T41] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 1102.180416][   T41] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 1102.426747][T13648] hfsplus: unable to find HFS+ superblock
[ 1102.628995][   T41] em28xx 5-1:0.132: No AC97 audio processor
[ 1102.896169][   T41] usb 5-1: Decoder not found
[ 1102.965076][T13654] ptrace attach of "./syz-executor exec"[4265] was attempted by "./syz-executor exec"[13654]
[ 1105.076629][   T41] em28xx 5-1:0.132: failed to create media graph
[ 1105.563872][   T41] em28xx 5-1:0.132: V4L2 device video103 deregistered
[ 1105.920628][   T41] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 1105.929759][   T22] em28xx 5-1:0.132: Closing input extension
[ 1105.987643][T13677] ptrace attach of "./syz-executor exec"[4265] was attempted by "./syz-executor exec"[13677]
[ 1106.930827][T13682] hfsplus: unable to find HFS+ superblock
[ 1107.148728][   T22] em28xx 5-1:0.132: Freeing device
[ 1108.925812][T13688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2409'.
[ 1111.243970][T13696] loop4: detected capacity change from 0 to 40427
[ 1111.272400][T13696] F2FS-fs (loop4): invalid crc value
[ 1111.277897][T13696] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[ 1111.361515][T13696] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1111.447339][T13696] F2FS-fs (loop4): recover fsync data on readonly fs
[ 1111.454783][T13696] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[ 1111.461882][T13696] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[ 1111.482273][T13696] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1111.773622][T13703] loop3: detected capacity change from 0 to 2048
[ 1111.996046][T13708] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1112.098290][T13710] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2412'.
[ 1115.749083][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.755508][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.819996][T13741] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1117.819996][T13741]    program syz.3.2422 not setting count and/or reply_len properly
[ 1118.012310][T13743] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1118.012310][T13743]    program syz.4.2425 not setting count and/or reply_len properly
[ 1119.828504][T13752] loop2: detected capacity change from 0 to 40427
[ 1119.852275][T13752] F2FS-fs (loop2): invalid crc value
[ 1119.858201][T13752] F2FS-fs (loop2): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[ 1120.081245][T13752] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1120.161278][T13752] F2FS-fs (loop2): recover fsync data on readonly fs
[ 1120.168977][T13752] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[ 1120.176162][T13752] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[ 1120.187327][T13752] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1120.279306][T13755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2427'.
[ 1120.423649][T13753] loop4: detected capacity change from 0 to 2048
[ 1120.443174][T13753] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1120.454402][   T26] audit: type=1800 audit(1754877501.162:82): pid=13753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2428" name="file1" dev="loop4" ino=1415 res=0 errno=0
[ 1120.713027][T11484] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1120.725648][T11484] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1120.734122][T11484] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1120.744407][ T4270] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1120.752016][T11484] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1120.766088][ T4270] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1122.197500][T13762] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2429'.
[ 1122.494754][T13771] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1122.494754][T13771]    program syz.6.2431 not setting count and/or reply_len properly
[ 1122.795215][ T4266] Bluetooth: hci2: command 0x0409 tx timeout
[ 1124.875108][ T4266] Bluetooth: hci2: command 0x041b tx timeout
[ 1125.967409][T13757] chnl_net:caif_netlink_parms(): no params data found
[ 1126.481882][   T33] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1126.945163][ T4266] Bluetooth: hci2: command 0x040f tx timeout
[ 1127.528658][T13807] loop3: detected capacity change from 0 to 128
[ 1127.834669][   T33] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1128.108308][T13757] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1128.173352][T13822] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1128.173352][T13822]    program syz.3.2443 not setting count and/or reply_len properly
[ 1128.764090][T13757] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1128.774484][T13757] device bridge_slave_0 entered promiscuous mode
[ 1129.020528][T13824] hfsplus: unable to find HFS+ superblock
[ 1129.025105][ T4266] Bluetooth: hci2: command 0x0419 tx timeout
[ 1129.249471][T11630] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[ 1129.361417][   T33] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1129.369847][T13757] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1129.369885][T13757] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1129.370693][T13757] device bridge_slave_1 entered promiscuous mode
[ 1129.396237][T13757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1129.444570][T13757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1129.479866][T11630] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1129.479979][T11630] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1129.480096][T11630] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1129.480126][T11630] usb 7-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1129.480185][T11630] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1129.493903][T11630] usb 7-1: config 0 descriptor??
[ 1129.717186][   T33] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.029758][T11630] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0
[ 1131.164608][T11630] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0
[ 1131.197589][T11630] hid-steam 0003:28DE:1102.0015: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0
[ 1131.247235][T11630] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0
[ 1131.271580][T11630] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0
[ 1131.288078][T11630] hid-steam 0003:28DE:1102.0016: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0
[ 1131.307635][T13757] team0: Port device team_slave_0 added
[ 1131.431342][T11630] hid-steam 0003:28DE:1102.0015: Steam Controller 'XXXXXXXXXX' connected
[ 1131.446960][T13757] team0: Port device team_slave_1 added
[ 1131.883876][T13840] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1131.883876][T13840]    program syz.3.2449 not setting count and/or reply_len properly
[ 1132.112004][T11630] input: Steam Controller as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:28DE:1102.0015/input/input19
[ 1132.261802][T11630] usb 7-1: USB disconnect, device number 4
[ 1133.244807][ T8630] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1133.255871][T11630] hid-steam 0003:28DE:1102.0015: Steam Controller 'XXXXXXXXXX' disconnected
[ 1133.346182][T13849] hfsplus: unable to find HFS+ superblock
[ 1133.707617][T13757] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1133.714632][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.746188][ T8630] usb 4-1: Using ep0 maxpacket: 32
[ 1133.756598][ T8630] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 1133.764835][ T8630] usb 4-1: config 0 has no interface number 0
[ 1133.785128][ T8630] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1133.851884][ T8630] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1133.888157][T13757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1133.899042][ T8630] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1133.913260][T13757] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1133.920497][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.947518][T13757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1133.972128][ T8630] usb 4-1: Product: syz
[ 1133.995113][ T8630] usb 4-1: Manufacturer: syz
[ 1134.001275][ T8630] usb 4-1: SerialNumber: syz
[ 1134.148216][ T8630] usb 4-1: config 0 descriptor??
[ 1134.295385][ T8630] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1134.567473][T12317] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[ 1134.608964][ T8630] em28xx 4-1:0.132: Video interface 132 found:
[ 1134.632126][T13852] fido_id[13852]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 1134.753015][ T8630] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 1134.795888][T13757] device hsr_slave_0 entered promiscuous mode
[ 1134.816740][T12317] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1134.838407][T12317] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1134.858753][T12317] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1134.875205][T12317] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1134.895069][T12317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1134.926347][T12317] usb 3-1: config 0 descriptor??
[ 1134.935882][T13757] device hsr_slave_1 entered promiscuous mode
[ 1135.029429][   T33] tipc: Left network mode
[ 1135.266451][T13860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.340024][T13860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1135.505391][T13860] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2452'.
[ 1135.845412][T12317] hid-steam 0003:28DE:1102.0017: unknown main item tag 0x0
[ 1135.852853][T12317] hid-steam 0003:28DE:1102.0017: unknown main item tag 0x0
[ 1135.992413][T12317] hid-steam 0003:28DE:1102.0017: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 1136.019124][T12317] hid-steam 0003:28DE:1102.0018: unknown main item tag 0x0
[ 1136.027593][T12317] hid-steam 0003:28DE:1102.0018: unknown main item tag 0x0
[ 1136.053456][T12317] hid-steam 0003:28DE:1102.0018: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 1136.082035][ T8630] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[ 1136.135262][T12317] hid-steam 0003:28DE:1102.0017: Steam Controller 'XXXXXXXXXX' connected
[ 1136.170983][T12317] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.0017/input/input20
[ 1136.268250][ T8630] em28xx 4-1:0.132: board has no eeprom
[ 1136.405300][ T8630] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1136.491121][ T8630] em28xx 4-1:0.132: analog set to bulk mode.
[ 1136.617670][ T8630] em28xx 4-1:0.132: Registering V4L2 extension
[ 1136.627103][T12317] usb 3-1: USB disconnect, device number 22
[ 1136.709914][T12317] hid-steam 0003:28DE:1102.0017: Steam Controller 'XXXXXXXXXX' disconnected
[ 1136.787316][   T41] usb 4-1: USB disconnect, device number 19
[ 1136.794498][   T41] em28xx 4-1:0.132: Disconnecting em28xx
[ 1138.499556][T13876] fido_id[13876]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1139.341563][T13893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2460'.
[ 1139.826853][ T4266] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[ 1139.827746][T13908] 9pnet_fd: Insufficient options for proto=fd
[ 1140.121198][ T8630] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 1140.130029][ T8630] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 1140.168927][ T8630] em28xx 4-1:0.132: No AC97 audio processor
[ 1140.274588][T13915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2465'.
[ 1140.479001][ T8630] usb 4-1: Decoder not found
[ 1140.483641][ T8630] em28xx 4-1:0.132: failed to create media graph
[ 1140.802688][ T8630] em28xx 4-1:0.132: V4L2 device video103 deregistered
[ 1140.864880][ T8630] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 1140.865908][T13920] ==================================================================
[ 1140.882567][T13920] BUG: KASAN: use-after-free in v4l2_fh_open+0xc6/0x430
[ 1140.889491][T13920] Read of size 8 at addr ffff888074d14738 by task v4l_id/13920
[ 1140.897008][T13920] 
[ 1140.899337][T13920] CPU: 1 PID: 13920 Comm: v4l_id Not tainted 6.1.147-syzkaller #0
[ 1140.907166][T13920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1140.917204][T13920] Call Trace:
[ 1140.920464][T13920]  <TASK>
[ 1140.923373][T13920]  dump_stack_lvl+0x168/0x22e
[ 1140.928032][T13920]  ? __lock_acquire+0x7c50/0x7c50
[ 1140.933056][T13920]  ? show_regs_print_info+0x12/0x12
[ 1140.938238][T13920]  ? load_image+0x3b0/0x3b0
[ 1140.942729][T13920]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 1140.948089][T13920]  ? __virt_addr_valid+0x188/0x540
[ 1140.953190][T13920]  ? __virt_addr_valid+0x465/0x540
[ 1140.958283][T13920]  ? v4l2_fh_open+0xc6/0x430
[ 1140.962868][T13920]  print_report+0xa8/0x200
[ 1140.967268][T13920]  kasan_report+0x10b/0x140
[ 1140.971756][T13920]  ? v4l2_fh_open+0xc6/0x430
[ 1140.976327][T13920]  v4l2_fh_open+0xc6/0x430
[ 1140.980721][T13920]  em28xx_v4l2_open+0x152/0x990
[ 1140.985553][T13920]  ? __lock_acquire+0x7c50/0x7c50
[ 1140.990560][T13920]  v4l2_open+0x20b/0x360
[ 1140.994789][T13920]  chrdev_open+0x597/0x670
[ 1140.999200][T13920]  ? cd_forget+0x160/0x160
[ 1141.003625][T13920]  ? tomoyo_file_open+0xe9/0x170
[ 1141.008734][T13920]  ? fsnotify_perm+0x39b/0x550
[ 1141.013475][T13920]  ? cd_forget+0x160/0x160
[ 1141.017871][T13920]  do_dentry_open+0x7e9/0x10d0
[ 1141.022625][T13920]  path_openat+0x25c6/0x2e70
[ 1141.027195][T13920]  ? do_sys_openat2+0xcf/0x490
[ 1141.031940][T13920]  ? __x64_sys_openat+0x135/0x160
[ 1141.036961][T13920]  ? do_syscall_64+0x4c/0xa0
[ 1141.041531][T13920]  ? do_filp_open+0x3c0/0x3c0
[ 1141.046187][T13920]  do_filp_open+0x1c1/0x3c0
[ 1141.050666][T13920]  ? vfs_tmpfile+0x480/0x480
[ 1141.055240][T13920]  ? _raw_spin_unlock+0x24/0x40
[ 1141.060068][T13920]  ? alloc_fd+0x58f/0x630
[ 1141.064390][T13920]  do_sys_openat2+0x142/0x490
[ 1141.069047][T13920]  ? up_read+0x20/0x20
[ 1141.073095][T13920]  ? do_sys_open+0xe0/0xe0
[ 1141.077492][T13920]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 1141.083449][T13920]  ? lock_chain_count+0x20/0x20
[ 1141.088280][T13920]  __x64_sys_openat+0x135/0x160
[ 1141.093114][T13920]  do_syscall_64+0x4c/0xa0
[ 1141.097508][T13920]  ? clear_bhb_loop+0x60/0xb0
[ 1141.102160][T13920]  ? clear_bhb_loop+0x60/0xb0
[ 1141.106815][T13920]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1141.112693][T13920] RIP: 0033:0x7f987f8a7407
[ 1141.117096][T13920] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1141.136688][T13920] RSP: 002b:00007ffca9fe95f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1141.145081][T13920] RAX: ffffffffffffffda RBX: 00007f987f81d880 RCX: 00007f987f8a7407
[ 1141.153033][T13920] RDX: 0000000000000000 RSI: 00007ffca9feaf1a RDI: ffffffffffffff9c
[ 1141.160983][T13920] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1141.168933][T13920] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1141.176882][T13920] R13: 00007ffca9fe9840 R14: 00007f9880099000 R15: 0000561f7a5854d8
[ 1141.184837][T13920]  </TASK>
[ 1141.187838][T13920] 
[ 1141.190163][T13920] Allocated by task 8630:
[ 1141.194488][T13920]  kasan_set_track+0x4b/0x70
[ 1141.199066][T13920]  __kasan_kmalloc+0x8e/0xa0
[ 1141.203633][T13920]  em28xx_v4l2_init+0x107/0x2e70
[ 1141.208551][T13920]  em28xx_init_extension+0x118/0x1b0
[ 1141.213811][T13920]  process_one_work+0x898/0x1160
[ 1141.218729][T13920]  worker_thread+0xaa2/0x1250
[ 1141.223398][T13920]  kthread+0x29d/0x330
[ 1141.227445][T13920]  ret_from_fork+0x1f/0x30
[ 1141.231838][T13920] 
[ 1141.234140][T13920] Freed by task 8630:
[ 1141.238095][T13920]  kasan_set_track+0x4b/0x70
[ 1141.242689][T13920]  kasan_save_free_info+0x2d/0x50
[ 1141.247693][T13920]  ____kasan_slab_free+0x126/0x1e0
[ 1141.252779][T13920]  slab_free_freelist_hook+0x131/0x1a0
[ 1141.258213][T13920]  __kmem_cache_free+0xb6/0x1f0
[ 1141.263126][T13920]  em28xx_v4l2_init+0x166c/0x2e70
[ 1141.268126][T13920]  em28xx_init_extension+0x118/0x1b0
[ 1141.273389][T13920]  process_one_work+0x898/0x1160
[ 1141.278306][T13920]  worker_thread+0xaa2/0x1250
[ 1141.282956][T13920]  kthread+0x29d/0x330
[ 1141.287002][T13920]  ret_from_fork+0x1f/0x30
[ 1141.291395][T13920] 
[ 1141.293695][T13920] Last potentially related work creation:
[ 1141.299384][T13920]  kasan_save_stack+0x3a/0x60
[ 1141.304036][T13920]  __kasan_record_aux_stack+0xb2/0xc0
[ 1141.309387][T13920]  insert_work+0x54/0x3c0
[ 1141.313691][T13920]  __queue_work+0xba3/0xfb0
[ 1141.318173][T13920]  queue_work_on+0x11d/0x1d0
[ 1141.322740][T13920]  sg_release+0x1d0/0x2c0
[ 1141.327051][T13920]  __fput+0x22c/0x920
[ 1141.331022][T13920]  task_work_run+0x1ca/0x250
[ 1141.335587][T13920]  exit_to_user_mode_loop+0xe6/0x110
[ 1141.340858][T13920]  exit_to_user_mode_prepare+0xb1/0x140
[ 1141.346382][T13920]  syscall_exit_to_user_mode+0x16/0x40
[ 1141.351820][T13920]  do_syscall_64+0x58/0xa0
[ 1141.356213][T13920]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1141.362087][T13920] 
[ 1141.364387][T13920] The buggy address belongs to the object at ffff888074d14000
[ 1141.364387][T13920]  which belongs to the cache kmalloc-8k of size 8192
[ 1141.378427][T13920] The buggy address is located 1848 bytes inside of
[ 1141.378427][T13920]  8192-byte region [ffff888074d14000, ffff888074d16000)
[ 1141.391850][T13920] 
[ 1141.394150][T13920] The buggy address belongs to the physical page:
[ 1141.400547][T13920] page:ffffea0001d34400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74d10
[ 1141.410674][T13920] head:ffffea0001d34400 order:3 compound_mapcount:0 compound_pincount:0
[ 1141.418978][T13920] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1141.426992][T13920] raw: 00fff00000010200 ffffea00007cf600 dead000000000003 ffff888017442280
[ 1141.435553][T13920] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 1141.444108][T13920] page dumped because: kasan: bad access detected
[ 1141.450501][T13920] page_owner tracks the page as allocated
[ 1141.456190][T13920] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3939, tgid 3939 (dhcpcd-run-hook), ts 33320502782, free_ts 33320414861
[ 1141.477029][T13920]  post_alloc_hook+0x173/0x1a0
[ 1141.481773][T13920]  get_page_from_freelist+0x1a26/0x1ac0
[ 1141.487300][T13920]  __alloc_pages+0x1df/0x4e0
[ 1141.491869][T13920]  alloc_slab_page+0x5d/0x160
[ 1141.496523][T13920]  new_slab+0x87/0x2c0
[ 1141.500584][T13920]  ___slab_alloc+0xbc6/0x1220
[ 1141.505237][T13920]  __kmem_cache_alloc_node+0x1a0/0x260
[ 1141.510675][T13920]  kmalloc_trace+0x26/0xe0
[ 1141.515072][T13920]  tomoyo_init_log+0x1081/0x1f50
[ 1141.519989][T13920]  tomoyo_supervisor+0x326/0x10b0
[ 1141.524993][T13920]  tomoyo_env_perm+0x146/0x1e0
[ 1141.529743][T13920]  tomoyo_find_next_domain+0x157a/0x1a40
[ 1141.535353][T13920]  tomoyo_bprm_check_security+0x100/0x150
[ 1141.541050][T13920]  security_bprm_check+0x5e/0x90
[ 1141.545960][T13920]  bprm_execve+0xa77/0x18a0
[ 1141.550455][T13920]  do_execveat_common+0x51b/0x6c0
[ 1141.555458][T13920] page last free stack trace:
[ 1141.560102][T13920]  free_unref_page_prepare+0x8b4/0x9a0
[ 1141.565541][T13920]  free_unref_page+0x2e/0x3f0
[ 1141.570209][T13920]  __unfreeze_partials+0x1a5/0x200
[ 1141.575311][T13920]  put_cpu_partial+0x17c/0x250
[ 1141.580048][T13920]  qlist_free_all+0x76/0xe0
[ 1141.584527][T13920]  kasan_quarantine_reduce+0x144/0x160
[ 1141.589961][T13920]  __kasan_slab_alloc+0x1e/0x80
[ 1141.594791][T13920]  slab_post_alloc_hook+0x4b/0x480
[ 1141.599883][T13920]  __kmem_cache_alloc_node+0x140/0x260
[ 1141.605334][T13920]  __kmalloc+0xa0/0x240
[ 1141.609470][T13920]  tomoyo_supervisor+0xba7/0x10b0
[ 1141.614468][T13920]  tomoyo_env_perm+0x146/0x1e0
[ 1141.619232][T13920]  tomoyo_find_next_domain+0x157a/0x1a40
[ 1141.624873][T13920]  tomoyo_bprm_check_security+0x100/0x150
[ 1141.630573][T13920]  security_bprm_check+0x5e/0x90
[ 1141.635487][T13920]  bprm_execve+0xa77/0x18a0
[ 1141.639986][T13920] 
[ 1141.642288][T13920] Memory state around the buggy address:
[ 1141.647889][T13920]  ffff888074d14600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1141.655954][T13920]  ffff888074d14680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1141.663993][T13920] >ffff888074d14700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1141.672026][T13920]                                         ^
[ 1141.677890][T13920]  ffff888074d14780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1141.685924][T13920]  ffff888074d14800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1141.693957][T13920] ==================================================================
[ 1141.708880][   T41] em28xx 4-1:0.132: Closing input extension
[ 1141.990722][T13923] sg_write: data in/out 220/14 bytes for SCSI command 0x0-- guessing data in;
[ 1141.990722][T13923]    program syz.4.2467 not setting count and/or reply_len properly
[ 1142.106893][T13920] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1142.114125][T13920] CPU: 1 PID: 13920 Comm: v4l_id Not tainted 6.1.147-syzkaller #0
[ 1142.121940][T13920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1142.132007][T13920] Call Trace:
[ 1142.135284][T13920]  <TASK>
[ 1142.138264][T13920]  dump_stack_lvl+0x168/0x22e
[ 1142.142946][T13920]  ? memcpy+0x3c/0x60
[ 1142.146941][T13920]  ? show_regs_print_info+0x12/0x12
[ 1142.152149][T13920]  ? load_image+0x3b0/0x3b0
[ 1142.156676][T13920]  panic+0x2c9/0x710
[ 1142.160569][T13920]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1142.166711][T13920]  ? bpf_jit_dump+0xd0/0xd0
[ 1142.171204][T13920]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 1142.177087][T13920]  ? _raw_spin_unlock+0x40/0x40
[ 1142.181922][T13920]  check_panic_on_warn+0x80/0xa0
[ 1142.186848][T13920]  ? v4l2_fh_open+0xc6/0x430
[ 1142.191422][T13920]  end_report+0x66/0x110
[ 1142.195651][T13920]  kasan_report+0x118/0x140
[ 1142.200138][T13920]  ? v4l2_fh_open+0xc6/0x430
[ 1142.204710][T13920]  v4l2_fh_open+0xc6/0x430
[ 1142.209204][T13920]  em28xx_v4l2_open+0x152/0x990
[ 1142.214036][T13920]  ? __lock_acquire+0x7c50/0x7c50
[ 1142.219049][T13920]  v4l2_open+0x20b/0x360
[ 1142.223279][T13920]  chrdev_open+0x597/0x670
[ 1142.227684][T13920]  ? cd_forget+0x160/0x160
[ 1142.232086][T13920]  ? tomoyo_file_open+0xe9/0x170
[ 1142.237010][T13920]  ? fsnotify_perm+0x39b/0x550
[ 1142.241759][T13920]  ? cd_forget+0x160/0x160
[ 1142.246158][T13920]  do_dentry_open+0x7e9/0x10d0
[ 1142.250915][T13920]  path_openat+0x25c6/0x2e70
[ 1142.255491][T13920]  ? do_sys_openat2+0xcf/0x490
[ 1142.260239][T13920]  ? __x64_sys_openat+0x135/0x160
[ 1142.265257][T13920]  ? do_syscall_64+0x4c/0xa0
[ 1142.269833][T13920]  ? do_filp_open+0x3c0/0x3c0
[ 1142.274493][T13920]  do_filp_open+0x1c1/0x3c0
[ 1142.278977][T13920]  ? vfs_tmpfile+0x480/0x480
[ 1142.283552][T13920]  ? _raw_spin_unlock+0x24/0x40
[ 1142.288389][T13920]  ? alloc_fd+0x58f/0x630
[ 1142.292707][T13920]  do_sys_openat2+0x142/0x490
[ 1142.297369][T13920]  ? up_read+0x20/0x20
[ 1142.301433][T13920]  ? do_sys_open+0xe0/0xe0
[ 1142.305837][T13920]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 1142.311804][T13920]  ? lock_chain_count+0x20/0x20
[ 1142.316640][T13920]  __x64_sys_openat+0x135/0x160
[ 1142.321477][T13920]  do_syscall_64+0x4c/0xa0
[ 1142.325877][T13920]  ? clear_bhb_loop+0x60/0xb0
[ 1142.330536][T13920]  ? clear_bhb_loop+0x60/0xb0
[ 1142.335198][T13920]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1142.341078][T13920] RIP: 0033:0x7f987f8a7407
[ 1142.345474][T13920] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1142.365064][T13920] RSP: 002b:00007ffca9fe95f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1142.373460][T13920] RAX: ffffffffffffffda RBX: 00007f987f81d880 RCX: 00007f987f8a7407
[ 1142.381416][T13920] RDX: 0000000000000000 RSI: 00007ffca9feaf1a RDI: ffffffffffffff9c
[ 1142.389371][T13920] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1142.397324][T13920] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1142.405276][T13920] R13: 00007ffca9fe9840 R14: 00007f9880099000 R15: 0000561f7a5854d8
[ 1142.413237][T13920]  </TASK>
[ 1142.416515][T13920] Kernel Offset: disabled
[ 1142.420823][T13920] Rebooting in 86400 seconds..