last executing test programs:

9m55.139251989s ago: executing program 3 (id=4):
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000a40)='./file0\x00', 0x2004000, &(0x7f0000000040)=ANY=[], 0x8, 0x204, &(0x7f00000004c0)="$eJzs281O1FAYxvHndD7B76+NG0000Y0zOEwyspML8AbckaEQYhEjbiAmDBtvwbWX4c47cetCEr2CmpaWoSOn03ZwWuT/S4Z5OenTc6bhHU4nIACX1s3wq5FRI6x83z94KOn1K0n11GhzLgsE8M/45rjpbZpnD7fTUwAuhtqvs8db1gb/GhcO7wLARXa0Wgv3Ad+M9P33x+HP6NHIuH84WnWk4BSjdvh9nG9K7Uz5QxM+36+Ps5+N1FLyBGZk2b98Oc4/OTV38FjIuv5o/sWJ/OK0YHDLFDh0wqenj5L5K5KuSrom6bqkG9G91i1Jt+MzaHQy//rE/Pcyrh+YRfDT10mMZGrbZL6TckArPR90z8aW5y7lmnWsEeWf58g8PlU3o3yv4PxxfrlgvhXlO8Mdb9161MuCZwfSOX/1fz5T+99mZ3BSztL/9WT/85kkkMPu3v6bNc9z3+cvnEKpShbttKtRs8bjm6TzWMbBxIgxUtmXZbYivqjBSN0faXrqU6G5HkTzVOAl5ygWqrEMe1HCmxGAuep+2H7X3d3bf7a1vbbpbrpve/2VF/3lXn+w0t0YeO5Sd5bdOYAqG//Sl7J8Zp7+J0EAAAAAAAAAAAAAAKAMdyTdLXsRAAAAAObifP5n6MdQsh9T9msEAAAAAAAAAAAAAAAAAAAA/hd/AgAA///cwS6r")
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x18b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2243005, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)

9m54.718930771s ago: executing program 3 (id=7):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r0, r1, 0x0, 0x200002)

9m53.732648188s ago: executing program 3 (id=11):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000005b40)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303031373630352c6e6f646f74732c6e6f646f74732c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c71756965742c646973636172642c666c7573682c636865636b3d72656c617865642c646f74732c636865636b3d72656c617865642c756d61736b3d30303030303030303030303030303030303030303030352c6e66732c646f74732c747a3d5554432c6e6f646f74732c646f74732c6e6f636173652c6e6f646f74732c636f6465706167653d3935302c0083b7d0f19f8882968c0cfe51eb3304bfea67e1100cbb19bdb7c5e3f5e3d62eb5151ae3a324eddeac9f0c7ad8157d0c431264fa4e924f1aa72f7de4601d6e989c6a3739647ae8a8543d489e04f047820744d831b054b5c47bc6a8006bde"], 0xfd, 0x1d2, &(0x7f0000000500)="$eJzs3c9qE1EUB+CTWJvUVXeCKFzQhSAU9QkqUkEcEJQsdKVQ3TQi2M3opn0MH8xH8AGkq2zkSp1px44uYiQzsf2+Tc7kN3/OXWSSTc68uv5ub/f9/tuvVz/HeDyI4XZsx2wQmzGME4cBAJwns5zjW6703QsA0I05vv+/d9wSALBkz1+8fPKgKHaepTSOODosJ+Wkeq3yR4+Lnbvpp83mqKOynFw6ze+l9m+H4/xyXKnz+ymlL3dSOpuvx+2bVX588odPi1Y+it3lLh0AAAAAAAAAAAAAAAAAAAAAAHpzI9KJP8732dpq5xt1Xm39Mh+oNb9nLa6t1ZvNeKB80MWiAAAAAAAAAAAAAAAAAAAA4D+z//HT3uvp9M2HphhFxNl3/qYY1Cde8PCui2GsRBv9FzlXsxlWpZ9/KtJqtDFd8FOwHhHLamyWc55r5+YeMerp3gQAAAAAAAAAAAAAAAAAABdN86ff37NxHw0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA+a5/8vUBxExBw7n15so3XxW50vFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHPqRwAAAP//Gl42vQ==")
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x165840, 0x2)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

9m53.47174691s ago: executing program 32 (id=11):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000005b40)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303031373630352c6e6f646f74732c6e6f646f74732c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c71756965742c646973636172642c666c7573682c636865636b3d72656c617865642c646f74732c636865636b3d72656c617865642c756d61736b3d30303030303030303030303030303030303030303030352c6e66732c646f74732c747a3d5554432c6e6f646f74732c646f74732c6e6f636173652c6e6f646f74732c636f6465706167653d3935302c0083b7d0f19f8882968c0cfe51eb3304bfea67e1100cbb19bdb7c5e3f5e3d62eb5151ae3a324eddeac9f0c7ad8157d0c431264fa4e924f1aa72f7de4601d6e989c6a3739647ae8a8543d489e04f047820744d831b054b5c47bc6a8006bde"], 0xfd, 0x1d2, &(0x7f0000000500)="$eJzs3c9qE1EUB+CTWJvUVXeCKFzQhSAU9QkqUkEcEJQsdKVQ3TQi2M3opn0MH8xH8AGkq2zkSp1px44uYiQzsf2+Tc7kN3/OXWSSTc68uv5ub/f9/tuvVz/HeDyI4XZsx2wQmzGME4cBAJwns5zjW6703QsA0I05vv+/d9wSALBkz1+8fPKgKHaepTSOODosJ+Wkeq3yR4+Lnbvpp83mqKOynFw6ze+l9m+H4/xyXKnz+ymlL3dSOpuvx+2bVX588odPi1Y+it3lLh0AAAAAAAAAAAAAAAAAAAAAAHpzI9KJP8732dpq5xt1Xm39Mh+oNb9nLa6t1ZvNeKB80MWiAAAAAAAAAAAAAAAAAAAA4D+z//HT3uvp9M2HphhFxNl3/qYY1Cde8PCui2GsRBv9FzlXsxlWpZ9/KtJqtDFd8FOwHhHLamyWc55r5+YeMerp3gQAAAAAAAAAAAAAAAAAABdN86ff37NxHw0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA+a5/8vUBxExBw7n15so3XxW50vFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHPqRwAAAP//Gl42vQ==")
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x165840, 0x2)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

14.631798131s ago: executing program 2 (id=2040):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
io_uring_setup(0x5e14, &(0x7f0000000080)={0x0, 0x70b4, 0x10000, 0x0, 0x36})
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})

14.483913883s ago: executing program 2 (id=2042):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa}, 0x0)
futex(&(0x7f0000004000), 0x4, 0x0, 0x0, 0x0, 0x82020000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff038}, {0xb1, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)

12.813265632s ago: executing program 2 (id=2045):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1db, &(0x7f0000000380)="$eJzslb+qE0EUxr+ZjbuJiA9gY2HAa+Fmd6Nic+Ha2GghRI0WgsFsQnRjJNnCBER8AjsLOwsfQ4itDyFR8A+INmo9Mn92M4ZESMyawvODnHyzM3vmzBn4FgRB/Le8f/dzJn7sfyoDOIIqPPP8swPgQGturX9b/vbo9eWLzae3Xr7xZn7l92ze2vuXAEwvOEjNWAgh7Pmq+b8Kjio+Kn0NHKfM8yYYfKNvg+O60TEYbhp919IDud73O70k9u8MkrYUgQyhDJEM9cX6vj5haFv1MWt+NJ7cayVJPCxQLO/c9EteXxnYt+qz78uHrjZQ/dOE4AiNroOhYfR5eFlvdEus8x8rzfM7fzy/i7889gcA8yedIjvryq02eh1g/+TuCxYOlMhudOf1bF2gtLWEwgM2fr1x49ml4k76yjh1XupjPV4vz8GKKXfNPKbzuX+KFwwnLX/SVvJcfSxqaf9BbTSenO71W924G9+Povq54EwQnI1qyoh0XG6BKn9F+dPho3n+yqq1LnPxsJWmw1DHfBzpuMxxufI/jr0TOCTH0k3dhbzfAWSbMvPj6l+qPWdl8QRBEDvkOJjyZOXLmTBfk3xCiOjKjuskCIIgCIIgCIIgCGJzfgUAAP//K0NgKg==")
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000000b0000000200", @ANYRES32, @ANYBLOB="0000000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x4cb, &(0x7f0000000480)="$eJzs3M1vG0UbAPBnbSdt+vEmbykfLYUGCqJQkTRpgR44UAQSB5CQuJRjSNJSmjYoCYhWFQQO5YgqcUcckfgLOMEFASekXssdVapQLy0gJKO1dx0nsV0ndWJa/36S7ZndiWee7Iy9s2M7gJ41nN4lETsi4mpEDFazywsMVx9u3bg4+eeNi5NJlMtv/ZFUyt28cXEyL5r/3fY8s7h8e7358xfOTMzMTM9l+dGFs++Pzp+/8OzpsxOnpk9Nnxs/duzokbEXnh9/rnnj+1bkG1VU16abez+e3bfntbcvvzF54vI7P3+b5PEvi+PD5k+yNsMNthXzxJOdquU/YmflfqByn5TyrYXuNYi2pB2ylA2lqzEYxagdvBiMVz/rauOADVUul8tbGu5Jtw5lJTJJ9li/DbiLJW2P5j7jHu4p2Zt9ErE4mc6B6+fzveD68eoEKI37Vnar7inVZq99tflt56WzrROLf32V3mLpOkT/BlUHABDfH68+5ud+S+d/hVJ9uZeytaGhiPh/ROyKiPsiYndE3B8RD0TEgxHxUN3ftFiOqVm5SLL6/LNwbV2Bten6oYgXs7Wt5ed/tbWLoWKW21mJvy85eXpm+nBE/C8iDkbfljQ/1qKOH1658kWWXHVeN1x3/pfe0vrzc8GsHddKKy7QTU0sTNxp3Lnrn0bsLTWKP6mtBKTHcU9E7N2/vjpOP/PNvmb7bh9/C6X1tade+euIp6rHfzFWxJ9LWq9Pjm6NmenDo3mvWO2XXy+92az+O4q/A9Ljv61h/6/FP5TUr9fOr72OS7993nRO2Wb/XzZu0v7fnywfSh9NLCzMjUX0J69X8v2VV6x0e6wuN75UPo3/4IHG439XLP0nHo6ItBM/EhGPRsT+rO2PRcTjEXGgRfw/vfzEe+uOv/HF+Y5J45+6/fF/9+na8W+ayNe2V+0qnvnxu8qe/JANtYg/iQbH/2gldTDb0s7rX8uWzt1JbwYAAIC7TyEidkRSGKmlC4WRkern5XfHtsLM7PzCoZOzH5ybqn5HYCj6CvmVrsHa9dBYHMum9fn10fEV+SPZdeMviwOV/Mjk7MxUt4OHHre9yfhP/V7sduuADdeBdTTgLrXe8V8ulz/pcFOATeb9H3pXi/G/oR++BLqvwfgfWJHf4I8hAt1SapCpm9j/s/Q9YeBe0+z8/8omtwPYfK7/Qe8y/qF3Gf/Qk7JvwpeirW/Lb1Aiff1pWqYYEd1qWJNEubx19a8cbEaiv4NPuGPlryQMru15orDGSpP6PrZ1Db/RsCoR7RcudrVjZ4m/sx/b3IS60qE0N9B8NLWf6PYrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGf8GwAA//+9UNjR")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0xd, 0xfffff028}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)

12.687957869s ago: executing program 0 (id=2048):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x4, 0x3fa, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])

11.651801277s ago: executing program 0 (id=2050):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002280)={0x3, &(0x7f0000000180)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x48}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000440)=ANY=[], 0x0)

11.468025813s ago: executing program 0 (id=2052):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x2808000, &(0x7f00000029c0)=ANY=[@ANYBLOB="726f6469722c756e695f786c6174653d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c636f6465706167653d3836352c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c756e695f786c6174653d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c696f636861727365743d69736f383835392d372c756e695f786c6174653d312c73686f72746e616d653d6c6f7765722c00ee5d348576f7ab56a085bab7988357ac4cdf9af0a17d2d0e7c5db618573e465688abe00298ca73e21d74eec9f8e84d60ea6c1bd688be564098cb27bdb71c1e03b6"], 0x1, 0x294, &(0x7f0000000500)="$eJzs3c1qY1UcAPD/TZM0VSFZuBLBC7pwFabzBBOkwmBWSha60cHpgCSh0EDAD4xduRdc+Q6+gw/gxjdw4VJwZxfilfTem6+mrYE0HcLvt8k/55z/+cppC4V78tmbw/7zs9GLi29+j0YjicqTeBKXSbSiEqXvAgDYJ5dZFn9lubvaVqMeEVmzeFfZwfQAgHuwyd9/AGA/fPTxJx90ut2TD9O0ETH8ftxLIn/N6zsv4osYxGk8imb8E5HN5PFrT7snUU3T8p8B46PoRQw//bV43/kz4ir/OJrRup7//tPuyXGai3eGk3FvOvL0tRavJBGdLMk7ehzNeD0iq0XRyTz/8Zr86NXj3bd/Kub/72m0oxm/fR5nMYjnV13M8789TtP3sh///jpfQS8imYx7h1ft5rKDnX0oAAAAAAAAAAAAAAAAAAAAAADsvXY601q8P6e8DbDdXl9/4/1AxQ0/k4X7dR6laVpe4zPu1SLPr8Yb1ag+3MoBAAAAAAAAAAAAAAAAAADg5TH68qv+s8Hg9Hwp+CVbLbk7qC6UlI/1b5C+FPR/jtg86/8EcVBMbZBcGyIpq7Yw1uEmjY/WDRqVm/awOoh88j9sPrG3trXAW4PydPWfJXFH48b6Q7JwMo+Kzs5Hya2HdjnI1mzdwY1Z9S2tvf7qdjdzuuLabDOX2zSmn+RCSW3LPykrknv5/QMAAAAAAAAAAAAAAAAAAMzNH/qNP65VXjzIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5+bf/z8LorVashpMiuTb2pTB4flozbCtHS8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPfdfAAAA///SBV2L")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x5, 0x10012, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0)

11.369750514s ago: executing program 0 (id=2054):
io_cancel(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@jqfmt_vfsold}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@sysvgroups}, {@discard}], [{@smackfsdef={'smackfsdef', 0x3d, 'min_batch_time'}}, {@hash}, {@pcr={'pcr', 0x3d, 0x24}}]}, 0xff, 0x575, &(0x7f00000009c0)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KKE5NCWNHNt9SaGH9Fja0EB7T4WtmGA5CpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+jFZeXdRLYlW7aVyI5+P1hnRzPy7F+zM5ndWaMABtbJ9Ech4pWI+DaJONqSV4ws8+RKuaUntybTLYnl5c/+SiLJXsvLJ9m/h/NEMeK3ryPOFFZVOZL+qC8szpSr1cpc9uJoY/b6aH1h8ezV2fJ0ZbpybXxi4vw7E+Pvv/fu2kNObm8z1jcv/fPDpw8+Ov/NqaXvf3l07F4SF+JIltcaxw6sOrSTK59u04U1Bcd6UNlukvT7ANiWoayfD0c6BhyNoazXAy+/ryJiuSsx0l05YO9Iuuz/wMsmnwfk1/Y9ug7eMx5/uHIBtD7+Ynb1fqB5bXRoKVl1ZZTkNzJ2KK3j1z/v30u36N19CIBN3b4TEeeKxfXjX9Jy93J7znVRZm0dxj94cR6k85+32s1/Ck/nP9Fm/nO4Td/djs37f+FRD6rpKJ3/fdB2/pstWo3EyFCW+l8zOZxcuVqtpGPb/yPidAzvT9MbreecX3q43Cmvdf6Xbmn9+VwwO45Hxf2r3zNVbpR3FvUzj+9EvNp2/ps8bf+kTfunn8elLus4Ubn/Wqe8zeN/vpZ/jnijbfs/W9FKNl6fHG2eD6P5WbHe33dP/N6p/n7Hn7b/oY3jH0la12vrW6/jpwP/VjrldYx/X16i/fm/L/m8uZ8Xu1luNObGIvYln6x/ffzZe/N0Xj6N//Spjce/duf/wYj4osv47x6/27Hojtq/B4uuafxTW2r/re0Mz5SrDz/+8setx38xuzuRtv/bzbKns/d0M/51e4A7/wQBAAAAAABg9yhExJFICqWn+4VCqbTyfMfxOFSo1uqNM1dqr0czr/n8QyFf6T7a8jzEWPY8bJ4eX5OeiIhjEfHd0MFmujRZq071O3gAAAAAAAAAAAAAAAAAAADYJQ53+Pv/1B9D/T464Lnzld8wuDbt/734pidgV/L/Pwwu/R8Gl/4Pg0v/h8Gl/8Pg0v9hcOn/MLj0fwAAAAAAAAAAAAAAAAAAAAAAAAAAAOipSxcvptvy0pNbk2l66sbC/EztxtmpSn2mNDs/WZqszV0vTddq09VKabI2u9nvq9Zq18fGY/7maKNSb4zWFxYvz9bmrzUuX50tT1cuV4ZfSFQAAAAAAAAAAAAAAAAAAACwt9QXFmfK1Wplzs5g7OzPGr5nv7C4O+LaMzsHI6J/tc93XbjPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgvAAD//2ysM+A=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
sendmmsg$unix(r3, &(0x7f0000000c40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x430}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040000}}], 0x1, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r6 = memfd_create(&(0x7f00000014c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xfd:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\x03\x00l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\xf4\xb6\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xb7#\xaa\xf2&\x88g\xbd\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95x\xd1-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\xea\xe8\x015\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz\xc213\x9b\x87\xd5\x99\r\xa2P\x03\x1cl\x0f\xcb)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9afa\x92\x81\r\xae%\x7fi!\x06{\xf7Wu\xa5H\x9c\xed`e@\xb6\'}!\xd2P=t\x99\xc9\x9eV^\x8d\xc7\x92\xc6\x86\x1d\x022L\'\xcb;\xd3\x84\x95}c\x8c\a\xf8\x18\xa0\xc0\x85\x92\xb245\xc5\xf3\xcd\xb2[\xdf\x97AA\xca1\n\xf6\xa9\x0f\xf1\xbb\x1a\xbfY\x05z\x99Z\xc0\xcd=\x7f\x1b\x11v \xcb\xd4\rN\x98\xf9\x06OP\x1c\x13\x01\x82d\x99\xcb03\xc6\x1b\x81\xa3Z\x90^|\xae\xff\x179\x1f\xdbT\'\b\'\xfa\xea\xcdM\xeb\x89\x97\x94\x15\xfd\x04J\xa3\'n5uh\v\xbe\x0e\xed\xa5=^p\xdd\xb9\x00\xd6q\xd0F\x16\xe1O\xfa/\xe2\x9d\xa1\xfa`\xdbc\xa9Yp\v\xc1\x99\x02W\fpaF\xae\xaa\xcc\xb5\xc5\x9e7\x85\x9f\x8d\xd5\xf4\xedj\xf6\xcb52\xd58\xe9\xc4\xed\x15Y\xb5\xcbj\x84\x15\xffm\xe6\xd7x\xb4\xdfkR\xf8Y*\xbc8f\xbcR\xad\xee\xd2\x9dA0X\xf5&`\r[\x17\xaa\xb1dF(\xbc\xed\xd9\xc8z\x1a\xfbm-I\x14\x92\x90i|-\xca\xf8\xcf\x1ea7\xf3im\xe2a\xf1\xc5\xd5\xc6\xc6\xa9\xcdMI\x93\xa4i\x1au\xe2\xfb:\xc4\x03\xd0\xad\xf2\xf0\xf0b\x01\xb8:Jw<\xa8\x93\\\xbf\a3g\xbd\x1b\xa9wwc\x053-{8&{\x9c<\x81\xb8\xcc\xe17V#\x81\xbd\xf3\f\xb4\x14NH\x83\xd7\x06\x15\xc0\xa3\x05{\xd3<\xda\xa8\xef.\xf5\x9a\xae\xf8\xcbf_\xfc\xb2O\xf7\xed\xca\x8e\x17\xccE\xe8j\xf9\x80y\xd0a/il\xa0\x02\xca\xd7a%\xde\x93\xd1\x12I\xda\xf8PIqD\x1cx\x0e\x9d\x84g\xb4\x97O\xae\xff\xb6\xa4\xb7u%II\x8a\x168\xf5\xfe\x92<#\xcf9\xb9\xc3\xaf\x15J}R\x87\x9a7\xd2\xaej\xc6:\xc4M\x82\xb4\xa5\x89\xf7\xa2\x1a\x14q\x15zSm[W\x00\xb1\x839\x94;\x00'/1668, 0x1)
syz_clone3(&(0x7f00000001c0)={0x100001200, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bind$inet(r5, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
shutdown(r5, 0x1)

7.303919568s ago: executing program 1 (id=2062):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="f30f09b800228ed00f20e06635080000000f22e00f21a1f30fc7b400000f20c06635100000000f22c0646664660f380817f2660f35bad104527c000000650fc7af95de8ec0", 0x45}], 0x1, 0x3, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = fspick(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000a93000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000440)={"73b5698c1a93ca52439fb6143bc6ed5cd46e9536d550c3c0b7b7af7cc2007b9f3d7c148e5ff970dd43ceff24fd175683fa5639234fecb7fffd98b04ea45e6e10721874027c9ad774a560e382c1e5f8849338c6ac098b39d0e68353bd0384ed68c24796825bbc7058b4e260e1a6c7e0ce9f9757cf21a89a43ce0ef492ffe3707b80a7e47f91796f6fed1cf35007be07a3665be419239926ad63a6bc3cc693235ea9174ef471b1a0700661936fc511420910d105730a389a191fe43002e0a5fbb5f4a8dda0b86a7bfd99d63c75fbf7406c3fd0e4bec1e42178ceec6cde5b202e506d53f90ea63071911e0d5e762b69432a8e91502375b7c8b96a791f2c2ca095c19e6798177eb371620c7d3a7e3492f37652066650f1d11c7be166fb0dbd5ad6eeadc3d23c59c47fb656642e13af92795705cc2c20d90c1c07bae981599765d37dcf930c0f58e6ae2ba948d2dbac01b9a37e5d22105bf4bc44b0d1eb4972d32d47c0b1581cb16dd88f50bb5f17b615ee895417f894ae2dc01a774f487c646f36f526bce3a86b924b90602ffb3e41eb85c2c9d627f014f7227b4a7f475cfea7681103231bd99e43286a83d2e17c735664d05ac139103844c1ac3f3b766a582b79355a61617d5f488d191807e2356dcf552b2c48d0b9d7b4feaeae9a08ec582741984f77c8a9293c396df24a580ce2bcc17954080816d502a9efc9ead43ab37b5fa38dc3ef9f8ec5fd01d78603db51e3b3009e16ba919592ad1576369a799e702c19423a8f3c6dcd1d67f25bf1b6dae315d81b4bfa6a70354637d7f025ce2d9fb0dcd66cd08b322a4c3e73ed9cfbd5d0a29d7dbd30ddcaa9b1d84c2f2bb18a56e32d59e8ea3da32647ffe467e6260f5f2f01b555e82d6d752d90460037221731b42b0668a5578e1e0b04e877734593baf3304b60e0329523924928107d9f9caffbf7db3ed8a38bec6bc8dc2d010941f72cfb4ac9d02564d7130fedd690e50061bf2617f14495cda99c768fa01c1c3239fa18cdb2308225fa8c5b280c9ae219de4ad5d311c862324723eccba1ea0faa5fcba8f33391eb424fea9d13ae871f9f061b6a90a3fd79c77572b0505d5a9a4bf58470759337fad828de1de60789e3814c98a8a87cb672fb118f46ecb2ac9570dedc6cea26f850218e46eb535e394cd60933822b155aa19be1c664443567513871ca3e6e26904642fbe3b7b89219c99b6a91400415d5af913b0bbd5586ad5f437ecd3533bf39db0ebfa12865df74a380e64edcc5889241f2ec2b84f47513e6b49188baf833887f64aa26c5ed69d00bab6738c2c4576f3918444f3b91fbec2aa155527954fd4e339747301c99c77773dc6e3fecada2e681923d6664ca4dee46faeeeb133d1085f3c28dc314c5d71c818c682e21d5b05b9c15718bec8b234adbcd9ea113abfa01dd5955c36d6b12fee9b71271cf"})
fsmount(r3, 0x0, 0x71)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c0002800500010000000000080007400000000018000680140004002001"], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)

6.106700746s ago: executing program 2 (id=2067):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0xb6bc})
fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x92, 0x5})
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

6.058887177s ago: executing program 1 (id=2068):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
prlimit64(r0, 0x0, &(0x7f0000000000)={0xe49, 0x33f}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xd, &(0x7f0000000040)={0x5, 0x200000000})
write$tun(0xffffffffffffffff, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x13c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)

4.701349484s ago: executing program 5 (id=2071):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

4.527167862s ago: executing program 5 (id=2073):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000001073012d0000000000950000000000000052594c316f8f62d8a9821ee237a765f2c94a82db47f7bdf5a46928f2a055bb76c7aa7bb369864fac81c7179433b6"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x10)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capset(0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

4.396718668s ago: executing program 0 (id=2074):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r3, 0x560f, 0x0)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$netlink(0x10, 0x3, 0x1a)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, 0x0, 0x20044000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x0, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0xdfefbfff, 0x1000, 0x5, 0x1}, 0x20)

4.045352253s ago: executing program 4 (id=2076):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1db, &(0x7f0000000380)="$eJzslb+qE0EUxr+ZjbuJiA9gY2HAa+Fmd6Nic+Ha2GghRI0WgsFsQnRjJNnCBER8AjsLOwsfQ4itDyFR8A+INmo9Mn92M4ZESMyawvODnHyzM3vmzBn4FgRB/Le8f/dzJn7sfyoDOIIqPPP8swPgQGturX9b/vbo9eWLzae3Xr7xZn7l92ze2vuXAEwvOEjNWAgh7Pmq+b8Kjio+Kn0NHKfM8yYYfKNvg+O60TEYbhp919IDud73O70k9u8MkrYUgQyhDJEM9cX6vj5haFv1MWt+NJ7cayVJPCxQLO/c9EteXxnYt+qz78uHrjZQ/dOE4AiNroOhYfR5eFlvdEus8x8rzfM7fzy/i7889gcA8yedIjvryq02eh1g/+TuCxYOlMhudOf1bF2gtLWEwgM2fr1x49ml4k76yjh1XupjPV4vz8GKKXfNPKbzuX+KFwwnLX/SVvJcfSxqaf9BbTSenO71W924G9+Povq54EwQnI1qyoh0XG6BKn9F+dPho3n+yqq1LnPxsJWmw1DHfBzpuMxxufI/jr0TOCTH0k3dhbzfAWSbMvPj6l+qPWdl8QRBEDvkOJjyZOXLmTBfk3xCiOjKjuskCIIgCIIgCIIgCGJzfgUAAP//K0NgKg==")
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)

3.823741641s ago: executing program 4 (id=2077):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x10)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000340)=ANY=[@ANYBLOB='1'], 0x31)

3.49242663s ago: executing program 0 (id=2078):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1db, &(0x7f0000000380)="$eJzslb+qE0EUxr+ZjbuJiA9gY2HAa+Fmd6Nic+Ha2GghRI0WgsFsQnRjJNnCBER8AjsLOwsfQ4itDyFR8A+INmo9Mn92M4ZESMyawvODnHyzM3vmzBn4FgRB/Le8f/dzJn7sfyoDOIIqPPP8swPgQGturX9b/vbo9eWLzae3Xr7xZn7l92ze2vuXAEwvOEjNWAgh7Pmq+b8Kjio+Kn0NHKfM8yYYfKNvg+O60TEYbhp919IDud73O70k9u8MkrYUgQyhDJEM9cX6vj5haFv1MWt+NJ7cayVJPCxQLO/c9EteXxnYt+qz78uHrjZQ/dOE4AiNroOhYfR5eFlvdEus8x8rzfM7fzy/i7889gcA8yedIjvryq02eh1g/+TuCxYOlMhudOf1bF2gtLWEwgM2fr1x49ml4k76yjh1XupjPV4vz8GKKXfNPKbzuX+KFwwnLX/SVvJcfSxqaf9BbTSenO71W924G9+Povq54EwQnI1qyoh0XG6BKn9F+dPho3n+yqq1LnPxsJWmw1DHfBzpuMxxufI/jr0TOCTH0k3dhbzfAWSbMvPj6l+qPWdl8QRBEDvkOJjyZOXLmTBfk3xCiOjKjuskCIIgCIIgCIIgCGJzfgUAAP//K0NgKg==")
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000000b0000000200", @ANYRES32, @ANYBLOB="0000000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x4cb, &(0x7f0000000480)="$eJzs3M1vG0UbAPBnbSdt+vEmbykfLYUGCqJQkTRpgR44UAQSB5CQuJRjSNJSmjYoCYhWFQQO5YgqcUcckfgLOMEFASekXssdVapQLy0gJKO1dx0nsV0ndWJa/36S7ZndiWee7Iy9s2M7gJ41nN4lETsi4mpEDFazywsMVx9u3bg4+eeNi5NJlMtv/ZFUyt28cXEyL5r/3fY8s7h8e7358xfOTMzMTM9l+dGFs++Pzp+/8OzpsxOnpk9Nnxs/duzokbEXnh9/rnnj+1bkG1VU16abez+e3bfntbcvvzF54vI7P3+b5PEvi+PD5k+yNsMNthXzxJOdquU/YmflfqByn5TyrYXuNYi2pB2ylA2lqzEYxagdvBiMVz/rauOADVUul8tbGu5Jtw5lJTJJ9li/DbiLJW2P5j7jHu4p2Zt9ErE4mc6B6+fzveD68eoEKI37Vnar7inVZq99tflt56WzrROLf32V3mLpOkT/BlUHABDfH68+5ud+S+d/hVJ9uZeytaGhiPh/ROyKiPsiYndE3B8RD0TEgxHxUN3ftFiOqVm5SLL6/LNwbV2Bten6oYgXs7Wt5ed/tbWLoWKW21mJvy85eXpm+nBE/C8iDkbfljQ/1qKOH1658kWWXHVeN1x3/pfe0vrzc8GsHddKKy7QTU0sTNxp3Lnrn0bsLTWKP6mtBKTHcU9E7N2/vjpOP/PNvmb7bh9/C6X1tade+euIp6rHfzFWxJ9LWq9Pjm6NmenDo3mvWO2XXy+92az+O4q/A9Ljv61h/6/FP5TUr9fOr72OS7993nRO2Wb/XzZu0v7fnywfSh9NLCzMjUX0J69X8v2VV6x0e6wuN75UPo3/4IHG439XLP0nHo6ItBM/EhGPRsT+rO2PRcTjEXGgRfw/vfzEe+uOv/HF+Y5J45+6/fF/9+na8W+ayNe2V+0qnvnxu8qe/JANtYg/iQbH/2gldTDb0s7rX8uWzt1JbwYAAIC7TyEidkRSGKmlC4WRkern5XfHtsLM7PzCoZOzH5ybqn5HYCj6CvmVrsHa9dBYHMum9fn10fEV+SPZdeMviwOV/Mjk7MxUt4OHHre9yfhP/V7sduuADdeBdTTgLrXe8V8ulz/pcFOATeb9H3pXi/G/oR++BLqvwfgfWJHf4I8hAt1SapCpm9j/s/Q9YeBe0+z8/8omtwPYfK7/Qe8y/qF3Gf/Qk7JvwpeirW/Lb1Aiff1pWqYYEd1qWJNEubx19a8cbEaiv4NPuGPlryQMru15orDGSpP6PrZ1Db/RsCoR7RcudrVjZ4m/sx/b3IS60qE0N9B8NLWf6PYrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGf8GwAA//+9UNjR")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0xd, 0xfffff028}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)

3.054489658s ago: executing program 5 (id=2079):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmmsg$inet6(r0, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000400)="4c3ef868", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)="da99e9dfc557be515fabe474af2d838adca6505ca19dc183164e63582950d84cfd2f3b7a6c61c88257b18cf1e2a86e3f2af1528fabc2aefe816041602821658e79e80aa3f8a7350bce31af5cf19567a3d715b0d89795af383c683b199e9246f3451b01172f9154444301c13e49a5e4fcc15bf12946737c4046375efba01d1a9cdf59596a68a2f61e66bc26f6", 0x8c}, {&(0x7f0000000200)="23184c57d891c9f61274883b5ba94bff191de5a69a7ae3161fc33deefd54c29bdde9608ebfa074735c66ea02366ee9601c06a85ff3e4ab3ac71116e31c85b690748eb96c10487ca1a62607835b97bb9392208777", 0x54}, {&(0x7f0000000980)="797d52e8714fc6af1dee0d3be42f1e267c53423f6e91ae5729f26981b50e9228583c7316b6766469e59f5205439535adb0e0fb68d0ee5f68ecfb389d216c1fb4ff0a06faadafc99ebd8a14bab8e128a25047422f187d901c9e68302f1c32513c63233caaa329c153eb55449e71d53b94d894eba0a1bf941e1657cb924cffd7357e7613078ede9aa1e31844cd047e2fbee80209f7ee5ea129509d59a3ff9483f80b43f24f7d93cd2b65b89b4a2b86266a28bb8f3d022037da6bb757a7d45db90d3c0949103a351fc15e9bd885af755cfdcf1496e5d711a7e73d688485fe223460655a3059801a6294f58324ebccd60556ee9630ee40a7cfc86fd546e6065fb188d0a26e834a2804e252171962267644985753c6e81fd1c56c9c75df4f08b89d092661031228f6dfb87d8e9deef8c7646c294a59bbe9da8e50ae594789fe14e8891dc9257ab0d6707b23865238b250324961e5e86b17b992f012d4908f1ca4a42e7f11086dcb47486fed878559fd0a6352b837f34a3334cb98dfc6ef2d7e372dfae5373fcf1551ec17a9f3fe1ceeed9c99b994c57660b72f72eee0487f4871e0f74040b395e9d1060f697b8fac33ab5632f68ca434b0a5b532badea1a5ed232e5c76f6ec3f99f3b59e7e43cc077f6bf268457972842ad8c766b4a3b7da9cdf06b1411316572320b78be3fec376ae4495b1a0ab928e5421387d31d5dd7e563478fc75545257e5cfc424ec87219dbe9829a89b452baadff47303fc6ffdc0fca1595bb71b91b5e57493614a85d56e0fa82c11668d4b064897e040d48437fce2dd729f343b613cd86e911ec53c12b39a46918a2f43d0a8d54791030d430dca69882eacc7b3ce59badd69b0de200f75bf3bcb2181c15177ff7a9f726156083b679033bb8f2c4da9c0979eb13732cc32c2b3e4dedae0a00fbe74b9d913e1911f880da29ca4bf8f73252956ecfd029b00607014303f836fcc1379eea57899aaabde85e7b9563336485e71f9a187ff7d137b29b806f061978efe2e12ccf649d5190657a171df58810063c47aab7ef871bb58cc9defb34b0a04b5c54a07293da2c30a323da1f493fa0f22214d9d36cd1f09057d9fa1b8049154771daa30db432ff6fb77a565b1e45565dffeb5d19fd4f5ad35599e296f4d0068c68d5bd0c9ce0ad4904309916c96e6cc21ab2cd5c4f97003d3e83360356429a1e3a83700f40c2219134ccf612c9ec71bd0d92ae41b27a63440ae2186ff8d9cee2a7f4a0526be70172d5d44f18285d37a6dde321d00fe450102ccfd5d05e9e736834ee84d0a7fbccb47ab3c01a8ff5b50e62ef0dc5f661a4470ba5703828c2ba72cb81968c18e92b7a5059f934247f13b145ce8db2dfef2a8b641d89ff0497d697d2909d867772cfb4aa9249d3e3030acdfeb46bbc0f465c307a3f15a06a5cee1b79237688bc678b92c38c4de2f67e0f3d6bcd4b383b8e9d56e6164342d99c8abb5d853087cd7730d2d33d91598a5442b482dbc2873a84aaf61eee0eadf24697f3da7646a7557af928c3b0ae03c85a524887d193ece8d45b91826f4a93dfe253aee59285eaaa178c6374ce5a9b588bb0f71a8cc238815aae1b13cf46aa65749a60f43dd265418e7a3d59a0ad8a190428262bee0948afc2c7fc0596eab7ece8c1b114d1e07a137fb28de756b31986625c0a5146dae891c325712d8356c4579a830977831fd206d3083cd9e661eb750e6e5859668f889d00451f27027215494bff0b5b3ce4a3235395a39eafd67cb3ef33d011cda410b34aaefae2f87fe7ede3fef2198c4599d5214edd1aa40951a9618f40a0d7e356a26c7d92a416903619f34f46cc4624d4c2e64c75b551aba6764e1261cae79db07f9eaef37e53ac9772f3342595afab27148c151070360c0436024cc44b852e363e612075e2a2bbe2b478a5be9d385427c715150eb55c7e93d380e485c3bf75e2bc9aa7d43d6ed9eae46dc332c1bd8a766b70ba65956a2a64efcbc28a4c5157dfb49c51cfd74c37925a2f9090fbd8eaa6395d0bdc3c9ebda42659badc73d23e201113acf1112d6a096c2080968dc1561baac3546a3e13a620a0c94780ac25d4c24c7a17132ee2566ac543f1165cf9b8fb7f9e831ae3762aaa7270e2ccee8d0cf4977363c2636470251b375778be969e5c0c7fff19beb3130fed92f261d117523bfb79684a829aec322453d45ac247640c4fcde6cdfc9d4ab4b53da485055a08f4b3fd71a0933f50b04e4ce5e502687e15334f535985b8278f9a8dc122e9f16baa7d70cc9f5f85e66651141dc5e7b20deaadca03f3f22085b250c3a6018bd8608fb6547c0b15089f58205e3c320b04473369fd7d8b11cec8543f2722560e8444b4fb1666d943a4081cbb87bfad0092f8bd4aadb5258085400ffcbc6818628fc5d37a84ee9e3b77328d967a08906ef9ccd8479d8721bf7bb8b2852d179b134009d77658ee783984ce0ba53b2a4bce8e8b1650c6a760c3cc6c6f7efd6a1cf4663268be479a98b1ce3e17833431f7aedef720745a015b29267e06976731a8bf897f302f31f12cad05876a9a60ac79e4e0f9590f03b63230f486613092bc2db151d0010c84ed1dc07ea28400a4390fb1f9fd2c585991004069bc14af821cf7b2b679216fd24a464205901573997feabf2f9b40cbcc4de73368d78fc7e064ceaddb18b0471b5ca80a9266afa5900a6257a0bd3375f2da216cc0bf159642bff719a8c4b6d218f0ebdebe563b57635cb805b9bb69411036d71f4fa84e2ef84c0b323ec9271e7b23a7c83c680478a26af540c6b78ce89f93a3faba1b060e7b0fcc5fe4ec8972ef61b49089569d20585fd948adb6754820be83d253f9bdc777c5769d165e4fa2b2868ead0b6ec69f0f8e65f5ef0c7bb5ba13c7376f7254613e00a5d9ecff0834214b1288832fda37180dbf7a15a529f383ac3f3043362823e1f1489fc9b345d32626d524875f4ba531a909276a4d4faf9fafc093fb191504e371278ccefe94afcc2c0464c09ec75bf6fadb9e410285a16efbf8f955158da865fb4102016b96ca3406c0821f9b0be3ac3b371611d7588e3dd9593555472bdd5a251fcc50a57120e7936d50bd80fd528c37b25f87bdf7f6256286a4063df0b9289636b9715428da1dbf866cf5b609524cce23bd401966e1227f15c85deec8c81eb3e6ddb1566de1549aa8ac8a023b543abd0ac097284676f06a838358ed85c442be6e6d9d52b18bbf0a0227ea70a5358714c61985c3a8ed67d81703fd0b6b72f727f0f5cbb286f0a4485f4e69ed18ce69de7faf96c536a5bb42fa8e3135b4f74ea3110f83ed1b72e1fbd5b40e5edb635e2dbfc72ad0140c7a96eaa190f6ce391f5ead7f69d30b873a38519ec202ac5946eb2ff683ef62eea127452ae2c7262e8dafba551d7121b7928b990e80bfafee54efe031fb6a7a9a706647b50870db9e9fc9fc98e612e3dd6b4ba9c7e7e947c01659d719c98d0ddac1e7e3c70cd2207f6f73ea78d8b92dca406ba48c441ba18a2903455654b22fe517f4e2ef44757df9c71b7c0ed5f060824dca89b82f0d9458d2810b879ae4cc50bb85f7795bafa87e1431c6b3854dfa6f67ec4931e98444f9110ab41818f6a3d1b2961941d028afad718256f4e2ace224110fa0436c01840dddfc68b7ad48ab1694483319597ffb93ce362e549c104826177fd383d4de661d5727fbbec5f9354c3165ce29bdbc264338d4bac6256a82c692f943e6005785ddc775448c8bd588b5aaf16fc1111663ea59fcc50cf58c238439b3afc85accfe4e2c4d29c00a4774a553c1bbec34a8e381df9d7fa9f5313d90b1559acf1444260d47a8e166e625b2737d3bdf94e10cee3b414de6a", 0xaa5}], 0x3, &(0x7f0000001980)=ANY=[], 0x150}}], 0x2, 0x2008000)

2.815895754s ago: executing program 4 (id=2080):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0)
sendfile(r3, r3, 0x0, 0x20000023896)
socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x22020400)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000180)={{0x4, 0x7, 0x97, 0x4}, 'syz1\x00', 0x2b})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000ffff006c000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc09000000000000b609010000000000650000000000000018010000646c6c2500000000002020207b9af8ff00000000cd9100000000000037010000f8ffffffb702000008000000b70300000000000004000000060000003f93000000000000b5030000000000008500000076000000b700000000000000950000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.815247294s ago: executing program 5 (id=2081):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)

2.735995059s ago: executing program 2 (id=2082):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000f9b000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.902209044s ago: executing program 4 (id=2083):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

1.886133481s ago: executing program 2 (id=2084):
io_cancel(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@jqfmt_vfsold}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@sysvgroups}, {@discard}], [{@smackfsdef={'smackfsdef', 0x3d, 'min_batch_time'}}, {@hash}, {@pcr={'pcr', 0x3d, 0x24}}]}, 0xff, 0x575, &(0x7f00000009c0)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KKE5NCWNHNt9SaGH9Fja0EB7T4WtmGA5CpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+jFZeXdRLYlW7aVyI5+P1hnRzPy7F+zM5ndWaMABtbJ9Ech4pWI+DaJONqSV4ws8+RKuaUntybTLYnl5c/+SiLJXsvLJ9m/h/NEMeK3ryPOFFZVOZL+qC8szpSr1cpc9uJoY/b6aH1h8ezV2fJ0ZbpybXxi4vw7E+Pvv/fu2kNObm8z1jcv/fPDpw8+Ov/NqaXvf3l07F4SF+JIltcaxw6sOrSTK59u04U1Bcd6UNlukvT7ANiWoayfD0c6BhyNoazXAy+/ryJiuSsx0l05YO9Iuuz/wMsmnwfk1/Y9ug7eMx5/uHIBtD7+Ynb1fqB5bXRoKVl1ZZTkNzJ2KK3j1z/v30u36N19CIBN3b4TEeeKxfXjX9Jy93J7znVRZm0dxj94cR6k85+32s1/Ck/nP9Fm/nO4Td/djs37f+FRD6rpKJ3/fdB2/pstWo3EyFCW+l8zOZxcuVqtpGPb/yPidAzvT9MbreecX3q43Cmvdf6Xbmn9+VwwO45Hxf2r3zNVbpR3FvUzj+9EvNp2/ps8bf+kTfunn8elLus4Ubn/Wqe8zeN/vpZ/jnijbfs/W9FKNl6fHG2eD6P5WbHe33dP/N6p/n7Hn7b/oY3jH0la12vrW6/jpwP/VjrldYx/X16i/fm/L/m8uZ8Xu1luNObGIvYln6x/ffzZe/N0Xj6N//Spjce/duf/wYj4osv47x6/27Hojtq/B4uuafxTW2r/re0Mz5SrDz/+8setx38xuzuRtv/bzbKns/d0M/51e4A7/wQBAAAAAABg9yhExJFICqWn+4VCqbTyfMfxOFSo1uqNM1dqr0czr/n8QyFf6T7a8jzEWPY8bJ4eX5OeiIhjEfHd0MFmujRZq071O3gAAAAAAAAAAAAAAAAAAADYJQ53+Pv/1B9D/T464Lnzld8wuDbt/734pidgV/L/Pwwu/R8Gl/4Pg0v/h8Gl/8Pg0v9hcOn/MLj0fwAAAAAAAAAAAAAAAAAAAAAAAAAAAOipSxcvptvy0pNbk2l66sbC/EztxtmpSn2mNDs/WZqszV0vTddq09VKabI2u9nvq9Zq18fGY/7maKNSb4zWFxYvz9bmrzUuX50tT1cuV4ZfSFQAAAAAAAAAAAAAAAAAAACwt9QXFmfK1Wplzs5g7OzPGr5nv7C4O+LaMzsHI6J/tc93XbjPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgvAAD//2ysM+A=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
sendmmsg$unix(r3, &(0x7f0000000c40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x430}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040000}}], 0x1, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r6 = memfd_create(&(0x7f00000014c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xfd:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\x03\x00l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\xf4\xb6\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xb7#\xaa\xf2&\x88g\xbd\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95x\xd1-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\xea\xe8\x015\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz\xc213\x9b\x87\xd5\x99\r\xa2P\x03\x1cl\x0f\xcb)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9afa\x92\x81\r\xae%\x7fi!\x06{\xf7Wu\xa5H\x9c\xed`e@\xb6\'}!\xd2P=t\x99\xc9\x9eV^\x8d\xc7\x92\xc6\x86\x1d\x022L\'\xcb;\xd3\x84\x95}c\x8c\a\xf8\x18\xa0\xc0\x85\x92\xb245\xc5\xf3\xcd\xb2[\xdf\x97AA\xca1\n\xf6\xa9\x0f\xf1\xbb\x1a\xbfY\x05z\x99Z\xc0\xcd=\x7f\x1b\x11v \xcb\xd4\rN\x98\xf9\x06OP\x1c\x13\x01\x82d\x99\xcb03\xc6\x1b\x81\xa3Z\x90^|\xae\xff\x179\x1f\xdbT\'\b\'\xfa\xea\xcdM\xeb\x89\x97\x94\x15\xfd\x04J\xa3\'n5uh\v\xbe\x0e\xed\xa5=^p\xdd\xb9\x00\xd6q\xd0F\x16\xe1O\xfa/\xe2\x9d\xa1\xfa`\xdbc\xa9Yp\v\xc1\x99\x02W\fpaF\xae\xaa\xcc\xb5\xc5\x9e7\x85\x9f\x8d\xd5\xf4\xedj\xf6\xcb52\xd58\xe9\xc4\xed\x15Y\xb5\xcbj\x84\x15\xffm\xe6\xd7x\xb4\xdfkR\xf8Y*\xbc8f\xbcR\xad\xee\xd2\x9dA0X\xf5&`\r[\x17\xaa\xb1dF(\xbc\xed\xd9\xc8z\x1a\xfbm-I\x14\x92\x90i|-\xca\xf8\xcf\x1ea7\xf3im\xe2a\xf1\xc5\xd5\xc6\xc6\xa9\xcdMI\x93\xa4i\x1au\xe2\xfb:\xc4\x03\xd0\xad\xf2\xf0\xf0b\x01\xb8:Jw<\xa8\x93\\\xbf\a3g\xbd\x1b\xa9wwc\x053-{8&{\x9c<\x81\xb8\xcc\xe17V#\x81\xbd\xf3\f\xb4\x14NH\x83\xd7\x06\x15\xc0\xa3\x05{\xd3<\xda\xa8\xef.\xf5\x9a\xae\xf8\xcbf_\xfc\xb2O\xf7\xed\xca\x8e\x17\xccE\xe8j\xf9\x80y\xd0a/il\xa0\x02\xca\xd7a%\xde\x93\xd1\x12I\xda\xf8PIqD\x1cx\x0e\x9d\x84g\xb4\x97O\xae\xff\xb6\xa4\xb7u%II\x8a\x168\xf5\xfe\x92<#\xcf9\xb9\xc3\xaf\x15J}R\x87\x9a7\xd2\xaej\xc6:\xc4M\x82\xb4\xa5\x89\xf7\xa2\x1a\x14q\x15zSm[W\x00\xb1\x839\x94;\x00'/1668, 0x1)
syz_clone3(&(0x7f00000001c0)={0x100001200, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bind$inet(r5, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
shutdown(r5, 0x1)

1.843972643s ago: executing program 5 (id=2085):
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)

1.833216891s ago: executing program 1 (id=2086):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x7, 0x9, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.625256932s ago: executing program 4 (id=2087):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f4, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000240)={'ip_vti0\x00', 0x0, 0x7, 0x80, 0x4000, 0x200000, {{0x5, 0x4, 0x0, 0x3d, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101}}}})

1.55987953s ago: executing program 1 (id=2088):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r2, 0x560f, 0x0)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x1a)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x20044000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x0, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0xdfefbfff, 0x1000, 0x5, 0x1}, 0x20)

722.168165ms ago: executing program 5 (id=2089):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000001073012d0000000000950000000000000052594c316f8f62d8a9821ee237a765f2c94a82db47f7bdf5a46928f2a055bb76c7aa7bb369864fac81c7179433b6"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x10)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capset(0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

634.641208ms ago: executing program 4 (id=2090):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x10)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000340)=ANY=[@ANYBLOB='1'], 0x31)

406.933016ms ago: executing program 1 (id=2091):
syz_mount_image$ext4(&(0x7f0000000480)='ext4\x00', &(0x7f00000004c0)='./file0\x00', 0x0, &(0x7f0000000500), 0x1, 0x468, &(0x7f0000000540)="$eJzs3T2MFFUcAPD/zH14fB74CWjkkkuEhLhwHChgAz1WWhgLzQaWj7Bwyh2JdzSQqBUNxsTKwsaazsKYXGKjhT1qYaGVCbGxMjFrZnfmOO92Qd3dG9n9/ZJ3O2/fZv9vIP+d93Zm5wUwtKYi4mREjETEdERM5s+neYkbrZK97vbsnQtZSaLReO23JJKIWJq9c6F4ryR/3JL9GY041nyPJM4k6+POLy5dqtbrtat5/eDC5XcOzi8uvXjxcvV87XztysyRl47PHH/5yNFjPdvX68+/cv3n6umjX37z/mL1o1vfZd3amret3o9emYqpaLPrTdd6HawkI63/6pV/x0wyWmKHAAB4oHTVGG46JmMkDN4AAABg0DQajb35IwAAADCwEnN/AAAAGHDFdQBLs3cuFKXUCxKADXPvVETsaOV/8fv+VstoTOSvGVvz++5emoqIiT0/Tmcl+vQ7fKC9GzcjYle743+SfSw0S+bxiHiiD/Gn1tTlP2ycf5r/T0bEU32IL/8BAGDjNMf/yyfbjv8nunzvnWvq7e6FafwPAAAA/bd8qrUAyPr5f/q3ufm2iNierw+yo4fxzf+hPMX1f7fXXf+Xrnz/NxIRT3cR460P5r7u1Lb6+r+sZPGLawGB/rp3M2LPaLv8v//9fxIRz3QR49Yvb3zVqU3+Q3kan0Xsi/b5X0gevD7fwXMX67VDrb9tY5x48+0fOsWX/1Ce7Pi/uUP+rx7/7+oixuef7n+3U9vD8z/9dTx5PetCjOfPvFddWLg6EzGenF7//OEuOgoDrsiRIoey/N8/3X7+X+R8dvzfHRF7IuLZ/xDz2z8PfNKpbXX+3/3wixcc/2HjZPl/9iHH/yz/n+sixh8/vXq6U5vxPwAAAAAAAAAAAAAAAAAAAESkzbW9k7Sysp2mlUrEluaan5vT+tz8woFzc9eunG2tAb4jxtLiTl+tewGPJVl9Jr8vcFE/vKY+m68H9PHkpma9cmaufrbsnQcAAIAhsWXN/P/3ydb8HwAAABgwvVzQFwAAAPh/Mv8HAACAwWf+DwAAAAAAAACPtJ17l79PIuLGiU3NkhnP28ZK7RnQb2nZHQBKM1J2B4DSjJbdAaA05vhA8pD2iU4Ny73vCwAA0B/7djv/D8PK+X8YXs7/w/By/h+Glzk+4Pw/AAAMvq3NkqSV/Fzg1kjTSiViW3NZgLHk3MV67VBEbI+Iu5Njj2X1mbI7DQAAAPwr84tLl6r1eu2qDRs2bKxslP3JBAAA9Nr9QX/ZPQEAAAAAAAAAAAAAAAAAAIDhtRG3Eyt7HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUfFXAAAA///Vnr7t")

0s ago: executing program 1 (id=2092):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x1, r4, 0x0, 0x1000000, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008854}, 0x4010)
gettid()
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000c80)={"43d064455ca79c3698dcca60005c1ba163b1d8f04d69d873792c0cbfc95dacc7cd39a49df12a052d0d8f1bd04b722b4f262437efc030e706916de618763f4600660b41f320706e06860fe29f1bb455ef507156d0a5738f130784a1aad99f74b3e592254eede14eb1b64af356cfaa8ff002c4deed28995dc5e6ee13c4a1b39ba72979c5f3ed91ff89e73e09f7f88fe58bce505f0500764c95c8bed7499213d10731b60ed6c8806ab094843295ac02f06dc46485bb56f2eb2eb3c5ef1e50a2431a2082b54c4b0e1357daaefd30e08322fb5f922f6d9fa3226faf7aeb9630aabe81617fe2849d8ab92fb80f07dfa9d831f4f7ef48923e28553f0c31cf1343d4c0d4dee937e639670fc2ceab9e5048d5bcd9f52a9c90ddd1fee1fda90a114fdf7298b7607c5294efdea04743a0045e96aae496fcb06636a8620f6e007ee5f5c24ab0d0f85cfb3a7820dbe2241b017e917eafb27d13feba7de3a28dd4c29c7959ae5c0724c848f8960fbea5f7b7a35ac32fa6bbf869030a1b61fb0d20a5631dcea68ffa7d456869c4e79f6033f38fa88ccd53dc1feb5381c01dd71ec0446e3633270b7fb961e04ad7e1f44e3fd0d96c724499e1ec2cff23a3d5a97952ec0a44dd967491dc45d4df48ad83027df0be02e35ca4c107bdf957f4c7a831dff89f998a2e1302445dc02b5fc38f7c8a6260723e535062319cb68cb309e91b88c55014bb436c5d9f6bf35cbe24605821baf9ea6aaa31cb2dd74e29863a0c71e3367846cffe17c4a29a76eb635e95c6d7f4d846f3369aedbfb70b3716c1c0234a0deb9abfac12686d45ba97952e8a50480c5f44e038b1a4d5cd9301d02b942afacfaa30b6ef315d72eaf41dddda4983608dc2f5d5e92392a141b0f2f8d34042d1a6cd45d9f9df4c83b8c8b55959d58843ab3564d3f49d81ed2ccd42bb8ad9c8e4b92c2df872c9383c88f4b1bbaf116fff233f55d99b43677eb29ad63e00ea4eee69c72a604b2cdd7641d9c682d1d4ea8e5bd0de857ac1a55b2d6374a4a18af8f27887ffb4b2168e764a5aa9b303a35873d2177de8c5a00be39726baa6d336b6a36b8ec6743454b4542f3fb3ca678a0ecca17ba7c2655931f38ed26219fde45ab8469db2a156953b028abec63c6b841c8bd9f9f0861e7aeb8195013444d2d326cad53718e40be06aea644573a9ef22b13692a17ed8a451af9e2de15b4bfce7c257063e28c07e4c3301a1bff37d72efc14d34ddabbb286f53264e0c8122f215de4f2e06f6e0472674c2476a61ad2e309abfed7e3367bc7373876507764e60b193e8c5abbe95f42adfc74dd25c9098dfba8272f7361d0000000000000000000000000000000000000000000000000000e000"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

netlink: 20 bytes leftover after parsing attributes in process `syz.0.337'.
[  176.893663][ T5778] netlink: 'syz.0.337': attribute type 1 has an invalid length.
[  176.901371][ T5778] netlink: 20 bytes leftover after parsing attributes in process `syz.0.337'.
[  177.800567][ T5781] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  177.809783][ T5781] device syzkaller0 entered promiscuous mode
[  177.821132][ T5782] netlink: 20 bytes leftover after parsing attributes in process `syz.5.338'.
[  178.120665][ T5770] loop1: detected capacity change from 0 to 40427
[  179.066954][ T5770] F2FS-fs (loop1): invalid crc value
[  179.082393][ T5770] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12)
[  179.269310][ T5806] loop1: detected capacity change from 0 to 1024
[  179.375282][ T5806] EXT4-fs (loop1): Ignoring removed bh option
[  179.381538][ T5806] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  180.092573][ T5820] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  180.211415][ T5806] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 2: comm syz.1.348: lblock 2 mapped to illegal pblock 2 (length 1)
[  180.240263][ T5806] __quota_error: 7 callbacks suppressed
[  180.240282][ T5806] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  180.304505][ T5806] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 48: comm syz.1.348: lblock 0 mapped to illegal pblock 48 (length 1)
[  180.381035][ T5806] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  180.438280][ T5806] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.348: Failed to acquire dquot type 0
[  180.472414][ T5806] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  180.494922][ T5806] EXT4-fs error (device loop1): ext4_evict_inode:282: inode #11: comm syz.1.348: mark_inode_dirty error
[  180.512520][ T5806] EXT4-fs warning (device loop1): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  180.523765][ T5806] EXT4-fs (loop1): 1 orphan inode deleted
[  180.529549][ T5806] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noblock_validity,bh,nodiscard,mblk_io_submit,barrier,,errors=continue. Quota mode: none.
[  180.548082][ T4235] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  180.891496][ T4235] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  181.271769][ T4235] EXT4-fs error (device loop1): ext4_release_dquot:6270: comm kworker/u4:5: Failed to release dquot type 0
[  181.439501][ T5806] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  181.589805][ T5834] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #2: block 16: comm syz.1.348: lblock 0 mapped to illegal pblock 16 (length 1)
[  182.219344][ T5812] loop5: detected capacity change from 0 to 32768
[  182.317038][ T5812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.351 (5812)
[  182.370006][ T5812] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  182.422139][ T5812] BTRFS info (device loop5): allowing degraded mounts
[  182.428991][ T5812] BTRFS info (device loop5): enabling auto defrag
[  182.507396][ T5843] loop1: detected capacity change from 0 to 1024
[  182.524219][ T5812] BTRFS info (device loop5): using free space tree
[  182.562171][ T5812] BTRFS info (device loop5): has skinny extents
[  182.573958][ T5843] EXT4-fs (loop1): inline encryption not supported
[  182.580554][ T5843] EXT4-fs (loop1): Ignoring removed nobh option
[  182.607295][ T5843] EXT4-fs (loop1): Ignoring removed bh option
[  182.637690][ T5843] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  182.813026][ T5843] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,nodelalloc,init_itable=0x0000000000000000,inlinecrypt,data_err=ignore,nodiscard,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  182.975033][ T5812] BTRFS error (device loop5): open_ctree failed: -12
[  183.962730][ T4265] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  184.262065][ T4265] usb 1-1: Using ep0 maxpacket: 32
[  184.382303][ T4265] usb 1-1: config 0 has an invalid interface number: 86 but max is 0
[  184.399428][ T4265] usb 1-1: config 0 has no interface number 0
[  184.436574][ T4265] usb 1-1: config 0 interface 86 has no altsetting 0
[  184.632138][ T4265] usb 1-1: New USB device found, idVendor=0bda, idProduct=817f, bcdDevice=1b.68
[  184.661595][ T4265] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.692016][ T4265] usb 1-1: Product: syz
[  184.696247][ T4265] usb 1-1: Manufacturer: syz
[  184.700873][ T4265] usb 1-1: SerialNumber: syz
[  184.727692][ T4265] usb 1-1: config 0 descriptor??
[  184.772005][ T1335] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  185.142222][ T1335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.164332][ T1335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.194846][ T1335] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  185.236707][ T1335] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  185.265900][ T1335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.299590][ T1335] usb 2-1: config 0 descriptor??
[  185.662222][ T5885] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  185.794227][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.810895][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.835345][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.861121][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.891249][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.915547][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.935360][ T1335] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  185.956548][ T1335] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  186.033690][ T1335] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  186.104362][ T1335] usb 2-1: USB disconnect, device number 3
[  186.927505][ T5892] fido_id[5892]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  189.048398][ T5915] loop5: detected capacity change from 0 to 1024
[  189.095434][ T5915] EXT4-fs (loop5): inline encryption not supported
[  189.137469][ T5915] EXT4-fs (loop5): Ignoring removed nobh option
[  189.172696][ T5915] EXT4-fs (loop5): Ignoring removed bh option
[  189.178910][ T5915] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  189.307139][ T5915] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,nodelalloc,init_itable=0x0000000000000000,inlinecrypt,data_err=ignore,nodiscard,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  189.486937][ T5926] loop2: detected capacity change from 0 to 1024
[  190.840876][ T5926] EXT4-fs (loop2): test_dummy_encryption requires encrypt feature
[  191.202052][ T5677] Bluetooth: hci1: command 0x0406 tx timeout
[  191.202446][ T4173] Bluetooth: hci0: command 0x0406 tx timeout
[  191.208150][ T5677] Bluetooth: hci2: command 0x0406 tx timeout
[  191.270925][ T5677] Bluetooth: hci3: command 0x0406 tx timeout
[  192.285506][ T5948] loop5: detected capacity change from 0 to 512
[  192.478411][ T5948] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  192.560929][ T5948] ext4 filesystem being mounted at /47/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.234052][ T5962] netlink: 84 bytes leftover after parsing attributes in process `syz.2.381'.
[  194.256093][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.264923][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  194.832683][ T5962] device vlan0 entered promiscuous mode
[  195.046554][ T5970] loop2: detected capacity change from 0 to 1024
[  195.066718][ T5971] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  195.114532][ T5971] device syzkaller0 entered promiscuous mode
[  195.166364][ T5970] EXT4-fs (loop2): Ignoring removed bh option
[  195.186605][ T5970] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  195.231194][ T5970] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 2: comm syz.2.383: lblock 2 mapped to illegal pblock 2 (length 1)
[  195.258311][ T5973] loop1: detected capacity change from 0 to 1024
[  195.289851][ T5970] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  195.302105][ T5970] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 48: comm syz.2.383: lblock 0 mapped to illegal pblock 48 (length 1)
[  195.337045][ T5973] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869)
[  195.437984][ T5973] EXT4-fs (loop1): barriers disabled
[  195.444327][ T5973] JBD2: no valid journal superblock found
[  195.450088][ T5973] EXT4-fs (loop1): error loading journal
[  195.556808][ T5970] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  195.576166][ T5970] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.383: Failed to acquire dquot type 0
[  195.635710][ T4173] usb 1-1: USB disconnect, device number 4
[  195.644744][ T5970] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  195.691022][ T5970] EXT4-fs error (device loop2): ext4_evict_inode:282: inode #11: comm syz.2.383: mark_inode_dirty error
[  196.292188][ T4173] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  196.367461][ T5970] EXT4-fs warning (device loop2): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  196.398872][ T5970] EXT4-fs (loop2): 1 orphan inode deleted
[  196.404735][ T5970] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,noblock_validity,bh,nodiscard,mblk_io_submit,barrier,,errors=continue. Quota mode: none.
[  196.420875][ T4566] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:13: lblock 1 mapped to illegal pblock 1 (length 1)
[  196.638477][ T5987] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #2: block 16: comm syz.2.383: lblock 0 mapped to illegal pblock 16 (length 1)
[  196.653264][ T4566] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  196.661748][ T4566] EXT4-fs error (device loop2): ext4_release_dquot:6270: comm kworker/u4:13: Failed to release dquot type 0
[  197.001983][ T4173] usb 6-1: Using ep0 maxpacket: 16
[  197.653611][ T5970] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  197.775159][ T5993] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  198.832283][ T4173] usb 6-1: unable to read config index 0 descriptor/all
[  198.839343][ T4173] usb 6-1: can't read configurations, error -71
[  200.275237][ T5676] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  201.442053][ T5676] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  201.460177][ T5676] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.501209][ T5676] usb 3-1: config 0 has no interfaces?
[  201.672235][ T5676] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  201.692101][ T5676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  201.740221][ T5676] usb 3-1: Product: syz
[  201.760807][ T5676] usb 3-1: Manufacturer: syz
[  201.779454][ T5676] usb 3-1: SerialNumber: syz
[  201.815736][ T5676] usb 3-1: config 0 descriptor??
[  201.841723][ T6042] loop5: detected capacity change from 0 to 1024
[  201.865554][ T6042] EXT4-fs (loop5): test_dummy_encryption requires encrypt feature
[  202.082614][ T5676] usb 3-1: USB disconnect, device number 6
[  202.897195][ T6058] loop5: detected capacity change from 0 to 256
[  203.024959][ T6067] netlink: 20 bytes leftover after parsing attributes in process `syz.1.418'.
[  203.078454][ T6058] FAT-fs (loop5): Directory bread(block 64) failed
[  203.085358][ T6058] FAT-fs (loop5): Directory bread(block 65) failed
[  203.097354][ T6058] FAT-fs (loop5): Directory bread(block 66) failed
[  203.112188][ T6058] FAT-fs (loop5): Directory bread(block 67) failed
[  203.124391][ T6058] FAT-fs (loop5): Directory bread(block 68) failed
[  203.165484][ T6074] loop1: detected capacity change from 0 to 512
[  203.192501][ T6058] FAT-fs (loop5): Directory bread(block 69) failed
[  203.199187][ T6058] FAT-fs (loop5): Directory bread(block 70) failed
[  203.230895][ T6058] FAT-fs (loop5): Directory bread(block 71) failed
[  203.238164][ T6058] FAT-fs (loop5): Directory bread(block 72) failed
[  203.249431][ T6074] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  203.267866][ T6058] FAT-fs (loop5): Directory bread(block 73) failed
[  203.337518][ T6074] EXT4-fs (loop1): 1 truncate cleaned up
[  203.376348][ T6074] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  203.928316][ T6086] loop5: detected capacity change from 0 to 1024
[  203.952049][ T6086] EXT4-fs (loop5): test_dummy_encryption requires encrypt feature
[  206.453167][ T1335] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  207.332810][ T1335] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  207.368598][ T1335] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.396765][ T1335] usb 3-1: config 0 has no interfaces?
[  207.692691][ T6155] netlink: 84 bytes leftover after parsing attributes in process `syz.4.444'.
[  207.742559][ T1335] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  207.794685][ T1335] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  207.905126][ T1335] usb 3-1: Product: syz
[  207.960254][ T1335] usb 3-1: Manufacturer: syz
[  208.033505][ T1335] usb 3-1: SerialNumber: syz
[  208.201378][ T1335] usb 3-1: config 0 descriptor??
[  208.595712][ T1335] usb 3-1: USB disconnect, device number 7
[  209.606856][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  209.777061][ T6152] loop5: detected capacity change from 0 to 32768
[  209.871894][ T6152] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.445 (6152)
[  209.976711][ T6152] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  210.005415][ T6152] BTRFS info (device loop5): allowing degraded mounts
[  210.034013][ T6152] BTRFS info (device loop5): enabling auto defrag
[  210.040495][ T6152] BTRFS info (device loop5): using free space tree
[  210.092627][ T6152] BTRFS info (device loop5): has skinny extents
[  210.459119][ T6152] BTRFS info (device loop5): enabling ssd optimizations
[  212.220643][ T6215] loop1: detected capacity change from 0 to 256
[  212.771769][ T6215] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  213.099834][   T26] audit: type=1800 audit(1772226559.290:28): pid=6215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.458" name="file1" dev="loop1" ino=1048610 res=0 errno=0
[  213.263466][ T6225] loop2: detected capacity change from 0 to 16
[  214.959682][ T6225] erofs: (device loop2): mounted with root inode @ nid 36.
[  215.244391][ T1324] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  215.624286][ T1324] usb 6-1: New USB device found, idVendor=056a, idProduct=00bb, bcdDevice= 0.00
[  215.655623][ T1324] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.697256][ T1324] usb 6-1: config 0 descriptor??
[  215.948705][ T6245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.468'.
[  216.225446][ T1324] wacom 0003:056A:00BB.0008: Unknown device_type for 'HID 056a:00bb'. Assuming pen.
[  216.246522][ T1324] wacom 0003:056A:00BB.0008: hidraw0: USB HID v0.02 Device [HID 056a:00bb] on usb-dummy_hcd.5-1/input0
[  216.252282][ T5089] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  216.268211][ T1324] input: Wacom Intuos4 12x19 Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:056A:00BB.0008/input/input6
[  216.623293][ T4229] usb 6-1: USB disconnect, device number 5
[  216.812486][ T5089] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  217.026065][ T5089] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.265352][ T5089] usb 2-1: config 0 has no interfaces?
[  217.295957][ T6253] fido_id[6253]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  217.361173][ T6259] loop2: detected capacity change from 0 to 256
[  217.450574][ T6261] loop5: detected capacity change from 0 to 256
[  217.533295][   T26] audit: type=1800 audit(1772226563.730:29): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.473" name="file1" dev="loop5" ino=1048611 res=0 errno=0
[  217.642677][ T5089] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  217.830041][ T5089] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  217.860968][ T5089] usb 2-1: Product: syz
[  217.925725][ T5089] usb 2-1: Manufacturer: syz
[  217.971017][ T5089] usb 2-1: SerialNumber: syz
[  218.014241][ T5089] usb 2-1: config 0 descriptor??
[  219.700465][ T1324] usb 2-1: USB disconnect, device number 4
[  219.980558][ T6286] loop2: detected capacity change from 0 to 16
[  220.027828][ T6286] erofs: (device loop2): mounted with root inode @ nid 36.
[  221.494545][ T6308] loop2: detected capacity change from 0 to 2048
[  221.511970][ T5676] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  221.658577][ T6308] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  221.687877][ T6308] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  221.708943][ T6312] ipt_CLUSTERIP: Please specify destination IP
[  221.752031][ T5676] usb 6-1: Using ep0 maxpacket: 16
[  221.800374][ T6308] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 28
[  221.832315][ T6308] EXT4-fs (loop2): This should not happen!! Data will be lost
[  221.832315][ T6308] 
[  221.864392][ T6308] EXT4-fs (loop2): Total free blocks count 0
[  221.870874][ T6308] EXT4-fs (loop2): Free/Dirty block details
[  221.880713][ T5676] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  221.896085][ T5676] usb 6-1: config 1 has no interface number 1
[  221.903837][ T6308] EXT4-fs (loop2): free_blocks=4096
[  221.909166][ T6308] EXT4-fs (loop2): dirty_blocks=16
[  221.932044][ T5676] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  221.949758][ T6308] EXT4-fs (loop2): Block reservation details
[  221.956124][ T5676] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  221.975139][ T6308] EXT4-fs (loop2): i_reserved_data_blocks=1
[  221.981260][ T5676] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  222.020336][ T4389] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  222.053884][ T4389] EXT4-fs (loop2): This should not happen!! Data will be lost
[  222.053884][ T4389] 
[  222.124849][ T6306] loop1: detected capacity change from 0 to 40427
[  222.162106][ T5676] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  222.180045][ T5676] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.197577][ T5676] usb 6-1: Product: syz
[  222.206715][ T5676] usb 6-1: Manufacturer: syz
[  222.211469][ T5676] usb 6-1: SerialNumber: syz
[  222.270059][ T6306] F2FS-fs (loop1): invalid crc value
[  222.344902][ T6325] loop2: detected capacity change from 0 to 128
[  222.624613][ T6306] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  222.883986][ T4173] Bluetooth: hci4: command 0x0405 tx timeout
[  223.121825][ T6306] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  224.502220][ T5676] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[  224.562052][ T5676] usb 6-1: 2:1: cannot set freq 9338507 to ep 0x82
[  224.628557][ T5676] usb 6-1: USB disconnect, device number 6
[  224.945069][ T5492] udevd[5492]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  225.232127][ T5676] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  225.601947][ T5676] usb 6-1: Using ep0 maxpacket: 16
[  225.722100][ T5676] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.762057][ T5676] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.812012][ T5676] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  225.867667][ T5676] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.932608][ T5676] usb 6-1: config 0 descriptor??
[  226.370752][ T6363] loop1: detected capacity change from 0 to 16
[  226.430528][ T6363] erofs: (device loop1): mounted with root inode @ nid 36.
[  226.534554][ T5676] hid-multitouch 0003:1FD2:6007.0009: unknown main item tag 0x0
[  226.572078][ T5676] hid-multitouch 0003:1FD2:6007.0009: item fetching failed at offset 1/5
[  226.619264][ T5676] hid-multitouch: probe of 0003:1FD2:6007.0009 failed with error -22
[  226.919639][ T5676] usb 6-1: USB disconnect, device number 7
[  227.032619][ T1324] Bluetooth: hci4: command 0x0406 tx timeout
[  228.517323][ T6359] loop2: detected capacity change from 0 to 32768
[  228.569336][ T6359] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.503 (6359)
[  228.656332][ T6359] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  228.685784][ T6359] BTRFS info (device loop2): allowing degraded mounts
[  228.704449][ T6359] BTRFS info (device loop2): enabling auto defrag
[  228.741836][ T6359] BTRFS info (device loop2): using free space tree
[  228.761347][ T6359] BTRFS info (device loop2): has skinny extents
[  229.767012][ T6405] loop1: detected capacity change from 0 to 256
[  229.776853][ T6359] BTRFS error (device loop2): open_ctree failed: -12
[  230.071755][ T6417] loop5: detected capacity change from 0 to 16
[  231.266307][ T6417] erofs: (device loop5): mounted with root inode @ nid 36.
[  232.704482][ T6436] loop5: detected capacity change from 0 to 256
[  232.789415][ T6434] loop1: detected capacity change from 0 to 4096
[  232.996036][ T6434] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  238.896808][ T6506] loop1: detected capacity change from 0 to 512
[  239.028065][ T6506] EXT4-fs (loop1): Test dummy encryption mode enabled
[  239.058424][ T6506] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  239.106068][ T6506] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.542: bad orphan inode 131083
[  239.126485][ T6506] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,norecovery,,errors=continue. Quota mode: none.
[  239.211950][ T6227] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  240.646111][ T6506] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  242.220160][ T6541] loop2: detected capacity change from 0 to 1024
[  242.252044][ T6227] usb 6-1: unable to read config index 0 descriptor/all
[  242.272117][ T6227] usb 6-1: can't read configurations, error -71
[  242.303209][ T6543] loop5: detected capacity change from 0 to 512
[  242.365576][ T6543] EXT4-fs (loop5): 1 truncate cleaned up
[  242.375979][ T6543] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  243.948887][ T6541] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  244.171045][ T6570] loop5: detected capacity change from 0 to 512
[  244.266275][ T6570] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  244.492544][   T26] audit: type=1804 audit(1772226846.684:30): pid=6570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.557" name="/newroot/70/file0/file1" dev="loop5" ino=15 res=1 errno=0
[  244.612653][ T4406] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm kworker/u4:10: Invalid inode table block 4 in block_group 0
[  246.999114][ T6615] 9pnet: Insufficient options for proto=fd
[  249.493779][ T6609] loop5: detected capacity change from 0 to 32768
[  249.568845][ T6609] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.574 (6609)
[  249.599462][ T6640] loop2: detected capacity change from 0 to 256
[  249.611582][ T6609] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  249.620869][ T6609] BTRFS info (device loop5): allowing degraded mounts
[  249.628038][ T6609] BTRFS info (device loop5): enabling auto defrag
[  249.634955][ T6609] BTRFS info (device loop5): using free space tree
[  249.711669][ T6609] BTRFS info (device loop5): has skinny extents
[  250.175818][ T6640] FAT-fs (loop2): Directory bread(block 64) failed
[  250.562382][ T6640] FAT-fs (loop2): Directory bread(block 65) failed
[  250.569032][ T6640] FAT-fs (loop2): Directory bread(block 66) failed
[  250.782213][ T6640] FAT-fs (loop2): Directory bread(block 67) failed
[  250.810003][ T6640] FAT-fs (loop2): Directory bread(block 68) failed
[  250.848703][ T6640] FAT-fs (loop2): Directory bread(block 69) failed
[  250.864545][ T6640] FAT-fs (loop2): Directory bread(block 70) failed
[  250.893740][ T6640] FAT-fs (loop2): Directory bread(block 71) failed
[  250.901044][ T6640] FAT-fs (loop2): Directory bread(block 72) failed
[  251.017897][ T6640] FAT-fs (loop2): Directory bread(block 73) failed
[  251.577109][ T6609] BTRFS error (device loop5): open_ctree failed: -12
[  251.648143][ T5516] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (5516)
[  252.812308][ T6691] loop5: detected capacity change from 0 to 512
[  252.869670][ T6691] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  252.962800][ T6691] EXT4-fs (loop5): 1 truncate cleaned up
[  252.968656][ T6691] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  254.975228][ T6711] device syzkaller0 entered promiscuous mode
[  255.683825][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  255.691050][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  259.195757][ T6754] kernel profiling enabled (shift: 9)
[  259.601743][ T6756] device syzkaller0 entered promiscuous mode
[  259.718197][ T6763] loop5: detected capacity change from 0 to 512
[  259.777796][ T6763] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  260.101000][ T6763] EXT4-fs (loop5): 1 truncate cleaned up
[  260.107130][ T6763] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  263.621310][ T6820] loop2: detected capacity change from 0 to 256
[  275.338462][ T6916] loop5: detected capacity change from 0 to 512
[  275.440171][ T6916] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[  275.758260][ T6921] netlink: 'syz.5.661': attribute type 11 has an invalid length.
[  275.829024][ T6921] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.661'.
[  276.182382][ T5090] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  276.747654][ T5090] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.779118][ T5090] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.852155][ T5090] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  276.905783][ T5090] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  276.982701][ T5090] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.070042][ T5090] usb 2-1: config 0 descriptor??
[  277.577627][ T5090] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  277.638705][ T5090] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  277.919686][ T6938] syz.1.664 uses obsolete (PF_INET,SOCK_PACKET)
[  280.628075][ T5091] usb 2-1: USB disconnect, device number 5
[  281.949951][ T6968] loop5: detected capacity change from 0 to 1024
[  282.136347][ T6968] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  282.261634][ T6968] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  282.308190][ T6975] loop1: detected capacity change from 0 to 1024
[  282.573807][ T6975] EXT4-fs (loop1): Ignoring removed orlov option
[  284.601294][ T6985] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  285.051822][ T6975] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,bsddf,usrjquota=,inode_readahead_blks=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,grpjquota=,,errors=continue. Quota mode: none.
[  288.587412][ T7027] loop1: detected capacity change from 0 to 512
[  289.751677][ T7027] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  289.808417][ T7027] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.963669][ T7027] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  290.041140][ T7027] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28
[  290.054092][ T7027] EXT4-fs (loop1): This should not happen!! Data will be lost
[  290.054092][ T7027] 
[  290.064100][ T7027] EXT4-fs (loop1): Total free blocks count 0
[  290.070129][ T7027] EXT4-fs (loop1): Free/Dirty block details
[  290.077039][ T7027] EXT4-fs (loop1): free_blocks=65281
[  290.082556][ T7027] EXT4-fs (loop1): dirty_blocks=1
[  290.087610][ T7027] EXT4-fs (loop1): Block reservation details
[  290.095754][ T7027] EXT4-fs (loop1): i_reserved_data_blocks=1
[  292.536439][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.701'.
[  292.691275][ T7078] loop1: detected capacity change from 0 to 256
[  292.784856][ T7084] fuseblk: Bad value for 'fd'
[  293.973047][ T7078] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  295.442215][ T6425] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  295.999791][ T7110] loop1: detected capacity change from 0 to 4096
[  296.087062][ T7110] EXT4-fs (loop1): Test dummy encryption mode enabled
[  296.262708][ T6425] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.435959][ T7110] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,noauto_da_alloc,barrier,test_dummy_encryption=v1,nodiscard,data_err=ignore,acl,init_itable=0x000000000000d530,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  296.497703][ T6425] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  296.761630][ T6425] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.870298][ T6425] usb 6-1: config 0 descriptor??
[  298.952162][ T6425] usbhid 6-1:0.0: can't add hid device: -71
[  298.964586][ T6425] usbhid: probe of 6-1:0.0 failed with error -71
[  299.498507][ T6425] usb 6-1: USB disconnect, device number 10
[  301.522101][ T1324] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  301.775895][ T1324] usb 2-1: Using ep0 maxpacket: 8
[  301.893239][ T1324] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  301.926446][ T1324] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  301.971974][ T1324] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  301.994917][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.035435][ T1324] usb 2-1: config 0 descriptor??
[  302.319603][ T6425] usb 2-1: USB disconnect, device number 6
[  302.463513][ T7189] loop1: detected capacity change from 0 to 512
[  302.606689][ T7189] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,,errors=continue. Quota mode: writeback.
[  302.633131][ T7189] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.182923][ T7199] overlayfs: failed to resolve './file1': -2
[  304.306837][ T7207] fuse: Bad value for 'fd'
[  304.316578][ T7207] netlink: 16 bytes leftover after parsing attributes in process `syz.4.740'.
[  306.951309][ T7231] loop5: detected capacity change from 0 to 512
[  307.065570][ T7231] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  307.185721][ T7231] EXT4-fs (loop5): 1 truncate cleaned up
[  307.205879][ T7231] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  307.475845][ T7245] loop1: detected capacity change from 0 to 512
[  307.581983][ T7245] EXT4-fs (loop1): Ignoring removed nobh option
[  307.618864][ T7245] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  307.668010][ T7245] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002]
[  307.687883][ T7245] EXT4-fs (loop1): orphan cleanup on readonly fs
[  307.706747][ T7245] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.752: bg 0: block 273: padding at end of block bitmap is not set
[  307.911134][ T7245] EXT4-fs (loop1): Remounting filesystem read-only
[  308.044083][ T7245] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6194: Corrupt filesystem
[  308.201587][ T7245] EXT4-fs (loop1): Remounting filesystem read-only
[  308.439969][ T7245] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.752: attempt to clear invalid blocks 1024 len 1
[  308.575910][ T7245] EXT4-fs (loop1): Remounting filesystem read-only
[  308.622027][ T7245] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.752: invalid indirect mapped block 1811939328 (level 0)
[  308.660041][ T7245] EXT4-fs (loop1): Remounting filesystem read-only
[  308.677652][ T7245] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.752: invalid indirect mapped block 2185560079 (level 1)
[  308.723342][ T7245] EXT4-fs (loop1): Remounting filesystem read-only
[  308.733683][ T7245] EXT4-fs (loop1): 1 truncate cleaned up
[  308.739474][ T7245] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,noblock_validity,nobh,errors=remount-ro,max_dir_size_kb=0x00000000000000ff. Quota mode: none.
[  308.906912][ T7245] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.752: dx entry: limit 0 != root limit 125
[  308.924332][ T7245] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.752: Corrupt directory, running e2fsck is recommended
[  308.982191][ T7245] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 5: comm syz.1.752: path /146/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  311.046521][ T7286] loop1: detected capacity change from 0 to 256
[  311.141082][ T7286] FAT-fs (loop1): Directory bread(block 64) failed
[  311.148244][ T7286] FAT-fs (loop1): Directory bread(block 65) failed
[  311.162784][ T7286] FAT-fs (loop1): Directory bread(block 66) failed
[  311.188879][ T7286] FAT-fs (loop1): Directory bread(block 67) failed
[  311.273339][ T7286] FAT-fs (loop1): Directory bread(block 68) failed
[  311.425307][ T7286] FAT-fs (loop1): Directory bread(block 69) failed
[  311.609974][ T7286] FAT-fs (loop1): Directory bread(block 70) failed
[  311.776792][ T7286] FAT-fs (loop1): Directory bread(block 71) failed
[  312.024630][ T7286] FAT-fs (loop1): Directory bread(block 72) failed
[  312.031232][ T7286] FAT-fs (loop1): Directory bread(block 73) failed
[  313.988490][ T7365] loop1: detected capacity change from 0 to 1024
[  314.053780][ T7365] EXT4-fs (loop1): test_dummy_encryption requires encrypt feature
[  316.978129][ T7385] loop1: detected capacity change from 0 to 40427
[  317.048313][ T7385] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[  317.077362][ T7385] F2FS-fs (loop1): invalid crc value
[  317.111690][ T7385] F2FS-fs (loop1): Found nat_bits in checkpoint
[  317.126734][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  317.133208][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  317.298330][ T7385] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  317.628631][ T4184] attempt to access beyond end of device
[  317.628631][ T4184] loop1: rw=2049, want=45104, limit=40427
[  318.962216][ T5091] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  319.522496][ T5091] usb 6-1: config 11 has too many interfaces: 35, using maximum allowed: 32
[  319.541306][ T5091] usb 6-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config
[  319.585575][ T5091] usb 6-1: config 11 has 1 interface, different from the descriptor's value: 35
[  319.629611][ T7414] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  319.636850][ T5091] usb 6-1: config 11 has no interface number 0
[  319.656694][ T5091] usb 6-1: too many endpoints for config 11 interface 6 altsetting 6: 201, using maximum allowed: 30
[  319.799196][ T7416] loop1: detected capacity change from 0 to 512
[  319.844748][ T5091] usb 6-1: config 11 interface 6 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 201
[  319.858086][ T5091] usb 6-1: config 11 interface 6 has no altsetting 0
[  319.894757][ T7416] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  320.452146][ T5091] usb 6-1: New USB device found, idVendor=2184, idProduct=0036, bcdDevice=68.fd
[  320.494714][ T7416] EXT4-fs (loop1): 1 truncate cleaned up
[  320.500605][ T7416] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  320.529530][ T5091] usb 6-1: New USB device strings: Mfr=21, Product=2, SerialNumber=3
[  320.580238][ T5091] usb 6-1: Product: syz
[  320.604621][ T5091] usb 6-1: Manufacturer: syz
[  320.609292][ T5091] usb 6-1: SerialNumber: syz
[  321.078245][ T5091] usb 6-1: USB disconnect, device number 11
[  327.271288][ T7479] overlayfs: failed to clone upperpath
[  327.781946][ T1335] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  328.142206][ T1335] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.171928][ T1335] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  328.211980][ T1335] usb 2-1: config 0 interface 0 has no altsetting 0
[  328.218678][ T1335] usb 2-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  328.271899][ T1335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.305762][ T1335] usb 2-1: config 0 descriptor??
[  328.664558][ T1335] usbhid 2-1:0.0: can't add hid device: -71
[  328.680802][ T1335] usbhid: probe of 2-1:0.0 failed with error -71
[  328.707050][ T1335] usb 2-1: USB disconnect, device number 7
[  329.558453][ T7494] tipc: Started in network mode
[  329.646149][ T7494] tipc: Node identity 4, cluster identity 4711
[  329.776163][ T7494] tipc: Node number set to 4
[  331.841392][ T5091] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  332.272777][ T5091] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  332.422569][ T5091] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  332.675899][ T5091] usb 2-1: config 0 has no interfaces?
[  333.004105][ T5091] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  333.031900][ T5091] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  333.040043][ T5091] usb 2-1: Product: syz
[  333.050228][ T5091] usb 2-1: Manufacturer: syz
[  333.055193][ T5091] usb 2-1: SerialNumber: syz
[  333.071405][ T5091] usb 2-1: config 0 descriptor??
[  334.951988][ T5091] usb 2-1: can't set config #0, error -71
[  334.959599][ T5091] usb 2-1: USB disconnect, device number 8
[  335.826947][ T7542] tmpfs: Unknown parameter 'fscontext'
[  336.822220][ T5093] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  337.442589][ T5093] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.646390][ T5093] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  337.657588][ T5093] usb 2-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0x0, skipping
[  337.668600][ T5093] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  337.982065][ T5093] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  337.994542][ T5093] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  338.008641][ T5093] usb 2-1: Product: syz
[  338.042399][ T5093] usb 2-1: SerialNumber: syz
[  338.408618][ T6425] kernel write not supported for file /input/event0 (pid: 6425 comm: kworker/1:16)
[  338.704507][ T7574] loop5: detected capacity change from 0 to 2048
[  338.783361][ T7574] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  338.862728][ T7574] netlink: 20 bytes leftover after parsing attributes in process `syz.5.830'.
[  338.918040][ T7574] device vlan0 entered promiscuous mode
[  338.941669][ T7574] device dummy0 entered promiscuous mode
[  339.180500][ T7579] loop5: detected capacity change from 0 to 256
[  339.532166][ T5093] cdc_ncm 2-1:1.0: bind() failure
[  339.549729][ T5093] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  340.215996][ T5093] cdc_ncm 2-1:1.1: bind() failure
[  340.466496][ T5093] usb 2-1: USB disconnect, device number 9
[  340.910528][ T7594] device gretap0 entered promiscuous mode
[  340.922200][ T7594] device vlan2 entered promiscuous mode
[  342.905192][ T5091] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  344.514316][ T5091] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  344.705228][ T5091] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  344.927263][ T5091] usb 1-1: config 0 has no interfaces?
[  345.827255][ T7649] loop1: detected capacity change from 0 to 512
[  346.014233][ T7649] EXT4-fs (loop1): Ignoring removed bh option
[  346.131977][ T5091] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  346.141093][ T5091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  346.154490][ T5091] usb 1-1: config 0 descriptor??
[  346.164397][ T7649] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  346.181980][ T5091] usb 1-1: can't set config #0, error -71
[  346.189861][ T5091] usb 1-1: USB disconnect, device number 5
[  346.216997][ T7649] ext4 filesystem being mounted at /166/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  346.957106][ T7676] loop1: detected capacity change from 0 to 512
[  347.040117][ T7676] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  347.222131][ T7680] capability: warning: `syz.4.862' uses 32-bit capabilities (legacy support in use)
[  347.431050][ T7334] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  347.844398][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  352.132667][ T7720] loop1: detected capacity change from 0 to 256
[  352.212588][ T7720] exfat: Deprecated parameter 'utf8'
[  352.313650][ T7720] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3e6496f2, utbl_chksum : 0xe619d30d)
[  352.381922][ T5676] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  353.672099][ T5676] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  353.711001][ T5676] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.757723][ T5676] usb 6-1: config 0 has no interfaces?
[  353.942253][ T5676] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  353.961718][ T5676] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  354.391062][ T5676] usb 6-1: Product: syz
[  354.396089][ T5676] usb 6-1: Manufacturer: syz
[  354.400790][ T5676] usb 6-1: SerialNumber: syz
[  354.418353][ T5676] usb 6-1: config 0 descriptor??
[  354.668481][ T5676] usb 6-1: USB disconnect, device number 12
[  356.591387][ T7765] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  361.370457][ T7818] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  361.875207][ T7825] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  362.957087][ T7841] loop1: detected capacity change from 0 to 512
[  363.195950][ T7841] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  363.219516][ T7841] ext4 filesystem being mounted at /178/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  365.212872][ T7883] loop5: detected capacity change from 0 to 1024
[  365.278621][ T7883] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  365.381285][ T7883] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  365.679242][ T7894] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  366.775466][ T7906] loop1: detected capacity change from 0 to 512
[  366.863312][ T7906] FAT-fs (loop1): Unrecognized mount option "" or missing value
[  367.336823][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  369.511217][ T7949] loop5: detected capacity change from 0 to 512
[  369.542114][ T7948] loop1: detected capacity change from 0 to 1024
[  369.572037][ T7948] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  369.686296][ T7949] EXT4-fs (loop5): orphan cleanup on readonly fs
[  369.723799][ T7949] EXT4-fs warning (device loop5): ext4_enable_quotas:6486: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  369.813247][ T7949] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  369.822581][ T7949] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #13: comm syz.5.937: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  370.275979][ T7949] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.937: couldn't read orphan inode 13 (err -117)
[  370.304026][ T7949] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,noblock_validity,min_batch_time=0x0000000000000514,grpjquota=,stripe=0x0000000000000007,journal_ioprio=0x0000000000000001,grpid,,errors=continue. Quota mode: writeback.
[  370.329736][ T7948] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  370.928575][ T7972] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  371.130855][ T1335] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  371.852079][ T5093] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  373.072057][ T1335] usb 6-1: device descriptor read/all, error -71
[  374.042306][ T5093] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  374.293762][ T5093] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  374.522039][ T5093] usb 1-1: config 0 has no interfaces?
[  374.612120][ T5093] usb 1-1: string descriptor 0 read error: -71
[  374.618989][ T5093] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  375.797935][ T5093] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  375.813764][ T5093] usb 1-1: config 0 descriptor??
[  375.835952][ T5093] usb 1-1: can't set config #0, error -71
[  375.849816][ T5093] usb 1-1: USB disconnect, device number 6
[  375.920080][ T8018] netlink: 16 bytes leftover after parsing attributes in process `syz.5.958'.
[  376.125260][ T8022] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  376.322483][ T8026] kvm: pic: level sensitive irq not supported
[  376.322914][ T8026] kvm: pic: non byte write
[  376.334168][ T8026] kvm: pic: non byte write
[  382.181223][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  382.215639][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  382.411066][ T1335] Bluetooth: hci4: command 0x0405 tx timeout
[  382.733374][ T5676] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  383.562095][ T5676] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  383.594045][ T5676] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  383.618296][ T5676] usb 6-1: config 0 has no interfaces?
[  383.720092][ T8072] IPv6: sit1: Disabled Multicast RS
[  384.973472][ T5676] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  385.171185][ T5676] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  385.179811][ T5676] usb 6-1: Product: syz
[  385.407416][ T8086] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  385.513211][ T5676] usb 6-1: Manufacturer: syz
[  385.961860][ T5676] usb 6-1: SerialNumber: syz
[  385.969096][ T5676] usb 6-1: config 0 descriptor??
[  386.951328][ T5676] usb 6-1: can't set config #0, error -71
[  386.958343][ T5676] usb 6-1: USB disconnect, device number 15
[  387.938084][ T8100] loop5: detected capacity change from 0 to 1024
[  387.953514][ T8102] loop1: detected capacity change from 0 to 1024
[  388.027954][ T8102] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  388.104130][ T8100] EXT4-fs (loop5): test_dummy_encryption requires encrypt feature
[  388.739625][ T8129] loop1: detected capacity change from 0 to 512
[  388.827229][ T8129] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  388.963762][ T8129] EXT4-fs (loop1): 1 truncate cleaned up
[  388.969506][ T8129] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  390.172091][ T8142] loop5: detected capacity change from 0 to 16
[  390.265024][ T8142] erofs: Unknown parameter 'Noacl'
[  390.325483][ T8144] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.992'.
[  391.801968][ T8175] tipc: Started in network mode
[  391.806907][ T8175] tipc: Node identity b64e5540d72e, cluster identity 4711
[  391.880151][ T8175] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  391.922547][ T8181] device syzkaller0 entered promiscuous mode
[  392.027776][ T8174] tipc: Resetting bearer <eth:syzkaller0>
[  392.034706][ T8186] netlink: 'syz.2.1002': attribute type 29 has an invalid length.
[  392.160294][ T8174] tipc: Disabling bearer <eth:syzkaller0>
[  392.214513][ T8186] netlink: 'syz.2.1002': attribute type 29 has an invalid length.
[  392.242707][ T8188] netlink: 'syz.2.1002': attribute type 29 has an invalid length.
[  393.462027][ T6425] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  394.052045][ T6425] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  394.103242][ T8200] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  394.110850][ T6425] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  394.295717][ T6425] usb 2-1: config 0 has no interfaces?
[  395.700112][ T8213] loop5: detected capacity change from 0 to 512
[  395.784817][ T8213] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  395.864921][ T8213] EXT4-fs (loop5): 1 truncate cleaned up
[  395.881509][ T8213] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  396.403094][ T8220] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  397.971972][ T6425] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  398.912957][ T6425] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  398.941864][ T6425] usb 2-1: config 0 descriptor??
[  398.962004][ T6425] usb 2-1: can't set config #0, error -71
[  398.972031][ T6425] usb 2-1: USB disconnect, device number 10
[  401.791083][ T8273] loop5: detected capacity change from 0 to 512
[  401.958568][ T8273] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  402.065840][ T8273] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  402.186526][ T8273] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #2: comm syz.5.1028: corrupted inode contents
[  402.221594][ T8273] EXT4-fs error (device loop5): ext4_dirty_inode:6058: inode #2: comm syz.5.1028: mark_inode_dirty error
[  402.308498][ T8273] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #2: comm syz.5.1028: corrupted inode contents
[  402.652184][ T8273] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.1028: mark_inode_dirty error
[  403.175650][ T8294] loop1: detected capacity change from 0 to 512
[  403.317313][ T8290] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #18: comm syz.5.1028: directory missing '.'
[  403.336576][ T8298] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1035'.
[  403.368506][ T8294] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  403.432086][ T8294] EXT4-fs (loop1): 1 truncate cleaned up
[  403.438093][ T8294] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  405.150198][ T8326] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.1045'.
[  405.262802][ T8326] netlink: zone id is out of range
[  405.655784][ T8333] netlink: 'syz.4.1049': attribute type 29 has an invalid length.
[  405.747650][ T8336] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1050'.
[  405.797604][ T8333] netlink: 'syz.4.1049': attribute type 29 has an invalid length.
[  405.853431][ T8334] netlink: 'syz.4.1049': attribute type 29 has an invalid length.
[  408.511857][ T5093] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  408.631847][ T5090] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  409.032133][ T5090] usb 6-1: Using ep0 maxpacket: 8
[  409.132027][ T6425] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  409.152178][ T5090] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  409.160980][ T5090] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  409.175652][ T5090] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  409.188057][ T5090] usb 6-1: config 250 has no interface number 0
[  409.199221][ T5090] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  409.212824][ T5090] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  409.228312][ T5090] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  409.241197][ T5090] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  409.252333][ T5093] usb 2-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be
[  409.261417][ T5093] usb 2-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  409.276347][ T5090] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  409.292504][ T5093] usb 2-1: Product: syz
[  409.296713][ T5093] usb 2-1: Manufacturer: syz
[  409.301335][ T5093] usb 2-1: SerialNumber: syz
[  409.307504][ T5090] usb 6-1: config 250 interface 228 has no altsetting 0
[  409.319110][ T5093] usb 2-1: config 0 descriptor??
[  409.411967][ T6425] usb 1-1: Using ep0 maxpacket: 16
[  409.434706][ T5090] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  409.443941][ T5090] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  409.452929][ T5090] usb 6-1: Product: syz
[  409.457214][ T5090] usb 6-1: SerialNumber: syz
[  409.503355][ T5090] hub 6-1:250.228: bad descriptor, ignoring hub
[  409.509900][ T5090] hub: probe of 6-1:250.228 failed with error -5
[  409.553976][ T6425] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  409.564279][ T6425] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA1, skipping
[  409.592052][ T5093] peak_usb 2-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels)
[  409.731208][ T5090] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 16 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  409.742989][ T6425] usb 1-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  409.757302][ T6425] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.765552][ T6425] usb 1-1: Product: syz
[  409.769745][ T6425] usb 1-1: Manufacturer: syz
[  409.774724][ T6425] usb 1-1: SerialNumber: syz
[  409.784737][ T6425] usb 1-1: config 0 descriptor??
[  409.802045][ T5093] peak_usb 2-1:0.0 can0: sending command failure: -22
[  409.808999][ T5093] peak_usb 2-1:0.0 can0: sending command failure: -22
[  409.819554][ T5093] peak_usb 2-1:0.0 can0: sending command failure: -22
[  409.828406][ T6425] appledisplay 1-1:0.0: Could not find int-in endpoint
[  409.838586][ T6425] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  409.902745][ T5093] peak_usb: probe of 2-1:0.0 failed with error -22
[  410.008817][ T5093] usb 2-1: USB disconnect, device number 12
[  410.029563][ T5676] usb 1-1: USB disconnect, device number 7
[  410.338503][ T8362] usb 6-1: reset high-speed USB device number 16 using dummy_hcd
[  410.670072][ T8388] loop1: detected capacity change from 0 to 512
[  410.708113][ T8388] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  410.747699][ T8388] EXT4-fs (loop1): 1 truncate cleaned up
[  410.758658][ T8388] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  411.162369][ T8362] usb 6-1: failed to restore interface 228 altsetting 255 (error=-71)
[  411.585657][ T1324] usb 6-1: USB disconnect, device number 16
[  411.595986][ T1324] usblp0: removed
[  412.191815][ T1324] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  412.491849][ T1324] usb 1-1: Using ep0 maxpacket: 32
[  412.640189][ T1324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.669055][ T1324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.702329][ T1324] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  412.711498][ T1324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.808015][ T1324] usb 1-1: config 0 descriptor??
[  412.851891][ T5093] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  412.883165][ T1324] hub 1-1:0.0: USB hub found
[  413.062016][ T5090] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  413.222628][ T5093] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  413.248466][ T5093] usb 6-1: config 0 has no interface number 0
[  413.442326][ T5090] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  413.475923][ T5090] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  413.492081][ T5093] usb 6-1: New USB device found, idVendor=187f, idProduct=0010, bcdDevice=ee.4d
[  413.533576][ T5093] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.607491][ T5090] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  413.623929][ T5093] usb 6-1: Product: syz
[  413.663219][ T5093] usb 6-1: Manufacturer: syz
[  413.769010][ T1324] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  413.788435][ T5090] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  413.799734][ T5093] usb 6-1: SerialNumber: syz
[  413.805577][ T5090] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  413.817766][ T5093] usb 6-1: config 0 descriptor??
[  413.876846][ T1324] hid-generic 0003:046D:C31C.000B: unknown main item tag 0x0
[  413.901334][ T1324] hid-generic 0003:046D:C31C.000B: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0
[  413.942072][ T5090] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  413.951200][ T5090] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  413.976362][ T5090] usb 2-1: Product: syz
[  413.980599][ T5090] usb 2-1: Manufacturer: syz
[  414.044347][ T5090] cdc_wdm 2-1:1.0: skipping garbage
[  414.049741][ T5090] cdc_wdm 2-1:1.0: skipping garbage
[  414.079094][ T5090] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  414.098768][ T5090] cdc_wdm 2-1:1.0: Unknown control protocol
[  414.106678][ T5093] smsusb:smsusb_probe: board id=13, interface number 1
[  414.122389][ T5093] smsusb:smsusb_probe: stellar device in cold state was found at usb\6-1.
[  414.159141][ T5093] usb 6-1: Direct firmware load for dvbt_bda_stellar_usb.inp failed with error -2
[  414.181668][ T5093] usb 6-1: Falling back to sysfs fallback for: dvbt_bda_stellar_usb.inp
[  414.301982][ T8439] udc-core: couldn't find an available UDC or it's busy
[  414.309190][ T8439] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  414.319023][ T8439] udc-core: couldn't find an available UDC or it's busy
[  414.326170][ T8439] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  414.335835][ T8439] udc-core: couldn't find an available UDC or it's busy
[  414.344359][ T8439] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  414.517978][ T8407] usb 1-1: reset high-speed USB device number 8 using dummy_hcd
[  414.553245][ T8439] udc-core: couldn't find an available UDC or it's busy
[  414.560274][ T8439] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  414.769616][ T8439] udc-core: couldn't find an available UDC or it's busy
[  414.776775][ T8439] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  415.303123][ T1335] usb 1-1: USB disconnect, device number 8
[  416.567391][ T1324] usb 2-1: USB disconnect, device number 13
[  416.982064][ T6425] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  417.041834][ T1324] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  417.292188][ T6425] usb 1-1: too many configurations: 70, using maximum allowed: 8
[  417.382333][ T6425] usb 1-1: config index 0 descriptor too short (expected 65016, got 133)
[  417.396829][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.482142][ T6425] usb 1-1: config index 1 descriptor too short (expected 65016, got 133)
[  417.496520][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.572317][ T1324] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  417.588316][ T1324] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.597139][ T1324] usb 2-1: Product: syz
[  417.601353][ T1324] usb 2-1: Manufacturer: syz
[  417.602386][ T6425] usb 1-1: config index 2 descriptor too short (expected 65016, got 133)
[  417.619620][ T1324] usb 2-1: SerialNumber: syz
[  417.634864][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.646945][ T1324] usb 2-1: config 0 descriptor??
[  417.723977][ T1324] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 014
[  417.772069][ T6425] usb 1-1: config index 3 descriptor too short (expected 65016, got 133)
[  417.785939][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.912552][ T6425] usb 1-1: config index 4 descriptor too short (expected 65016, got 133)
[  417.997888][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.212918][ T6425] usb 1-1: config index 5 descriptor too short (expected 65016, got 133)
[  418.252285][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.432949][ T6425] usb 1-1: config index 6 descriptor too short (expected 65016, got 133)
[  418.465968][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.852037][ T6425] usb 1-1: config index 7 descriptor too short (expected 65016, got 133)
[  418.860549][ T6425] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  419.013294][ T1324] i2c i2c-1: failure reading functionality
[  419.031097][ T1324] i2c i2c-1: connected i2c-tiny-usb device
[  419.046188][ T1324] usb 2-1: USB disconnect, device number 14
[  419.082110][ T6425] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  419.096539][ T6425] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.105184][ T6425] usb 1-1: Product: syz
[  419.109421][ T6425] usb 1-1: Manufacturer: syz
[  419.121400][ T6425] usb 1-1: SerialNumber: syz
[  419.163695][ T6425] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  419.715626][ T1324] usb 1-1: USB disconnect, device number 9
[  419.739726][ T6425] usb 1-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  419.758068][ T1324] usb 1-1: ath9k_htc: USB layer deinitialized
[  420.951891][ T1324] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  421.231982][ T1324] usb 1-1: Using ep0 maxpacket: 8
[  421.392068][ T1324] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  421.415999][ T1324] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  421.427551][ T1324] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  421.437843][ T1324] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  421.448273][ T1324] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  421.462223][ T1324] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  421.472714][ T1324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.741958][ T1324] usb 1-1: usb_control_msg returned -32
[  421.747682][ T1324] usbtmc 1-1:16.0: can't read capabilities
[  421.818852][ T8533] loop5: detected capacity change from 0 to 512
[  422.152008][ T8534] usbtmc 1-1:16.0: usb_control_msg returned -32
[  422.162755][ T6425] usb 1-1: USB disconnect, device number 10
[  422.571037][ T8533] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  422.777689][ T8533] EXT4-fs (loop5): 1 truncate cleaned up
[  422.874604][ T8533] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  424.751978][ T1324] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  425.037731][ T1324] usb 2-1: Using ep0 maxpacket: 16
[  425.183526][ T1324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.297907][ T1324] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  425.458957][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.820064][ T1324] usb 2-1: config 0 descriptor??
[  426.306653][ T1324] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  426.314170][ T1324] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  426.321884][ T1324] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  426.329303][ T1324] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  426.336887][ T1324] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  426.344721][ T1324] cm6533_jd 0003:0D8C:0022.000C: No inputs registered, leaving
[  426.358524][ T1324] cm6533_jd 0003:0D8C:0022.000C: hiddev0,hidraw0: USB HID v0.05 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  426.606216][ T5299] usb 2-1: USB disconnect, device number 15
[  426.647196][ T8610] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  427.171670][ T8623] loop1: detected capacity change from 0 to 512
[  427.302570][ T8623] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  427.391177][ T8623] EXT4-fs (loop1): 1 truncate cleaned up
[  427.401667][ T8623] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  427.534743][ T8636] xt_hashlimit: size too large, truncated to 1048576
[  430.529184][ T8669] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  431.031947][ T6425] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  431.511970][ T6425] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  431.520873][ T6425] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  431.558160][ T6425] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  431.571974][ T6425] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  431.593329][ T6425] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  431.922527][ T6425] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  431.931636][ T6425] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  431.973835][ T6425] usb 2-1: Product: syz
[  431.978110][ T6425] usb 2-1: Manufacturer: syz
[  432.053003][ T6425] cdc_wdm 2-1:1.0: skipping garbage
[  432.058285][ T6425] cdc_wdm 2-1:1.0: skipping garbage
[  432.078328][ T6425] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  432.092751][ T6425] cdc_wdm 2-1:1.0: Unknown control protocol
[  432.247495][ T8697] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1187'.
[  432.259032][ T8697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1187'.
[  432.269382][ T8697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1187'.
[  432.279797][ T8697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1187'.
[  432.371491][ T8700] udc-core: couldn't find an available UDC or it's busy
[  432.384013][ T8700] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  432.402527][ T8700] udc-core: couldn't find an available UDC or it's busy
[  432.414132][ T8700] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  432.428184][ T8700] udc-core: couldn't find an available UDC or it's busy
[  432.437764][ T8700] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  432.592063][ T1324] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  432.655344][ T8700] udc-core: couldn't find an available UDC or it's busy
[  432.672017][ T8700] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  432.899095][ T8700] udc-core: couldn't find an available UDC or it's busy
[  432.937871][ T8700] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  433.232090][ T1324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.261825][    C1] cdc_wdm 2-1:1.0: Unexpected error -71
[  433.265663][ T1324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.272129][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  433.285179][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  433.319846][ T1324] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  433.375216][ T1324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.399270][ T1324] usb 1-1: config 0 descriptor??
[  433.433213][ T5299] usb 2-1: USB disconnect, device number 16
[  433.472029][ T8716] loop5: detected capacity change from 0 to 512
[  433.739434][ T8716] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  433.984329][ T8716] EXT4-fs (loop5): 1 truncate cleaned up
[  434.108432][ T8716] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  434.505950][ T8729] cgroup: Unknown subsys name 'context'
[  434.544021][ T1324] pyra 0003:1E7D:2CF6.000D: unknown main item tag 0x1
[  434.550895][ T1324] pyra 0003:1E7D:2CF6.000D: unknown main item tag 0x2
[  434.635369][ T1324] pyra 0003:1E7D:2CF6.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  435.481977][ T1324] pyra 0003:1E7D:2CF6.000D: couldn't init struct pyra_device
[  435.489953][ T1324] pyra 0003:1E7D:2CF6.000D: couldn't install mouse
[  435.523309][ T1324] pyra: probe of 0003:1E7D:2CF6.000D failed with error -71
[  435.568098][ T1324] usb 1-1: USB disconnect, device number 11
[  435.781071][ T8754] fido_id[8754]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  437.878634][ T8785] loop5: detected capacity change from 0 to 256
[  438.301874][ T1324] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  438.692130][ T1324] usb 1-1: config 253 has an invalid interface number: 5 but max is 0
[  438.700411][ T1324] usb 1-1: config 253 has no interface number 0
[  438.751887][ T1324] usb 1-1: config 253 interface 5 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  438.791850][ T1324] usb 1-1: config 253 interface 5 has no altsetting 0
[  438.992107][ T1324] usb 1-1: New USB device found, idVendor=1559, idProduct=1a85, bcdDevice=aa.18
[  439.001218][ T1324] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.046269][ T1324] usb 1-1: Product: syz
[  439.050603][ T1324] usb 1-1: Manufacturer: syz
[  439.071815][ T1324] usb 1-1: SerialNumber: syz
[  439.112321][ T8787] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  440.081381][ T1324] cdc_eem: probe of 1-1:253.5 failed with error -71
[  440.098729][ T1324] usb 1-1: USB disconnect, device number 12
[  443.888200][ T8830] overlayfs: failed to clone upperpath
[  445.162298][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  445.168682][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  445.259150][ T8850] loop9: detected capacity change from 0 to 7
[  445.281048][ T8063] Dev loop9: unable to read RDB block 7
[  445.291061][ T8063]  loop9: unable to read partition table
[  445.311719][ T8063] loop9: partition table beyond EOD, truncated
[  445.372864][ T8850] Dev loop9: unable to read RDB block 7
[  445.389599][ T8850]  loop9: unable to read partition table
[  445.419476][ T8850] loop9: partition table beyond EOD, truncated
[  445.494662][ T8850] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  445.494662][ T8850] 
) failed (rc=-5)
[  450.703226][ T8904] loop5: detected capacity change from 0 to 16
[  450.810769][ T8904] erofs: (device loop5): mounted with root inode @ nid 36.
[  450.898109][ T8904] attempt to access beyond end of device
[  450.898109][ T8904] loop5: rw=524288, want=32, limit=16
[  451.005205][ T8904] erofs: (device loop5): z_erofs_readahead: readahead error at page 7 @ nid 89
[  451.021873][ T8904] erofs: (device loop5): z_erofs_readahead: readahead error at page 5 @ nid 89
[  451.032208][ T8904] erofs: (device loop5): z_erofs_readahead: readahead error at page 4 @ nid 89
[  451.063253][ T8904] attempt to access beyond end of device
[  451.063253][ T8904] loop5: rw=524288, want=56, limit=16
[  451.095869][ T8904] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192]
[  451.183783][   T26] audit: type=1800 audit(1772227053.374:31): pid=8904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1250" name="file2" dev="loop5" ino=89 res=0 errno=0
[  451.354117][ T8911] ./file0: Can't open blockdev
[  451.448749][ T8914] fuse: Bad value for 'fd'
[  451.537036][ T8919] loop1: detected capacity change from 0 to 128
[  451.654923][ T8923] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1256'.
[  451.654925][ T8919] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  452.095685][ T8919] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  452.402104][ T8919] ext2 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  453.538311][ T8943] loop5: detected capacity change from 0 to 512
[  453.783765][ T8943] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.1263: Directory hole found for htree index block 0
[  453.949997][ T8943] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117
[  454.000504][ T8943] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,auto_da_alloc=0x0000000000000009,jqfmt=vfsold,nolazytime,grpjquota=.nouid32,resuid=0x0000000000000000,barrier=0x0000000000000005,grpid,,,errors=continue. Quota mode: writeback.
[  456.426121][ T8959] loop1: detected capacity change from 0 to 40427
[  456.483434][ T8959] F2FS-fs (loop1): build fault injection attr: rate: 14, type: 0x1ffff
[  456.521350][ T8959] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0xe4
[  456.584773][ T8959] F2FS-fs (loop1): invalid crc value
[  456.614061][ T8959] F2FS-fs (loop1): Found nat_bits in checkpoint
[  456.696955][ T8959] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x43c/0xaa0
[  456.736645][ T8959] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  458.106781][ T9009] overlayfs: failed to clone upperpath
[  459.251703][ T9029] tipc: Started in network mode
[  459.268383][ T9029] tipc: Node identity fe800000000000000000000000000021, cluster identity 4711
[  459.307188][ T9029] tipc: Enabled bearer <udp:syz2>, priority 10
[  459.808940][ T9022] loop1: detected capacity change from 0 to 40427
[  461.657291][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  461.666381][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  461.675382][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  461.684379][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  461.693372][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  461.702453][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  461.966519][ T5675] tipc: Node number set to 4269801505
[  463.566325][ T9074] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  466.921975][ T9097] kvm: pic: single mode not supported
[  466.922005][ T9097] kvm: pic: level sensitive irq not supported
[  466.939673][ T9097] kvm: pic: level sensitive irq not supported
[  467.253108][ T9107] loop5: detected capacity change from 0 to 512
[  467.629468][ T9107] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  468.131846][ T6425] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  468.552090][ T6425] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  468.573379][ T6425] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.603942][ T6425] usb 1-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  468.633787][ T6425] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.683217][ T6425] usb 1-1: config 0 descriptor??
[  469.204902][ T6425] ryos 0003:1E7D:3138.000E: unknown main item tag 0x0
[  469.300254][ T6425] ryos 0003:1E7D:3138.000E: unknown main item tag 0x0
[  469.449110][ T6425] ryos 0003:1E7D:3138.000E: unknown main item tag 0x0
[  469.566630][ T6425] ryos 0003:1E7D:3138.000E: unknown main item tag 0x0
[  469.812714][ T6425] ryos 0003:1E7D:3138.000E: unknown main item tag 0x0
[  469.827883][ T6425] ryos 0003:1E7D:3138.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:3138] on usb-dummy_hcd.0-1/input0
[  469.873937][ T6425] usb 1-1: USB disconnect, device number 13
[  470.009255][ T9127] fido_id[9127]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  470.127356][ T9135] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1332'.
[  470.378963][ T9146] loop1: detected capacity change from 0 to 16
[  470.461327][ T9146] erofs: (device loop1): mounted with root inode @ nid 36.
[  472.222903][ T9162] netlink: 'syz.5.1343': attribute type 72 has an invalid length.
[  473.119790][ T9166] loop1: detected capacity change from 0 to 40427
[  473.250448][ T9166] F2FS-fs (loop1): Found nat_bits in checkpoint
[  473.450125][ T9166] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  474.559973][ T4184] attempt to access beyond end of device
[  474.559973][ T4184] loop1: rw=2049, want=45104, limit=40427
[  474.651836][ T5675] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  474.902043][ T5675] usb 1-1: Using ep0 maxpacket: 32
[  475.032197][ T5675] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  475.061892][ T5675] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  475.087286][ T5675] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  475.911420][ T5675] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.929624][ T5093] smsusb:smsusb1_load_firmware: failed to open 'dvbt_bda_stellar_usb.inp' mode 4, trying again with default firmware
[  475.962602][ T5093] usb 6-1: Direct firmware load for dvbt_bda_stellar_usb.inp failed with error -2
[  475.980115][ T5675] usb 1-1: config 0 descriptor??
[  476.000930][ T5093] usb 6-1: Falling back to sysfs fallback for: dvbt_bda_stellar_usb.inp
[  476.030525][ T5675] hub 1-1:0.0: USB hub found
[  476.069123][ T9207] netlink: 'syz.1.1354': attribute type 72 has an invalid length.
[  476.242163][ T5675] hub 1-1:0.0: 1 port detected
[  476.265173][ T9210] usb usb7: usbfs: process 9210 (syz.1.1358) did not claim interface 0 before use
[  476.564009][ T9216] loop1: detected capacity change from 0 to 512
[  476.607839][ T9216] EXT4-fs (loop1): Ignoring removed oldalloc option
[  476.639985][ T9216] EXT4-fs (loop1): 1 truncate cleaned up
[  476.649516][ T9216] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,bsdgroups,lazytime,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback.
[  476.706741][ T9222] Illegal XDP return value 4294967274, expect packet loss!
[  476.729221][ T9216] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1360: invalid indirect mapped block 234881024 (level 0)
[  476.749143][ T9216] EXT4-fs (loop1): Remounting filesystem read-only
[  477.472639][ T9233] netlink: 'syz.1.1366': attribute type 29 has an invalid length.
[  477.509464][ T9233] netlink: 'syz.1.1366': attribute type 29 has an invalid length.
[  477.551215][ T9234] netlink: 'syz.1.1366': attribute type 29 has an invalid length.
[  477.835994][ T5675] hub 1-1:0.0: activate --> -90
[  477.836143][ T9238] netlink: 'syz.1.1368': attribute type 72 has an invalid length.
[  478.144964][ T5090] usb 1-1: USB disconnect, device number 14
[  478.633835][ T5675] usb 1-1-port1: config error
[  478.698000][ T9243] loop5: detected capacity change from 0 to 256
[  480.343757][ T9257] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  480.351293][ T9257] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  480.419156][ T9257] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  480.877802][ T9267] netlink: 'syz.0.1378': attribute type 29 has an invalid length.
[  480.906708][ T9267] netlink: 'syz.0.1378': attribute type 29 has an invalid length.
[  481.012214][ T9270] loop5: detected capacity change from 0 to 512
[  481.113405][ T9269] netlink: 'syz.0.1378': attribute type 29 has an invalid length.
[  481.833169][ T9270] FAT-fs (loop5): Unrecognized mount option "" or missing value
[  482.522091][ T9278] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1380'.
[  483.149346][ T9295] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1388'.
[  483.349868][ T5676] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  483.436565][ T9276] loop5: detected capacity change from 0 to 40427
[  483.528907][ T9276] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  483.581836][ T9276] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  483.641641][ T9276] F2FS-fs (loop5): Found nat_bits in checkpoint
[  483.721194][ T5676] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.841334][ T9307] loop1: detected capacity change from 0 to 8192
[  483.877840][ T5676] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  483.911252][ T5676] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  483.957547][ T9276] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  484.168605][ T9276] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  484.297106][ T5676] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.309616][ T5676] usb 1-1: config 0 descriptor??
[  484.379305][ T9316] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1393'.
[  485.202086][ T5676] kovaplus 0003:1E7D:2D50.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0
[  485.325099][ T9327] fuse: Bad value for 'fd'
[  485.392055][ T5676] kovaplus 0003:1E7D:2D50.000F: couldn't init struct kovaplus_device
[  485.409290][ T5676] kovaplus 0003:1E7D:2D50.000F: couldn't install mouse
[  485.468927][ T5676] kovaplus: probe of 0003:1E7D:2D50.000F failed with error -71
[  485.540595][ T5676] usb 1-1: USB disconnect, device number 15
[  485.650302][ T9332] fido_id[9332]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  486.125412][ T9334] netlink: 'syz.2.1399': attribute type 1 has an invalid length.
[  486.135371][ T9334] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1399'.
[  486.795144][ T9336] xt_TPROXY: Can be used only with -p tcp or -p udp
[  487.743660][ T9361] loop5: detected capacity change from 0 to 512
[  487.819812][ T9361] FAT-fs (loop5): Unrecognized mount option "" or missing value
[  488.518348][ T9365] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1407'.
[  489.596033][ T9381] loop1: detected capacity change from 0 to 512
[  489.787350][ T9381] EXT4-fs (loop1): 1 orphan inode deleted
[  489.801843][ T9381] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  489.823837][ T9381] ext4 filesystem being mounted at /266/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  490.702633][ T9406] loop1: detected capacity change from 0 to 512
[  490.942367][ T9406] FAT-fs (loop1): Unrecognized mount option "" or missing value
[  491.742100][ T9383] loop5: detected capacity change from 0 to 40427
[  491.768763][ T9383] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  491.782964][ T9383] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  491.801062][ T9383] F2FS-fs (loop5): invalid crc value
[  493.376917][ T9383] F2FS-fs (loop5): Found nat_bits in checkpoint
[  493.441640][ T9431] loop1: detected capacity change from 0 to 512
[  493.543427][ T9431] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  493.617127][ T9431] EXT4-fs (loop1): 1 truncate cleaned up
[  493.636563][ T9431] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  496.075217][ T9466] overlayfs: missing 'lowerdir'
[  500.446691][ T9469] loop5: detected capacity change from 0 to 512
[  501.080178][ T9486] xt_hashlimit: size too large, truncated to 1048576
[  501.276777][ T9499] netlink: 'syz.0.1446': attribute type 29 has an invalid length.
[  501.303442][ T9499] netlink: 'syz.0.1446': attribute type 29 has an invalid length.
[  501.470648][ T9499] netlink: 'syz.0.1446': attribute type 29 has an invalid length.
[  503.512547][ T9539] netlink: 'syz.4.1459': attribute type 29 has an invalid length.
[  503.777294][ T9539] netlink: 'syz.4.1459': attribute type 29 has an invalid length.
[  503.845455][ T9544] ip6t_rpfilter: unknown options
[  504.533024][ T9543] netlink: 'syz.4.1459': attribute type 29 has an invalid length.
[  505.919714][ T9560] loop1: detected capacity change from 0 to 256
[  506.467212][ T9582] netlink: 'syz.4.1473': attribute type 29 has an invalid length.
[  506.487770][ T9582] netlink: 'syz.4.1473': attribute type 29 has an invalid length.
[  506.513552][ T9584] netlink: 'syz.4.1473': attribute type 29 has an invalid length.
[  506.554167][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  506.561012][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  507.553071][ T9597] netlink: 'syz.4.1474': attribute type 4 has an invalid length.
[  507.560888][ T9597] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1474'.
[  508.455818][ T9612] loop1: detected capacity change from 0 to 512
[  508.553634][ T9612] EXT4-fs (loop1): Journaled quota options ignored when QUOTA feature is enabled
[  508.648857][ T9612] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=./file1,,errors=continue. Quota mode: writeback.
[  508.692607][ T9612] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  509.062708][ T9622] netlink: 'syz.1.1484': attribute type 29 has an invalid length.
[  509.089722][ T9622] netlink: 'syz.1.1484': attribute type 29 has an invalid length.
[  509.109890][ T9623] netlink: 'syz.1.1484': attribute type 29 has an invalid length.
[  511.951567][ T9655] netlink: 'syz.5.1497': attribute type 29 has an invalid length.
[  511.994788][ T9655] netlink: 'syz.5.1497': attribute type 29 has an invalid length.
[  512.032628][ T9662] netlink: 'syz.5.1497': attribute type 29 has an invalid length.
[  513.391628][ T9683] netlink: 'syz.5.1504': attribute type 12 has an invalid length.
[  513.432618][ T9683] netlink: 'syz.5.1504': attribute type 29 has an invalid length.
[  513.522628][ T9683] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1504'.
[  513.628909][ T9683] netlink: 'syz.5.1504': attribute type 3 has an invalid length.
[  513.738092][ T9689] loop1: detected capacity change from 0 to 128
[  518.181604][ T9729] loop5: detected capacity change from 0 to 40427
[  518.212950][ T9729] F2FS-fs (loop5): Corrupted extension count (64 + 1 > 64)
[  518.239632][ T9729] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  518.269063][ T9729] F2FS-fs (loop5): invalid crc value
[  518.298364][ T9729] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  518.437599][ T9729] F2FS-fs (loop5): Start checkpoint disabled!
[  518.465577][ T9729] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  518.478543][ T9729] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  519.195784][ T5676] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  519.451987][ T5676] usb 2-1: Using ep0 maxpacket: 32
[  519.592260][ T5676] usb 2-1: config 0 has an invalid interface number: 4 but max is 0
[  519.621855][ T5676] usb 2-1: config 0 has no interface number 0
[  519.673289][ T5676] usb 2-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  519.756295][ T5676] usb 2-1: config 0 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  520.128271][ T5676] usb 2-1: New USB device found, idVendor=046d, idProduct=c537, bcdDevice= 0.00
[  520.139129][ T5676] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.150229][ T5676] usb 2-1: config 0 descriptor??
[  520.331961][ T9798] loop5: detected capacity change from 0 to 128
[  520.392327][ T9798] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  520.508286][ T9798] kvm: vcpu 0: requested 6144 ns lapic timer period limited to 200000 ns
[  520.538246][ T9798] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=831181516 (13298904256 ns) > initial count (200000 ns). Using initial count to start timer.
[  520.718828][ T5676] logitech-djreceiver 0003:046D:C537.0010: hidraw0: USB HID v10.00 Device [HID 046d:c537] on usb-dummy_hcd.1-1/input4
[  520.862459][ T9819] loop5: detected capacity change from 0 to 1024
[  520.928223][ T6431] usb 2-1: USB disconnect, device number 17
[  520.939525][ T9819] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  521.027322][ T9819] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  526.280142][ T9869] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  528.236380][ T9894] loop1: detected capacity change from 0 to 512
[  528.351081][ T9894] FAT-fs (loop1): Unrecognized mount option "" or missing value
[  528.632910][ T9895] loop5: detected capacity change from 0 to 256
[  529.098563][ T9895] FAT-fs (loop5): Directory bread(block 64) failed
[  529.128705][ T9895] FAT-fs (loop5): Directory bread(block 65) failed
[  531.111223][ T9895] FAT-fs (loop5): Directory bread(block 66) failed
[  531.122872][ T9895] FAT-fs (loop5): Directory bread(block 67) failed
[  531.129682][ T9895] FAT-fs (loop5): Directory bread(block 68) failed
[  531.189960][ T9895] FAT-fs (loop5): Directory bread(block 69) failed
[  531.219476][ T9895] FAT-fs (loop5): Directory bread(block 70) failed
[  531.261613][ T9910] loop1: detected capacity change from 0 to 512
[  531.276668][ T9895] FAT-fs (loop5): Directory bread(block 71) failed
[  531.284530][ T9910] FAT-fs (loop1): Unrecognized mount option "%" or missing value
[  531.332045][ T9895] FAT-fs (loop5): Directory bread(block 72) failed
[  531.385593][ T9895] FAT-fs (loop5): Directory bread(block 73) failed
[  531.596893][ T9924] loop1: detected capacity change from 0 to 512
[  531.704837][ T9924] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1580: iget: bad i_size value: 38620345925642
[  532.901553][ T9924] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1580: couldn't read orphan inode 15 (err -117)
[  533.117866][ T9924] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,init_itable,data_err=ignore,nojournal_checksum,data_err=ignore,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  533.622798][ T9938] loop5: detected capacity change from 0 to 512
[  533.903454][ T9938] FAT-fs (loop5): Unrecognized mount option "" or missing value
[  535.476363][ T9954] loop5: detected capacity change from 0 to 512
[  537.054454][ T9985] loop5: detected capacity change from 0 to 512
[  537.169941][ T9985] FAT-fs (loop5): Unrecognized mount option "" or missing value
[  537.333399][ T5093] smsusb:smsusb1_load_firmware: failed to open 'dvbt_bda_stellar_usb.inp' mode 4
[  537.399832][ T5093] smsusb:smsusb_probe: Failed to put stellar in warm state. Error: -110
[  537.421566][ T9988] netlink: 'syz.0.1598': attribute type 29 has an invalid length.
[  537.429810][ T5093] smsusb: probe of 6-1:0.1 failed with error -110
[  537.453067][ T5093] usb 6-1: USB disconnect, device number 17
[  537.485521][ T9988] netlink: 'syz.0.1598': attribute type 29 has an invalid length.
[  537.603534][ T9989] netlink: 'syz.0.1598': attribute type 29 has an invalid length.
[  538.294816][ T9977] loop1: detected capacity change from 0 to 40427
[  538.391756][ T9977] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  538.425489][ T9977] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  538.460621][ T9977] F2FS-fs (loop1): invalid crc value
[  538.539507][ T9977] F2FS-fs (loop1): Found nat_bits in checkpoint
[  538.687626][ T9977] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  538.701848][ T9977] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  540.298729][T10011] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  541.061268][T10019] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  543.129258][T10055] netlink: 'syz.0.1620': attribute type 29 has an invalid length.
[  543.182046][T10055] netlink: 'syz.0.1620': attribute type 29 has an invalid length.
[  543.190332][T10056] netlink: 'syz.0.1620': attribute type 29 has an invalid length.
[  543.271499][T10058] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  543.894915][T10072] loop1: detected capacity change from 0 to 512
[  543.940681][T10073] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  543.972950][T10072] FAT-fs (loop1): Unrecognized mount option "" or missing value
[  546.209697][T10096] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  546.309719][T10098] netlink: 'syz.0.1634': attribute type 29 has an invalid length.
[  546.465778][T10098] netlink: 'syz.0.1634': attribute type 29 has an invalid length.
[  546.511241][T10100] netlink: 'syz.0.1634': attribute type 29 has an invalid length.
[  547.291374][T10104] loop5: detected capacity change from 0 to 32768
[  547.353173][T10104] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  547.374360][T10104] BTRFS info (device loop5): allowing degraded mounts
[  547.381379][T10104] BTRFS info (device loop5): enabling auto defrag
[  547.393318][T10104] BTRFS info (device loop5): using free space tree
[  547.400087][T10104] BTRFS info (device loop5): has skinny extents
[  547.810877][T10104] BTRFS info (device loop5): enabling ssd optimizations
[  548.181787][ T5299] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  548.393349][ T8052] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 11 /dev/loop5 scanned by udevd (8052)
[  548.435690][ T5299] usb 2-1: Using ep0 maxpacket: 32
[  548.561884][ T5299] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  548.570454][ T5299] usb 2-1: config 0 has no interface number 0
[  548.577149][ T5299] usb 2-1: config 0 interface 184 has no altsetting 0
[  549.232681][ T5299] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  549.241915][ T5299] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.250049][ T5299] usb 2-1: Product: syz
[  549.254743][ T5299] usb 2-1: Manufacturer: syz
[  549.259468][ T5299] usb 2-1: SerialNumber: syz
[  549.276595][ T5299] usb 2-1: config 0 descriptor??
[  549.322832][ T5299] smsc75xx v1.0.0
[  549.473667][T10167] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  551.396456][ T5299] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  551.421866][ T5299] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  551.440537][ T5299] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  551.460762][ T5299] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  551.476068][ T5299] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  551.499083][ T5299] smsc75xx: probe of 2-1:0.184 failed with error -71
[  551.684423][ T5299] usb 2-1: USB disconnect, device number 18
[  553.623689][T10196] loop5: detected capacity change from 0 to 32768
[  553.725902][T10196] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  553.761421][T10196] BTRFS info (device loop5): allowing degraded mounts
[  553.786185][T10196] BTRFS info (device loop5): enabling auto defrag
[  553.809041][T10196] BTRFS info (device loop5): using free space tree
[  553.839286][T10196] BTRFS info (device loop5): has skinny extents
[  554.148061][T10233] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  554.321835][T10196] BTRFS info (device loop5): enabling ssd optimizations
[  558.201887][T10303] loop5: detected capacity change from 0 to 256
[  558.292143][T10303] FAT-fs (loop5): Directory bread(block 64) failed
[  558.298845][T10303] FAT-fs (loop5): Directory bread(block 65) failed
[  558.351859][T10303] FAT-fs (loop5): Directory bread(block 66) failed
[  558.358547][T10303] FAT-fs (loop5): Directory bread(block 67) failed
[  558.401882][T10303] FAT-fs (loop5): Directory bread(block 68) failed
[  558.408495][T10303] FAT-fs (loop5): Directory bread(block 69) failed
[  558.441923][T10303] FAT-fs (loop5): Directory bread(block 70) failed
[  558.448511][T10303] FAT-fs (loop5): Directory bread(block 71) failed
[  558.479988][T10303] FAT-fs (loop5): Directory bread(block 72) failed
[  558.511789][T10303] FAT-fs (loop5): Directory bread(block 73) failed
[  558.919955][T10313] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  561.497539][T10344] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  562.395410][T10369] xt_TPROXY: Can be used only with -p tcp or -p udp
[  563.591250][T10393] overlayfs: failed to clone upperpath
[  563.736942][T10389] loop1: detected capacity change from 0 to 40427
[  563.791890][ T5090] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  563.875832][T10389] F2FS-fs (loop1): Found nat_bits in checkpoint
[  563.921855][T10405] xt_hashlimit: size too large, truncated to 1048576
[  563.949152][T10389] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  563.966136][T10389] F2FS-fs (loop1): access invalid blkaddr:2048
[  563.975803][T10389] CPU: 0 PID: 10389 Comm: syz.1.1708 Not tainted syzkaller #0
[  563.983327][T10389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  563.993441][T10389] Call Trace:
[  563.996755][T10389]  <TASK>
[  563.999718][T10389]  dump_stack_lvl+0x188/0x250
[  564.004443][T10389]  ? show_regs_print_info+0x20/0x20
[  564.009694][T10389]  ? f2fs_get_next_page_offset+0x6a0/0x6a0
[  564.015634][T10389]  ? unlock_page+0x17c/0x1f0
[  564.020270][T10389]  f2fs_is_valid_blkaddr+0xc7e/0x1250
[  564.025700][T10389]  f2fs_map_blocks+0xbcd/0x3300
[  564.030628][T10389]  ? f2fs_force_buffered_io+0x680/0x680
[  564.036233][T10389]  ? clear_nonspinnable+0x60/0x60
[  564.041303][T10389]  ? kfree+0xef/0x2a0
[  564.045362][T10389]  ? stack_trace_snprint+0xf0/0xf0
[  564.050528][T10389]  ? slab_free_freelist_hook+0xea/0x170
[  564.056119][T10389]  ? fiemap_prep+0x1a8/0x240
[  564.060760][T10389]  f2fs_fiemap+0x968/0x19e0
[  564.066109][T10389]  ? f2fs_overwrite_io+0x200/0x200
[  564.071275][T10389]  ? __lock_acquire+0x7d10/0x7d10
[  564.076385][T10389]  ? __might_fault+0xb3/0x110
[  564.081131][T10389]  ? _copy_from_user+0x111/0x170
[  564.086115][T10389]  do_vfs_ioctl+0x152d/0x1ef0
[  564.090869][T10389]  ? __ia32_compat_sys_ioctl+0x910/0x910
[  564.096538][T10389]  ? rcu_lock_release+0x5/0x20
[  564.101352][T10389]  ? __lock_acquire+0x7d10/0x7d10
[  564.106426][T10389]  ? kfree+0xef/0x2a0
[  564.110509][T10389]  ? tomoyo_path_number_perm+0x5b4/0x660
[  564.116327][T10389]  ? verify_lock_unused+0x140/0x140
[  564.121589][T10389]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  564.127163][T10389]  ? bpf_lsm_file_ioctl+0x5/0x10
[  564.132139][T10389]  ? security_file_ioctl+0x7c/0xa0
[  564.137337][T10389]  __se_sys_ioctl+0x83/0x170
[  564.141985][T10389]  do_syscall_64+0x4c/0xa0
[  564.146438][T10389]  ? clear_bhb_loop+0x30/0x80
[  564.151154][T10389]  ? clear_bhb_loop+0x30/0x80
[  564.155887][T10389]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  564.161827][T10389] RIP: 0033:0x7f2e8a9ec799
[  564.166280][T10389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  564.185931][T10389] RSP: 002b:00007f2e88c25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  564.194399][T10389] RAX: ffffffffffffffda RBX: 00007f2e8ac66090 RCX: 00007f2e8a9ec799
[  564.202414][T10389] RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000005
[  564.210430][T10389] RBP: 00007f2e8aa82bd9 R08: 0000000000000000 R09: 0000000000000000
[  564.218446][T10389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  564.226466][T10389] R13: 00007f2e8ac66128 R14: 00007f2e8ac66090 R15: 00007ffcdfe430b8
[  564.234523][T10389]  </TASK>
[  564.313703][ T5090] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  564.356007][ T5090] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  564.461986][ T5090] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  564.497368][ T5090] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  564.566863][ T5090] usb 1-1: SerialNumber: syz
[  564.908419][ T5090] usb 1-1: 0:2 : does not exist
[  564.965819][ T5090] usb 1-1: USB disconnect, device number 16
[  565.457507][ T8052] udevd[8052]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  566.649361][T10439] loop5: detected capacity change from 0 to 1024
[  566.747079][T10439] EXT4-fs (loop5): Ignoring removed orlov option
[  566.864859][T10439] EXT4-fs (loop5): mounted filesystem without journal. Opts: stripe=0x0000000000000009,inode_readahead_blks=0x0000000000200000,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none.
[  568.218365][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  568.225529][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  569.227293][ T5090] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  569.507257][ T5090] usb 6-1: Using ep0 maxpacket: 16
[  569.657418][ T5090] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  569.669258][ T5090] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  569.698318][ T5090] usb 6-1: config 0 has no interface number 0
[  569.887553][ T5090] usb 6-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  569.907004][ T5090] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.937472][ T5090] usb 6-1: Product: syz
[  569.949310][ T5090] usb 6-1: Manufacturer: syz
[  569.954304][ T5090] usb 6-1: SerialNumber: syz
[  569.987794][ T5090] usb 6-1: config 0 descriptor??
[  570.315664][   T26] audit: type=1326 audit(1772227173.491:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  570.371852][   T26] audit: type=1326 audit(1772227173.491:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  570.452189][T10483] ip6t_rpfilter: unknown options
[  570.730033][   T26] audit: type=1326 audit(1772227173.491:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.129878][   T26] audit: type=1326 audit(1772227173.491:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.224117][   T26] audit: type=1326 audit(1772227173.491:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.271741][   T26] audit: type=1326 audit(1772227173.501:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.294587][   T26] audit: type=1326 audit(1772227173.501:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.316974][   T26] audit: type=1326 audit(1772227173.501:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.339289][   T26] audit: type=1326 audit(1772227173.501:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.361740][   T26] audit: type=1326 audit(1772227173.501:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10470 comm="syz.5.1736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ff00000
[  571.414547][T10155] usb 6-1: USB disconnect, device number 18
[  571.424004][T10488] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1742'.
[  571.914039][T10499] xt_hashlimit: size too large, truncated to 1048576
[  572.523740][T10513] loop5: detected capacity change from 0 to 512
[  572.556681][T10513] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  572.617131][T10513] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  572.644237][T10513] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[  572.649848][T10515] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  572.665465][T10513] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (80)
[  572.697096][T10513] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[  572.734068][T10513] EXT4-fs (loop5): mounted filesystem without journal. Opts: nombcache,abort,nomblk_io_submit,noblock_validity,nolazytime,noblock_validity,resgid=0x0000000000000000,barrier=0x000000000000d95a,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  572.805123][T10513] EXT4-fs warning (device loop5): dx_probe:893: inode #2: comm syz.5.1751: dx entry: limit 65535 != root limit 120
[  572.897853][T10513] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.1751: Corrupt directory, running e2fsck is recommended
[  573.076081][T10520] ip6t_rpfilter: unknown options
[  576.197611][T10525] device syzkaller0 entered promiscuous mode
[  577.050330][   T26] kauditd_printk_skb: 817 callbacks suppressed
[  577.050347][   T26] audit: type=1326 audit(1772227180.241:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ffc0000
[  577.098771][T10536] loop5: detected capacity change from 0 to 512
[  577.150912][T10536] EXT4-fs (loop5): Ignoring removed bh option
[  577.176070][   T26] audit: type=1326 audit(1772227180.291:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ffc0000
[  577.476325][T10536] EXT4-fs (loop5): orphan cleanup on readonly fs
[  577.539401][T10536] EXT4-fs error (device loop5): ext4_map_blocks:629: inode #11: block 1: comm syz.5.1758: lblock 0 mapped to illegal pblock 1 (length 1)
[  577.602229][T10536] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  577.617127][T10536] EXT4-fs error (device loop5): ext4_xattr_inode_update_ref:984: inode #11: comm syz.5.1758: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  577.650969][   T26] audit: type=1326 audit(1772227180.291:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5b730799 code=0x7ffc0000
[  577.673867][T10536] EXT4-fs warning (device loop5): ext4_xattr_inode_dec_ref_all:1178: inode #11: comm syz.5.1758: ea_inode dec ref err=-117
[  577.686981][   T26] audit: type=1326 audit(1772227180.291:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2b5b730799 code=0x7ffc0000
[  577.752238][T10536] EXT4-fs (loop5): 1 orphan inode deleted
[  577.764963][T10536] EXT4-fs (loop5): mounted filesystem without journal. Opts: bh,user_xattr,debug_want_extra_isize=0x000000000000005c,mb_optimize_scan=0x0000000000000001,barrier=0x0000000000008000,acl,init_itable=0x0000000000000007,,errors=continue. Quota mode: none.
[  577.824596][   T26] audit: type=1326 audit(1772227180.291:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2b5b730502 code=0x7ffc0000
[  578.643397][   T26] audit: type=1326 audit(1772227180.291:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2b5b6f0fce code=0x7ffc0000
[  578.670046][   T26] audit: type=1326 audit(1772227180.291:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f2b5b7305c7 code=0x7ffc0000
[  578.693492][   T26] audit: type=1326 audit(1772227180.291:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b5b6f0fce code=0x7ffc0000
[  578.967417][   T26] audit: type=1326 audit(1772227180.291:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b5b73042b code=0x7ffc0000
[  579.018536][   T26] audit: type=1326 audit(1772227180.321:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10534 comm="syz.5.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2b5b6f0fce code=0x7ffc0000
[  579.741115][T10565] ip6t_rpfilter: unknown options
[  580.158407][T10572] loop1: detected capacity change from 0 to 256
[  580.285986][T10572] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  583.630349][T10592] loop1: detected capacity change from 0 to 1024
[  584.308141][T10592] EXT4-fs (loop1): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,resuid=0x0000000000000000,mb_optimize_scan=0x0000000000000000,nobarrier,debug_want_extra_isize=0x0000000000000080,barrier,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: none.
[  586.505398][T10614] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  586.596312][T10628] loop1: detected capacity change from 0 to 512
[  586.624791][T10628] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  587.232783][T10628] EXT4-fs (loop1): 1 truncate cleaned up
[  587.238507][T10628] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  587.266831][T10646] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1793'.
[  595.486298][T10732] loop1: detected capacity change from 0 to 512
[  595.536107][T10732] EXT4-fs (loop1): Ignoring removed oldalloc option
[  595.568091][T10732] EXT4-fs (loop1): Unrecognized mount option "seclabel" or missing value
[  595.937104][T10738] loop1: detected capacity change from 0 to 512
[  596.001618][T10738] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  596.045104][T10739] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  596.079278][T10738] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  597.510037][T10750] loop1: detected capacity change from 0 to 256
[  598.092773][T10760] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1827'.
[  599.819650][T10782] overlayfs: failed to clone upperpath
[  600.115637][T10788] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  600.137173][T10788] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  600.339946][T10805] loop1: detected capacity change from 0 to 16
[  600.412397][T10805] erofs: (device loop1): mounted with root inode @ nid 36.
[  600.691136][T10784] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  601.096824][T10822] loop1: detected capacity change from 0 to 512
[  602.054923][T10822] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  603.893308][T10850] overlayfs: failed to resolve './file0': -2
[  603.984835][T10856] ip6t_rpfilter: unknown options
[  606.127089][T10881] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  606.697456][T10150] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  606.954963][T10891] ip6t_rpfilter: unknown options
[  607.782465][T10150] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  607.801982][T10150] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  608.249969][T10903] overlayfs: failed to clone lowerpath
[  609.571866][T10150] usb 2-1: string descriptor 0 read error: -71
[  609.578554][T10150] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  609.601711][T10150] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  609.661799][T10150] usb 2-1: can't set config #1, error -71
[  609.686317][T10150] usb 2-1: USB disconnect, device number 19
[  611.886094][T10933] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  612.131855][T10935] ip6t_rpfilter: unknown options
[  614.442257][T10976] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  614.718363][T10983] ip6t_rpfilter: unknown options
[  617.955724][T11027] loop1: detected capacity change from 0 to 512
[  617.981578][T11027] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  618.035016][T11027] EXT4-fs (loop1): 1 truncate cleaned up
[  618.046523][T11027] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,nodiscard,,errors=continue. Quota mode: none.
[  618.360641][T11034] ip6t_rpfilter: unknown options
[  624.314150][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  624.423329][T11099] loop1: detected capacity change from 0 to 16
[  624.522503][T11099] erofs: (device loop1): mounted with root inode @ nid 36.
[  624.594001][T11098] erofs: (device loop1): erofs_fill_dentries: bogus dirent @ nid 46
[  625.459371][T11120] ip6t_rpfilter: unknown options
[  629.071012][T11162] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1950'.
[  629.651822][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  629.660571][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  630.189093][T11180] ip6t_rpfilter: unknown options
[  635.154446][T11222] ip6t_rpfilter: unknown options
[  635.761260][   T26] kauditd_printk_skb: 42 callbacks suppressed
[  635.761275][   T26] audit: type=1326 audit(1772227238.951:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  635.858596][   T26] audit: type=1326 audit(1772227238.981:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  635.962702][   T26] audit: type=1326 audit(1772227238.991:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.017515][   T26] audit: type=1326 audit(1772227238.991:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.046408][   T26] audit: type=1326 audit(1772227238.991:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.127886][   T26] audit: type=1326 audit(1772227238.991:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.257538][   T26] audit: type=1326 audit(1772227238.991:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.301678][   T26] audit: type=1326 audit(1772227238.991:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.333605][T11257] overlayfs: missing 'lowerdir'
[  636.361173][   T26] audit: type=1326 audit(1772227238.991:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  636.426961][T11256] loop1: detected capacity change from 0 to 512
[  637.051752][   T26] audit: type=1326 audit(1772227239.001:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.0.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3f4bd799 code=0x7ffc0000
[  637.205392][T11256] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  637.271786][T10151] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  637.561779][T10151] usb 1-1: Using ep0 maxpacket: 16
[  637.717754][T10151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  637.747294][T10151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.777155][T10151] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  637.810616][T10151] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00
[  637.845186][T10151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.870866][T10151] usb 1-1: config 0 descriptor??
[  638.834856][T10151] cmedia_hs100b 0003:0D8C:0014.0011: item fetching failed at offset 0/2
[  638.852019][T10151] cmedia_hs100b: probe of 0003:0D8C:0014.0011 failed with error -22
[  639.257746][T10264] usb 1-1: USB disconnect, device number 17
[  641.580266][T11323] ip6t_rpfilter: unknown options
[  642.601832][T10154] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  643.047500][T10154] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  643.071512][T10154] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  643.182081][T10154] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  643.201546][T10154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  643.234104][T10154] usb 1-1: SerialNumber: syz
[  643.376508][T11338] loop1: detected capacity change from 0 to 40427
[  643.610235][T10154] usb 1-1: 0:2 : does not exist
[  643.651860][T10154] usb 1-1: USB disconnect, device number 18
[  645.088611][T11338] F2FS-fs (loop1): invalid crc value
[  646.027652][T11338] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4)
[  646.058078][T11025] udevd[11025]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  650.343957][T11381] ip6t_rpfilter: unknown options
[  654.614178][T11434] loop1: detected capacity change from 0 to 16
[  654.755690][T11434] erofs: (device loop1): mounted with root inode @ nid 36.
[  662.788583][T11513] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2139632632 (8558530528 ns) > initial count (4400489236 ns). Using initial count to start timer.
[  664.622566][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  664.671899][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  664.734310][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  664.811935][T11540] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  664.918765][T11540] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  668.898824][T11608] loop1: detected capacity change from 0 to 512
[  669.039614][T11608] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  669.454575][T11615] ------------[ cut here ]------------
[  669.463187][T11615] WARNING: CPU: 1 PID: 11615 at arch/x86/kvm/x86.c:10372 kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  669.494371][T11615] Modules linked in:
[  669.504148][T11615] CPU: 0 PID: 11615 Comm: syz.1.2092 Not tainted syzkaller #0
[  669.573505][T11615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  669.609617][T11615] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  669.634191][T11615] Code: e8 61 f3 ae 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 46 f3 ae 00 e9 c8 ed ff ff e8 8c e7 69 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c
[  669.727271][T11615] RSP: 0018:ffffc90002e8fc30 EFLAGS: 00010287
[  669.764950][T11615] RAX: ffffffff810f3ab4 RBX: ffff888076e94000 RCX: 0000000000080000
[  669.791075][T11615] RDX: ffffc90005a02000 RSI: 0000000000000416 RDI: 0000000000000417
[  669.815848][T11615] RBP: 0000000000000000 R08: ffffffff8d89dc2f R09: 1ffffffff1b13b85
[  669.831422][T11615] R10: dffffc0000000000 R11: fffffbfff1b13b86 R12: ffff8880224b2001
[  669.840034][T11615] R13: 1ffff1100edd281e R14: ffff888076e940f0 R15: ffff8880224b2000
[  669.854382][T11615] FS:  00007f2e88c466c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  669.866233][T11615] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  669.876701][T11615] CR2: 000000110c3e7522 CR3: 0000000053e71000 CR4: 00000000003526f0
[  669.887440][T11615] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  669.912548][T11615] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  669.929981][T11615] Call Trace:
[  669.933551][T11615]  <TASK>
[  669.936531][T11615]  ? __lock_acquire+0x7d10/0x7d10
[  669.951140][T11615]  kvm_vcpu_ioctl+0x8f7/0xc10
[  669.956304][T11615]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  669.962279][T11615]  ? bpf_lsm_file_ioctl+0x5/0x10
[  669.967529][T11615]  ? security_file_ioctl+0x7c/0xa0
[  669.972928][T11615]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  669.978822][T11615]  __se_sys_ioctl+0xfa/0x170
[  669.983661][T11615]  do_syscall_64+0x4c/0xa0
[  669.988269][T11615]  ? clear_bhb_loop+0x30/0x80
[  669.995000][T11615]  ? clear_bhb_loop+0x30/0x80
[  669.999747][T11615]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  670.006735][T11615] RIP: 0033:0x7f2e8a9ec799
[  670.011238][T11615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.039163][T11615] RSP: 002b:00007f2e88c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  670.047986][T11615] RAX: ffffffffffffffda RBX: 00007f2e8ac65fa0 RCX: 00007f2e8a9ec799
[  670.062038][T11615] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  670.070105][T11615] RBP: 00007f2e8aa82bd9 R08: 0000000000000000 R09: 0000000000000000
[  670.086096][T11615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.096079][T11615] R13: 00007f2e8ac66038 R14: 00007f2e8ac65fa0 R15: 00007ffcdfe430b8
[  670.108776][T11615]  </TASK>
[  670.113121][T11615] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  670.120440][T11615] CPU: 1 PID: 11615 Comm: syz.1.2092 Not tainted syzkaller #0
[  670.127933][T11615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  670.138044][T11615] Call Trace:
[  670.141355][T11615]  <TASK>
[  670.144329][T11615]  dump_stack_lvl+0x188/0x250
[  670.149064][T11615]  ? show_regs_print_info+0x20/0x20
[  670.154319][T11615]  ? load_image+0x400/0x400
[  670.158883][T11615]  panic+0x2e5/0x810
[  670.162822][T11615]  ? bpf_jit_dump+0xd0/0xd0
[  670.167414][T11615]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  670.173300][T11615]  __warn+0x248/0x2b0
[  670.177328][T11615]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  670.183183][T11615]  report_bug+0x1b7/0x2e0
[  670.187555][T11615]  handle_bug+0x3a/0x70
[  670.191785][T11615]  exc_invalid_op+0x16/0x40
[  670.196329][T11615]  asm_exc_invalid_op+0x16/0x20
[  670.201255][T11615] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  670.207713][T11615] Code: e8 61 f3 ae 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 46 f3 ae 00 e9 c8 ed ff ff e8 8c e7 69 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c
[  670.227364][T11615] RSP: 0018:ffffc90002e8fc30 EFLAGS: 00010287
[  670.233475][T11615] RAX: ffffffff810f3ab4 RBX: ffff888076e94000 RCX: 0000000000080000
[  670.241493][T11615] RDX: ffffc90005a02000 RSI: 0000000000000416 RDI: 0000000000000417
[  670.249503][T11615] RBP: 0000000000000000 R08: ffffffff8d89dc2f R09: 1ffffffff1b13b85
[  670.257517][T11615] R10: dffffc0000000000 R11: fffffbfff1b13b86 R12: ffff8880224b2001
[  670.265525][T11615] R13: 1ffff1100edd281e R14: ffff888076e940f0 R15: ffff8880224b2000
[  670.274038][T11615]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  670.279917][T11615]  ? __lock_acquire+0x7d10/0x7d10
[  670.285014][T11615]  kvm_vcpu_ioctl+0x8f7/0xc10
[  670.289755][T11615]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  670.295470][T11615]  ? bpf_lsm_file_ioctl+0x5/0x10
[  670.300458][T11615]  ? security_file_ioctl+0x7c/0xa0
[  670.305785][T11615]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  670.311466][T11615]  __se_sys_ioctl+0xfa/0x170
[  670.316113][T11615]  do_syscall_64+0x4c/0xa0
[  670.320573][T11615]  ? clear_bhb_loop+0x30/0x80
[  670.325292][T11615]  ? clear_bhb_loop+0x30/0x80
[  670.330014][T11615]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  670.335949][T11615] RIP: 0033:0x7f2e8a9ec799
[  670.340405][T11615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.360050][T11615] RSP: 002b:00007f2e88c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  670.368513][T11615] RAX: ffffffffffffffda RBX: 00007f2e8ac65fa0 RCX: 00007f2e8a9ec799
[  670.376534][T11615] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  670.384550][T11615] RBP: 00007f2e8aa82bd9 R08: 0000000000000000 R09: 0000000000000000
[  670.392645][T11615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.400658][T11615] R13: 00007f2e8ac66038 R14: 00007f2e8ac65fa0 R15: 00007ffcdfe430b8
[  670.408693][T11615]  </TASK>
[  670.412069][T11615] Kernel Offset: disabled
[  670.416735][T11615] Rebooting in 86400 seconds..