last executing test programs:

3m31.219874587s ago: executing program 1 (id=219):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
sysfs$3(0x3)
unshare(0xc020680)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000300)={[{0x80000001, 0x8, 0x8, 0xf8, 0x3, 0x2, 0x4, 0x2, 0x9, 0x2, 0x80, 0x50, 0x8}, {0xf61, 0x0, 0x10, 0x8, 0xc9, 0x7f, 0x1, 0x3, 0x3, 0x8, 0xae, 0x8, 0x4}, {0xfffffff7, 0x0, 0xd, 0x0, 0xf, 0x4f, 0x80, 0x8, 0xc6, 0xa4, 0x5, 0x4, 0xfffffffffffffff9}]})

3m30.740353956s ago: executing program 1 (id=224):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xff}}, {@resuid}, {@jqfmt_vfsold}, {@barrier}, {@jqfmt_vfsold}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
fadvise64(0xffffffffffffffff, 0x7f, 0x1000000, 0x4)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000100)='r', 0x1, 0x8080c63)
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r1, r1, 0x0, 0x800000009)

3m30.291082408s ago: executing program 1 (id=230):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x53e7e5a6a3739329}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x7ff, 0x80, 0x3, 0xb5}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80015}, 0x4000)
sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x34004000)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0)

3m29.856657766s ago: executing program 1 (id=232):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

3m29.612316925s ago: executing program 1 (id=234):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00'}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000085}, 0x4004044)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m29.16037928s ago: executing program 1 (id=239):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats={0x2d}})

3m28.758242554s ago: executing program 32 (id=239):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats={0x2d}})

2m34.705995406s ago: executing program 4 (id=573):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x808b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})

2m32.788096075s ago: executing program 4 (id=587):
r0 = socket$alg(0x26, 0x5, 0x0)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000180), 0x0, 0x0)

2m32.576302035s ago: executing program 4 (id=590):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$netlink(0x10, 0x3, 0xf)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)

2m30.992490631s ago: executing program 4 (id=607):
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

2m30.72894838s ago: executing program 4 (id=611):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
close(0x3)

2m30.48670795s ago: executing program 4 (id=613):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00', @ANYRES32], 0x47, 0xc15, &(0x7f0000001940)="$eJzs3V1sZOdZB/DnnWPHY6e0TtNuWmjKSEXtymWj/equq0WVt3ENlbabql5X5Koef+x2FO94ZXvppkBlQAWJm4rcIG6QRYlA6gVXhEtcGqRWCAlVvSgXSJZoo1xw4YtKCFBqdM68Y493vVk3G39s8vtFzv/MmeeM34/xmWNpX58AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+ko24FAHCYrk5+6fQ5n/8A8K5yze//AAAAAAAAAAAAAABw3KUo4kSkGHplM01XjzvqV1rt23emxif2PmwwRYpaFFV9+VU/c/bc+U9duDjazTc//u324Xhu8trlxrOLN28tzS8vz881ptqt2cW5+X2/wsMef7eRagAaN1+4PXf9+nLj7DPndj19Z/i1gcdPDF+6eOrCaLd2anxiYrKnpq//LX/3e9xvhcdjUUQzUrwx/HpqRkQtHn4sHvDeOWiDVSdGqk5MjU9UHVloNdsr5ZOplqtqEY2eg8a6Y3QIc/FQxiJWy+aXDR4puzd5q7nUnFmYb3yxubTSWmkttlOt09qyP42oxWiKWIuIjYF7X64/ivhopHjp9GaaiYiiOw6frBYGP7g9tQPo4z6U7Wz0R6zVHoE5O8YGooirkeJnr56M2XLM8ld8POILZb4S8XKZn4lI5RvjfMRP93gf8WjqiyL+NVIsps00V50PuueVK19ufL59fbGntnteeeQ/Hw7TMT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25Hij57+nWpdcVTr0t93afQ9z/9m75rxpx7wOmXtMxGxWtvfmtz+vHQ41cr/DqBj7Es9ivhGXv/3B0fdGAAAAAAAAAAAAAAAAAAAgHe1Ip6PFF85dTKtRe89xVvtG41rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzjsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KhbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIZyLF+vP16vFaLeJaRPx8a2ur+vqfra2tiM1y+2EddV8BAAAAAAAAAAAAAAAAAADg2EpFfCxSPPm/m6kREXeGXxt4/MTwpYunLowWUUQqS3rrn5u8drnx7OLNW0vzy8vzc42pdmt2cW5+v9+ufqXVvn1nanziQDrzQIMH3P7B+rOLt15cat346sqezw/VL88sryw1Z/d+OgajFjHdu2ekavDU+ETV6IVWs10dmmr3aWAtYmy/nQEAAAAAAAAAAAAAAAAAAODYGEpFfC5S/OQ/zqfuuvG+zpr/X+o8KrZrX/69nb8FsHBXdvX+/YD9bKf9NnSkWnjfmBqfmJjs2d3Xf29p2aaUingqUnzipQ9V6+FTDO25Nr6se29Zd/N8rhv+lbJudVdVfWRqfKJxdbF96vLCwuJsc6U5szDfmLzVnN33Hw4AAAAAAAAAAAAAAAAAAACANzGUivhRpPivv/231L3vfF7/39d51LP+/zeqJfSVetqd26q1/e+t1vZ3tt93aXToo0/fb/9BrP8v25RSEd+MFOd+9KHqfvrd9f/Td9WWdX8SKV5/+iO5rvZYWdfsdqfzitdbC/Ony9q/jBS/+ka3NqraG7n2yZ3aM2XtYKT4883dtV/NtR/YqT1b1p6MFN/7z71rP7hTe66s/Umk+Ie/aXRrh8ra3821J3Zqn5ldXJh70LCW8/+dSPHXV38rdft83/nv+fsPq3fltnvm/M233675H+7Zt5rn9Y/z/DcfMP8XIsV36h/JdZ2xn8nPP1H9f2f+PxEp/v1fdtdez7Xv36k9s99uHbVy/r8dKb77Fz/e7nOe/zyyOzPUO/+/3Lc7t98lRzT/T/TsG87tmv0Fx+LdaPnFr7/QXFiYX7Jhw4aN7Y2jPjNxGMrP/z+NFP93okjd65j8+f+ezqOd67///sbO5/+lu3LbEX3+v79n36V81dLfF1FfuXmr/6mI+vKLXz/Vutm8MX9jvn32zOlPf/rCmdNnLvQ/1r2429na99i9E5Tz/4NI8cO/++H27zG7r//2vv4fuiu3HdH8P9nbp13XNfseinelcv7/KlI88dkfb/+++WbX/93f/09+bHdu//wd0fx/oGffcG5X6xccCwAAAAAAAAAAgEfJUCrizyLFb//hr6fuGqL9/Pu/ubty2xH9+68TPfvmDmldw74HGQDgGCmv/z4YKf5x6/vba7l3X//Fr3Vre6//7uc43P8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAedSmK+P1IMfTKZlofKB931K+02rfvTI1P7H3YYIoUtSiq+vKrfubsufOfunBxtJtXBg6zGx+O5yavXW48u3jz1tL88vL8XGOq3ZpdnJvf9ys87PF3G6kGsHHzhdtz168vN84+c27X03eGXxt4/MTwpYunLox2a6fGJyYme2r6+t/yd79Hus/+x6KI70eKN4ZfT98diKjFw4/FA947B22w6sRI1Ymp8YmqIwutZnulfDLVclUtotFz0Fh3jA5hLh7KWMRq2fyywSNl9yZvNZeaMwvzjS82l1ZaK63Fdqp1Wlv2pxG1GE0RaxGxscePZH8U8c1I8dLpzfRPAxFFdxw+eXXyS6fPPbg9tQPo4z6U7Wz0R6zVHoE5O8YGooi/jxQ/e/VkfG8goi86X/HxiC+U+UrEy2V+JiKVb4zzET891FM7B6kvijgfKRbTZnp1oDwfdM8rV77c+Hz7+mJPbfe88sh/PhymY35uqkcRP6jO+Jvpn/1cAwAAAAAAAAAAAAAAABwjRaxFiq+cOpmq9cHba4pb7RuNa82Zhc6yvu7av+6a6a2tra1G6uRYzumcqznXcq7n3MgZtXx8zrGc0zlXc67lXM+5kTOKfHzOsZzTOVdzruVcz7mRM/ry8TnHck7nXM25lnM950bOOCZr9wAAAAAAAAAAAAAAAAAAgHeWWhTVXdy/9bXNtDXQub/0dHRy3f1A3/H+PwAA//8YNXNU")
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0)
mkdir(&(0x7f0000000500)='./control\x00', 0x105)
syz_emit_ethernet(0x0, 0x0, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000964)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
rmdir(&(0x7f0000000100)='./control\x00')

2m15.485082264s ago: executing program 33 (id=613):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00', @ANYRES32], 0x47, 0xc15, &(0x7f0000001940)="$eJzs3V1sZOdZB/DnnWPHY6e0TtNuWmjKSEXtymWj/equq0WVt3ENlbabql5X5Koef+x2FO94ZXvppkBlQAWJm4rcIG6QRYlA6gVXhEtcGqRWCAlVvSgXSJZoo1xw4YtKCFBqdM68Y493vVk3G39s8vtFzv/MmeeM34/xmWNpX58AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+ko24FAHCYrk5+6fQ5n/8A8K5yze//AAAAAAAAAAAAAABw3KUo4kSkGHplM01XjzvqV1rt23emxif2PmwwRYpaFFV9+VU/c/bc+U9duDjazTc//u324Xhu8trlxrOLN28tzS8vz881ptqt2cW5+X2/wsMef7eRagAaN1+4PXf9+nLj7DPndj19Z/i1gcdPDF+6eOrCaLd2anxiYrKnpq//LX/3e9xvhcdjUUQzUrwx/HpqRkQtHn4sHvDeOWiDVSdGqk5MjU9UHVloNdsr5ZOplqtqEY2eg8a6Y3QIc/FQxiJWy+aXDR4puzd5q7nUnFmYb3yxubTSWmkttlOt09qyP42oxWiKWIuIjYF7X64/ivhopHjp9GaaiYiiOw6frBYGP7g9tQPo4z6U7Wz0R6zVHoE5O8YGooirkeJnr56M2XLM8ld8POILZb4S8XKZn4lI5RvjfMRP93gf8WjqiyL+NVIsps00V50PuueVK19ufL59fbGntnteeeQ/Hw7TMT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25Hij57+nWpdcVTr0t93afQ9z/9m75rxpx7wOmXtMxGxWtvfmtz+vHQ41cr/DqBj7Es9ivhGXv/3B0fdGAAAAAAAAAAAAAAAAAAAgHe1Ip6PFF85dTKtRe89xVvtG41rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzjsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KhbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIZyLF+vP16vFaLeJaRPx8a2ur+vqfra2tiM1y+2EddV8BAAAAAAAAAAAAAAAAAADg2EpFfCxSPPm/m6kREXeGXxt4/MTwpYunLowWUUQqS3rrn5u8drnx7OLNW0vzy8vzc42pdmt2cW5+v9+ufqXVvn1nanziQDrzQIMH3P7B+rOLt15cat346sqezw/VL88sryw1Z/d+OgajFjHdu2ekavDU+ETV6IVWs10dmmr3aWAtYmy/nQEAAAAAAAAAAAAAAAAAAODYGEpFfC5S/OQ/zqfuuvG+zpr/X+o8KrZrX/69nb8FsHBXdvX+/YD9bKf9NnSkWnjfmBqfmJjs2d3Xf29p2aaUingqUnzipQ9V6+FTDO25Nr6se29Zd/N8rhv+lbJudVdVfWRqfKJxdbF96vLCwuJsc6U5szDfmLzVnN33Hw4AAAAAAAAAAAAAAAAAAACANzGUivhRpPivv/231L3vfF7/39d51LP+/zeqJfSVetqd26q1/e+t1vZ3tt93aXToo0/fb/9BrP8v25RSEd+MFOd+9KHqfvrd9f/Td9WWdX8SKV5/+iO5rvZYWdfsdqfzitdbC/Ony9q/jBS/+ka3NqraG7n2yZ3aM2XtYKT4883dtV/NtR/YqT1b1p6MFN/7z71rP7hTe66s/Umk+Ie/aXRrh8ra3821J3Zqn5ldXJh70LCW8/+dSPHXV38rdft83/nv+fsPq3fltnvm/M233675H+7Zt5rn9Y/z/DcfMP8XIsV36h/JdZ2xn8nPP1H9f2f+PxEp/v1fdtdez7Xv36k9s99uHbVy/r8dKb77Fz/e7nOe/zyyOzPUO/+/3Lc7t98lRzT/T/TsG87tmv0Fx+LdaPnFr7/QXFiYX7Jhw4aN7Y2jPjNxGMrP/z+NFP93okjd65j8+f+ezqOd67///sbO5/+lu3LbEX3+v79n36V81dLfF1FfuXmr/6mI+vKLXz/Vutm8MX9jvn32zOlPf/rCmdNnLvQ/1r2429na99i9E5Tz/4NI8cO/++H27zG7r//2vv4fuiu3HdH8P9nbp13XNfseinelcv7/KlI88dkfb/+++WbX/93f/09+bHdu//wd0fx/oGffcG5X6xccCwAAAAAAAAAAgEfJUCrizyLFb//hr6fuGqL9/Pu/ubty2xH9+68TPfvmDmldw74HGQDgGCmv/z4YKf5x6/vba7l3X//Fr3Vre6//7uc43P8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAedSmK+P1IMfTKZlofKB931K+02rfvTI1P7H3YYIoUtSiq+vKrfubsufOfunBxtJtXBg6zGx+O5yavXW48u3jz1tL88vL8XGOq3ZpdnJvf9ys87PF3G6kGsHHzhdtz168vN84+c27X03eGXxt4/MTwpYunLox2a6fGJyYme2r6+t/yd79Hus/+x6KI70eKN4ZfT98diKjFw4/FA947B22w6sRI1Ymp8YmqIwutZnulfDLVclUtotFz0Fh3jA5hLh7KWMRq2fyywSNl9yZvNZeaMwvzjS82l1ZaK63Fdqp1Wlv2pxG1GE0RaxGxscePZH8U8c1I8dLpzfRPAxFFdxw+eXXyS6fPPbg9tQPo4z6U7Wz0R6zVHoE5O8YGooi/jxQ/e/VkfG8goi86X/HxiC+U+UrEy2V+JiKVb4zzET891FM7B6kvijgfKRbTZnp1oDwfdM8rV77c+Hz7+mJPbfe88sh/PhymY35uqkcRP6jO+Jvpn/1cAwAAAAAAAAAAAAAAABwjRaxFiq+cOpmq9cHba4pb7RuNa82Zhc6yvu7av+6a6a2tra1G6uRYzumcqznXcq7n3MgZtXx8zrGc0zlXc67lXM+5kTOKfHzOsZzTOVdzruVcz7mRM/ry8TnHck7nXM25lnM950bOOCZr9wAAAAAAAAAAAAAAAAAAgHeWWhTVXdy/9bXNtDXQub/0dHRy3f1A3/H+PwAA//8YNXNU")
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0)
mkdir(&(0x7f0000000500)='./control\x00', 0x105)
syz_emit_ethernet(0x0, 0x0, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000964)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
rmdir(&(0x7f0000000100)='./control\x00')

49.863508419s ago: executing program 3 (id=1263):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x1ffffffffffffffd}, 0x18)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0xffffffff, @mcast2}, {0xa, 0x0, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800086}, r2}}, 0x48)

49.639634814s ago: executing program 3 (id=1264):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x1410, 0x1, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x24001850)

49.405391739s ago: executing program 3 (id=1265):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100))
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000200)=0xeeee8000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r6, 0x107, 0xd, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_int(r6, 0x107, 0xe, &(0x7f0000000000)=0x3, 0x4)
alarm(0x400)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x300, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

48.059270201s ago: executing program 3 (id=1268):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0x2, 0x4fd, &(0x7f0000000b00)="$eJzs3ctvW1kZAPDv3jycyWQmGZgFoAHKMFBQVTtxZ6LRbBhWI4RGQsySRSckThTFiaPYGZrQRbpkj0QlVrDiHwCJBVJX7JFYwI5NWSDxqEANEgsjX19nnIcbq03sNv79pCufe47t75xa9xzrc3NPACPrWkQcRMRkRHwcEbN5fZIf8X77aD3v8aO7y4eP7i4n0Wx+9M8ka2/VRddrWl7O33MqIr7/QcQPkxNB/xhR39vfWKpWKzt5VamxuV2q7+3fXN9cWqusVbbK5cWFxfl3b71TvqCR/vqo9LvffvHhHw6++eNWt2byuu5xXKT20CeO4rSMR8R3LyPYEIzl45l8mhc/1Yu4SGlEfCYi3syu/9kYyz7N445/TN+K/NIGAF5QzeZsNGe7zwGAqy7NcmBJWsxzATORpsViO4f3ekyn1Vq9cWO1tru10s6VzcVEurpercznucK5mEhW18crC1m5c16tlE+c34qI1yLip4WXsvPicq26MswvPgAwwl4+sf7/p9Be/wGAK67r1/zCMPsBAAyO/80HAKPH+g8Ao8f6DwCjx/oPAKPH+g8Ao8f6DwAj5Xsfftg6mof5/a9XPtnb3ah9cnOlUt8obu4uF5drO9vFtVptLbtnz+Z571et1bYX3o7dO6VGpd4o1ff2b2/Wdrcat7P7et+uTAxkVADAk7z25Qd/TiLi4L2XsiO67vd/7lr9xmX3DrhM6bA7AAzN2LA7AAzN6d2+gFEhHw90bdF7r6t66lThpPt9vX2a7xsKPEeuf/4Z8v/AC03+H0bX0+X/fZeHq0D+H0ZXs5nY8x8ARowcP5Cc0979+/98s+ukv9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EqayY4kLeZ7gc9EmhaLEa9ExFxMJKvr1cp8RLwaEX8qTBRa5wsRYd8gAHiRpX9L8v2/rs++NXOydbLw30L2GBE/+vlHP7uz1GjsLERMJv86qm/cz+vLw+g/AHCezjrdWcc7Hj+6u9w5Btmfv3+7vbloK+5hfrRbxmM8e5zKcg3T/07y87bW95WxC4h/cC8iPnfW+JMsNzKX73x6Mn4r9isDjZ8ei59mbe3H1r/FZy+gLzBqHrTmn/fPuv7SuJY9nn39T2Uz1LPrzH+Hp+a/9Gj+G+sx/13rN8bbv//OqcrmbLvtXsQXxiMOO2/eNf904ic94r/VZ/y/vPGlN3u1NX8RcT3OGn9yLFapsbldqu/t31zfXFqrrFW2yuXFhcX5d2+9Uy5lOepSJ1N92j/eu/Fqr/it8U/3iD91zvi/1uf4f/m/j3/wlSfE/8ZXz/78X39C/Naa+PU+4y9N/2aqV1sr/kqP8Z/3+d/oM/7Dv+6v9PlUAGAA6nv7G0vVamXnsgvp5YfICknEwQCG0y4UfvWTDwYV6xIL8Xx0Q+F5Kgx7ZgIu26cX/bB7AgAAAAAAAAAAAAAA9DKIPyca9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//2KH0wQ=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x2b, 0xa, 0x300001, 0xfff8, 0xc000, 0x1, 0x1, 0x0, 0x0, 0x10, 0x10001}}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xda0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
eventfd2(0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c5, 0x1000, 0x0, 0x0, 0x2, 0x0, 0xf, 0x2], 0xeeee0000, 0x1144})
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3)

47.463414346s ago: executing program 3 (id=1269):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil)
socket$nl_xfrm(0x10, 0x3, 0x6)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x380000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000300)={@local, 0x3ff, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x20)

46.257124845s ago: executing program 3 (id=1273):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kfree\x00', r1, 0x0, 0x4000000080000000}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB="fdffffff03"], 0x50)

30.397050531s ago: executing program 34 (id=1273):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kfree\x00', r1, 0x0, 0x4000000080000000}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB="fdffffff03"], 0x50)

6.534598375s ago: executing program 6 (id=1495):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000010)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x40081}, 0x0)

6.227720876s ago: executing program 6 (id=1500):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
io_uring_setup(0x22625, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone3(&(0x7f0000001040)={0x20400, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000000580)=""/244, 0xf4}], 0x1)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x8, 0x0)
readv(r2, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={&(0x7f00000002c0)="c688f20b14f769be84d7c302f6b3d5bb91ae901bbb03ae1edf9d162fe0cc3d380a54cbdfa191ec1fbdba406c78cc1f042dfab4becb35a536ead5ae17bed0ef58f0fc3b08eaacddc5e6f6395f7a76f68868d32548d455d37a63fcd3e72388fc980ac6d17b8544454c445c7ad2b7427bfb766116993bc350bca7b55eba", &(0x7f0000000340)="5587580643646e989c559357ba849d48bbd906b80e36e259f71a0ed724843e34d8c02e17acb982bb3bfbfd599c5cc26bd53374ce750c445944d21d940ba16226fb6e6cd0b224c9123bb260acd9438fa7f65d0a69488e22e95745943f64256da875b3c6f31b3c4387a70d0ce84ac0cb2937d263f7462933951babc1b34666ae39140fb6983449678f84d4eba0f454cd50abd4fbb4234651b7f11bc313050d817b6bec920f76a1ef5841cdfceca31052516a7bf626cfef246883639dad738ebc"}}, &(0x7f0000000280))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa00000001000008004d1e00bb1a6fb0441c0fc10a01010100000005ac14d4e23e91431cf661080000000002004e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000290781e83"], 0x0)
fcntl$setsig(r3, 0xa, 0x13)
fcntl$setlease(r3, 0x400, 0x0)
lsetxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000240)=@v3={0x3000000, [{0xffff4a0c, 0x7}, {0x2}], 0xee01}, 0x18, 0x0)

5.05866408s ago: executing program 5 (id=1505):
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c0001"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x140}})
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
accept4$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, 0x0, 0x80000)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x158, 0x11, 0x148, 0x0, 0x4000000, 0x230, 0x2a8, 0x2a8, 0x230, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x40, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x4, 0x18}}}, @common=@unspec=@limit={{0x48}, {0x5, 0x5, 0x4, 0x3, 0x9, 0x3, 0xfffffffffffffff8}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @multicast1, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x12, 0x9, 0x5, 0x1, 'netbios-ns\x00', 'syz0\x00', {0x4a7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)

4.521370919s ago: executing program 0 (id=1511):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000170a0102"], 0x14}, 0x1, 0x0, 0x0, 0x20048000}, 0x8094)

4.344574754s ago: executing program 0 (id=1513):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004000180180002801400018008000100b04c94a708000a00ac03cdaa140019800800010004000000080002"], 0x44}, 0x1, 0x0, 0x0, 0x894}, 0x0)

4.307218292s ago: executing program 6 (id=1514):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)

4.064342756s ago: executing program 7 (id=1515):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRESHEX])
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan0\x00', &(0x7f0000000000)=@ethtool_stats={0x11}})
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r4 = dup(r3)
r5 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0)
ftruncate(r5, 0x200004)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)

4.023652981s ago: executing program 5 (id=1516):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb904}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x8000}, 0x18)
r1 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000380))
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="9817ee5bbf086ae97a89fd90b8633b801cbad218a83d358fc84f81540ee7eca8d7c19dd1400939bcb9c80d565bdf074d048fff37c7ae65fad81347436447d9562c8247805f84c51a9b5cab8d44f9cbca"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000140)=ANY=[@ANYRES32=r4], 0x4)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000001440), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYRES32=r4], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000200)='sctp_probe\x00', r0, 0x0, 0x700000}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.993382531s ago: executing program 0 (id=1517):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="3101000009005e08cb06030000e8160000010902240001000064000904340102d469e70009058acf"], 0x0)
semop(0x0, &(0x7f00000000c0), 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000740)=0x17, 0x4)
socket$inet6(0xa, 0x80003, 0x6)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

3.812373726s ago: executing program 5 (id=1519):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @remote, 0x7}, 0x1c)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r2, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
sendmmsg$inet(r0, &(0x7f0000000c00)=[{{&(0x7f0000000040)={0x2, 0x4e25, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20, 0x3f}}, {{0x0, 0x0, &(0x7f0000000b00), 0x0, &(0x7f0000000b80)=[@ip_retopts={{0x18, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x4d, 0x0, 0xa}, @generic={0x88, 0x2}]}}}], 0x18}}], 0x2, 0xc0)

3.315231254s ago: executing program 0 (id=1521):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000040)={0x4, 0x5, 0x0, 0x4, 0x5})
ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000180)=0xa001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)

3.136299823s ago: executing program 5 (id=1523):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x32)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000004c0)=@keyring={'key_or_keyring:', r1})

3.135964526s ago: executing program 0 (id=1524):
unshare(0x40600)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
poll(&(0x7f0000002040)=[{0xffffffffffffffff, 0x8040}], 0x1, 0xbf8)

3.03458068s ago: executing program 5 (id=1525):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3, 0x0, 0x400007}, 0x18)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ptrace(0x4219, 0x0)
r5 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})
ioctl$BLKTRACESETUP(r5, 0x1276, 0x0)

2.816086466s ago: executing program 6 (id=1527):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7f}, 0x18)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

2.809352442s ago: executing program 7 (id=1528):
syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, 0x0, 0x0)
migrate_pages(0x0, 0xfc, &(0x7f0000000200)=0x7ffffffffffffffd, &(0x7f0000000240)=0x1)

2.467095827s ago: executing program 6 (id=1529):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
fdatasync(0xffffffffffffffff)

2.423099493s ago: executing program 7 (id=1530):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000004000000000000000100feff95"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000300))
getdents64(0xffffffffffffffff, 0x0, 0x22)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x2}, 0x18)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00')
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x1}, {0x0, 0x3}}}, 0x24}}, 0x800)

2.23237437s ago: executing program 6 (id=1531):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0x0)
semop(0x0, &(0x7f00000000c0), 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000740)=0x17, 0x4)
socket$inet6(0xa, 0x80003, 0x6)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

2.185139248s ago: executing program 0 (id=1532):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000600)}], 0x1, 0x0, 0x480}, 0x0, 0x50, 0x1})
r0 = syz_io_uring_setup(0x221d, &(0x7f0000000100)={0x0, 0x6e7f, 0x800, 0x2, 0x5cc}, &(0x7f0000000280)=<r1=>0x0, &(0x7f00000005c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffa, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, 0xffffffffffffffff, 0x0, r0})
io_uring_enter(r0, 0x66ae, 0x4, 0x2, 0x0, 0x0)

2.066841477s ago: executing program 7 (id=1533):
r0 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0x4)

1.917427295s ago: executing program 2 (id=1534):
socket(0x1e, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000002000004000000000000000002000000000000000000000002000000000000000100000000000001"], 0x0, 0x4e}, 0x20)

1.872166436s ago: executing program 7 (id=1535):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
clock_nanosleep(0x2, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
syz_read_part_table(0x4080, &(0x7f0000000000)="$eJzszz9KA0EcBeC3JpEoUbAWxEWwFO2scotcQDyCjY0G03kMwSZ4AG/gkUwjI2GX1cRWQeX7in37e/tnZsKvcP/a3lwuL5td/3K9+t5Om88XT3tJDuu8lVIyTNJf++WiJKdnGWwPNzJKcvV11cn8e08BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8JdP1orc6Pra5n9nNOOelcXvXS9U+qU+S3Y8PFiXZ6qZ+E5P5D2wdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjvSillmdWnbpCk35RVMu36UR6OMhsfVBkm9fE7+3NoAwAIAwEwwTAh87A3CvEJoQPU3ama/uf/lP3Omf/qpGWNphUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXHbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBGAQAA//88nie/")
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioprio_get$pid(0x3, r1)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'fl512\x00', [0x4faa, 0x105, 0x2, 0x10000421, 0x1fffffe, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x40400, 0x8, 0x8f3, 0x1ff, 0x80000089, 0xa, 0x400000, 0x21001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485b]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigaction(0xd, &(0x7f0000004100)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0xc, 0xa13ca8e5839881af, 0x4})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x612, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x5)
syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)=ANY=[@ANYBLOB="12010000d507df08c404000904000000030200"], 0x0)

1.758230381s ago: executing program 2 (id=1536):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x0)

1.633704543s ago: executing program 2 (id=1537):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x14, 0x0, &(0x7f00000001c0)=0x59)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000840)='kmem_cache_free\x00', r5, 0x0, 0x91aa}, 0x18)
syz_mount_image$ext4(&(0x7f0000000f00)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r6 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
write$UHID_INPUT2(r6, 0x0, 0x1000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0xfffffffffffffc00, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}, 0x1, 0x0, 0x0, 0xc001}, 0x0)

832.791932ms ago: executing program 2 (id=1538):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
sendfile(r0, r0, 0x0, 0x6)
getsockname$inet(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000a00)={{0x0, 0x0, 0x50f9, 0x5, 0xfffffffffffffffa, 0x4, 0x1, 0x2, 0x2, 0x9, 0x8, 0x8000, 0x8, 0x9, 0x30}})

780.082886ms ago: executing program 5 (id=1539):
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x22c43)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000060000000000000000000000850000002e000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r1, 0x0, 0x1}, 0x18)
sendmmsg$inet(r3, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYBLOB="20000000000000000000000007000000440cd1700000000700000e0f940401001400000000000000000600000200000002000000000000001100000000000000000000000100000009000000000000001400000000000000eaffffff0100000006000000000000001400000000000000000000000200000006"], 0x80}}, {{&(0x7f00000010c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=ANY=[], 0x28}}], 0x2, 0x4000004)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="187f00000000000000000000000000001812000042a430d045349de97dc0cd3559affdf74bcbeabd97da06103482734075077fbe751199e00e75c4311fca3ff92ff924054353340c066ff33ee8a1b15b86c880370300000095eec6b8956c01b4ce487edb7ba7cce3db5586f6cf11dbb5528ae06c65deb10bcad356b5ee298869c6847bbcb099ae9c184cba2444dc1a37b81d7a40a74c", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r5}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018f2f56514fbfd8f39438f02110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000580)={@remote}, 0x14)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000540)={&(0x7f0000000080), 0xc, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="10002cbd7000fedbdf253e000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61e6635f69735f6d756c746963617374000500830000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20000015}, 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
setreuid(0x0, 0xee00)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00')
close_range(r7, 0xffffffffffffffff, 0x0)
ioctl$EVIOCSMASK(r7, 0x40104593, &(0x7f0000000000)={0xd, 0x1000, &(0x7f0000001380)="1cf2dda6aef15fbe17b994257e691e67a769c75c2039b1bcae04522a562c653387b66d84c80281f629e3bc1de12966af1fb1a10d57abf96c509523690da5b4d0d47ad918e352047a8cb74a2a20a6b7fb783bcfdf59c73ab2ae45bbf2489ee4cfbb6fa61d3db7c743255d8e239bc54ff3c4398542b2e6b1ed5fc2a429426e83cda7e20030e0cad0a52be6905f3abe6c16260842ee7ef89539b6696f5cd7978dad34e3f4775d1cc346dc2d7f96b59c91a8ce1ea9ea03e0a758265b7103a1bf15b7c44bdc8d47c28fd3f4cf4c19a70ef6deff33b84e7125c5f4aece6c0ffc5fea552612211d44a55ed4db3a2c2b6d2a7381d6352d956ad5e9d3b5dc3fa7daf489a1f5ef516d083c18da2d8b84d40a8ddc5dd44743c4005f3f7e0b02b7aa5577572c20f0683bdd8c0c749f2c63e97ab76ee30e3ae3fc156b15f0ed99b785b25893135c33b328bf0d614735100e9e118ed01d98656fb4ae4312ea6918eda8c4b80df3e3485c218ad0445895709a00f1d792bc876d5d8c5729530da6f7f4ef9f3e327bde32613233a2045a57236e175670ef409db63bcb24f5b93efb29753b20a5f63c4c3ceca6111badfdeff80ae97c3ccd2ccfa8332f9ae178440b51b27efb33367cd36b324b37a948ad7293fdf653b67911a4f1854cfbbe635a9323ff64b6392763b6482cd871463b51e27cbb3f00379fffef76640511c7afaae9a3cb7ef74bc82232c43cbc5430cd2619239166afe273faf8922c34b95918b1c95af0fd9aa4788a4e2394101f3559cacd274dffcc2e8fd26fe0790e753d6d67f6269ffbd9d48972f09c1490a8ab6d9761698559ab4b79ff585acb1ce1f86e7fd3c9741ed6e9baed10750c1ea50d022aa3fe3d6b12e220b55daba47c5b3b8cf25de79bf12d570a1972f4f2258fd9207cf06314d51805ed522c7f3fb9dd2c0e55ef7a8d7bbc0b41c3bb77cf1e1e287045f6455496e1d8a06e781c1c456d4cce5b42aaeb5387610c899b76c570e661249ea29a754e434b26fbb558aee532e897a87016bd3f64d68420f3a4216517cb638e4123823922234f4e6bf936abd00780f2bb51d992d78ee4d4e2e4edc121d40e8bd8683a801a88f49641dbaf409dfc89f3818b273226c59a3846d52074f7492d0d801674970b918378be06720636e42a07993a364a5eb684b6e591fdbdb4d31149a222510c254c555fa81e317f66927f2273a1105f4d34ec6eefa9c7d458fad29b0a579e7fabb3468f3454390c7ee58b0e2d5ba893e36a0e40a6c5e7810967b02b1fc0d016a89c3a195456f10890a4c90e16a8e9c62eab194985e0a8fec63f744466fe199e0a8d28d9292a2b7d623013d95de4ee184fefcb84b7d43da616b2a463ccddaadc2a191e94f7f8021d9a396ecb959689148c76c6052d178ae1883742eeccde2e14b0541722d72f70465bd00a5fb8b65ea3df185f9c8b579f48c77e046febc53b55cfa5bab37c151388a39a191adc8ae636b35104c7027427e6eae6a9fb877f827ae99fd73e29cc211b325aa4c030807a2ad033f43ac0eadfe34d71360c8454793781feb6742c49960e85637efaed6da14958ed6e8824e5db85af34b899460507c042c12fe5011bde812e70ab9cf6fa543924243d94b2c9645842d7af59357a5b75c1723c7e201fd45cbe76cfa652bebcaaea310f2bb568e699b3fe3b2b779b019412a7ab71a451fc89f735bf470eda1df087c57a384e3549d18b655bb7d89a5000fb6fa4292f5b5199e2a2a4024b68cfd83335339089ea1e92f6bab65e2fa96ba21a7ac8f3856dd0680e978c32695959eb1ff217d299a74e8e6ecb1501a40c4d407b7f87d8b8a79d0d9495d9471ad618c3b7db2f562a4186fae9c838bbb452d92a81da4cba1fb05959ce818e191244bfe7516dc0cbe24b3139e796e9e5e4b2ba9c4e20825f34f795b0eacd64f15e5de751c566d398581a0bb7e394ee566228eebbd14c84af64d4257881392739256d372d86dcfa75ba2290d5cb5b7d2cb26a9260caa89cfb9b25cf9a3d6cdf49936cc5ba2c4629210f1edc8830d0bf72c9a4cbe2f64091b749e7e74d2b3321afcc88fb4ec9ff169a1b6c255584cad1ca9eac5ac9a3ce54af8d8842c7b617738812802e336a0ab04aee17dd5a0192cec4c31c7e77746e4f87e77af2af37c0c8cc0619709a4e33c44ed32d6c97a882dbf23183f7647848cc41fdc525b1bf82a472e592259c2f47043eadf64db3bf39f9a624c4b243ddd56f274e2d5e21345793cd513d6666a047df7ad1aa91e190116f5af841596f3b688f98fa52918d09f1f5a19c435599b5adbc0db7d43f5c2eef3c4fb799b3b6f780194fae6ca2ae52fcaecbe1495ea20dd61386238cba0f5f2b35afb8a7e820cd5d1a2341dc3ec2306f1cadac2c956394bfe35de57a091c0c7479639e0da347b8e2ba556ba52d62ebaecaaddf6aed23d065c8b69c246c9781e3cc67b4d3493d10f8e418b6f9ee54c52f66c7c5f3e57eede0620778f1e1849f6670a9036ef6f0a5a688d16ac2739cd1d13821837fc669a9839904f0ce13a6ad73eb406808ae8241f9a4699fd0b763cc67c9eacd4e737f29f3811a764697b0161a397d0d3592200cd470349afe902f56643c450ff39de6791066f8116dbf55dbebb6c377bddf81e1683a64e7a2139f791d44d9b4512c7862533a294048e100581ff29aaee983d1193c8675b454e1d4f208365625cf5d6a9226d6439135678c778ab7621eba73df7c5a9033377de58991ee4548f3778e398d8e28fd6f731526591954006067c9e383161f17557b2af3ea7066d7c1855f69ad8b7a1370775d10f6da042dd5ce26bf6f54152d8ac29deed1a91df1d5ec01d0190a6d9f3b46ceb9af435b19315753b0278adbfe2d488c1ff17fb00416c9282236cec898ef474ba36c904302c54e61bca93b3ae3ebd71b3fd9ce22b7c9635677815893bfd5c5253b2e9d3167962718164d7ea20ea3b80e4dc789a24cfe3b68fd2bbc1f5f4b785991c22528ff618e6b1154c8984d73041cf616a4b8bddce7572db4a5b70d925439bb215410755cabb6a4c02e9438ee65f9a082fd92d82cd386b3191e7b336c0207a10debae5b1bd7133a40024d2570f0569ce30a5809a0852114265cd462dec95f769b01493d894de7caa11c27235000001f174ebbf044b6007e914023d6eb95d858e326bf1d71753c56eac7db297f1326b00ca5a6e6763370349583db38b945d1fd190658d698bd0cce2e342eaf7b7a09ff28ccf00845c7bae8700ae8c179366498936ae34e11b910e104f124343e1ca93751373e226db371312272f2d708586f9d23a636d78b13a0667066704ab9c319ea6b9564f65b7ca605f6b0861bff843daeb43833a6baf42c0ea3b48e8922be152a62fb46ab7e27f71594eecd881b86aaca6901e520c58a6a9927590e57dd4ab80523eb3fddc4cf2bdf9841490b7f861510babc7aa00dbff4928789521632fc325e054930be4fb8be8c4ba6fb5f92304632879acecfc68006027c61c1bc05f169d893dfdafd8eb5c54a1ddc46676c3101583f0ae869dac7871abb17b6d82acd69ca611a7de4edcfdfce7dc10a6c5ee79f9d3ac308c4a1ea13ed8e26b712b69fce63eb5e4f4c4e27f79a5c57319d2291a062187dcc516f0eaa3efe8f213d3da42a4e08fa42a4d37023bd6d7f0495ab9c2ca011566413f19372e186379f7c99a546414640970cc38ce4ba70de05ac90877dc92dc7ae964eae2ccd90d2aeb3638ba32f2d643c496fe21662dd6c4c7dd06d6282bba5fd0cfae0e4a150cfd2b86037c684998cb9af831c02ecf1bb19e41d0386e6a35553d505dce5785d3a4fecc48dd4dd9a5d0878dc76bc204fa6e99d8e8b8df5832e49924cbaca1354e3f36e63af275cd63f58aab61eaebba7346e53103ead8a2da45437a9445a8678b21434cc66d18456d1e2153d607ba138374a22db326e77b60f7599bc01091fd1cbe67b5db48383a892cda84ac2fe3a49628995dc15156964349bd89936f298b7847a819e22b1b8b0d36e1107708d3b7e22650dd215fd0d75c817b4190fc70e8448a884a8d14c3845b83cdb4661c70864627058c26ba360489f1730cacf5a12ee9e8d81269a86a5951ecff35d08969cd7789428e9c824369a10b34d037fc31b5401a08b9979a4b4b9f9c86abf6b12061342a6da11d0d4e92acf6344c3248372526205d2a736edf17b074cae52abe2dc29e3564f70013c8816cd03c26c088460d4dd2f0b5ca4b6f0f0c9dac8b944cf5e01216c0ff50e79915ebc601d3521b7d515b68b4c9ec844d1766c811906d424f2c8c1bd93bae2768c40d072f0d532f3022a8a4d7d1f0e9074c1e7cec4527a8d54c6cc2a79aba3e60a1d7661932950c47b9b0b1f8e8745eda9493e312a8d5f801074fdebe6b39f7bf0c2993d48d88f8b485334fb90da3cdf5e28f3ad0583f9de44cf8fb5076b476e86fc4e7ddec65a4e562f1b7526f890ce8ebf97ec6558c16ab7691f3caf12c7fc9f2362703f020846952cf9b6d1cc13162d30dcb586be273d309a59974b27c61ab60a1d0db9fe324c993db2bf3f8058111b2ac2dc26d1a7def450580f965a24001bb8299e9a5c7f7972aed796b9db133069ed521772a4836b61cd205b0078be267295eed5d4a89ee5202ed4dacc46bb93131d176ce43a370da8902e9ba85024afe726c94187f6ec4c822d18ae82218fc010e948494e66925243a91428dc08ad0314a20a791a7f1c8ee138b93a8e28d3ffbd4a762018b1d70b6cb00a5f30cc35d01a4d9e76db6fe8e6f8c28932b84c8524d1c2a5ae7aa95430c37f9e57d6c349b3956e9d8d69068d19af10b50b13bbefca1619c9f6c7a0c59498b8b8b1513c0dfa32c35b6f869b4a59213be3a1dad2c37fad72917377b08f44c5b7920688e6c9208cf54891ce968535c27943dd3f1d73ff606e47f9541bc63ab1fbad0b81aa23b859ba42f3a6f62cb9cc93ddd93530e1ca963a881dfca3f31c51eb43007f81ff4acb7aa0a01af2689ebf636eabf47a1c73df6c5e58953fbba4f862d4aeeb9c1ba5bee2815c2f08bda95f0b960143df3d162aef72779433d8c8756583671e835d17d6deec0ab556eaf22621d81f8580bf9df3dd7cd2335f4f7b8f03a4c82f9da2645d79ab93563969ad21233c57fdf911064687cfb77caf94daaeba801ded9ac31164a2349584ac9c565b4ecd1b76e454bd747d3c62dfe493e2df7b3b2eb7b6a1fae88c7b5d201864402fa4d846389629b74471f585fde51c5bce1e27ca557a4db44247afda4c063bd898fab222e1c4c5274880a34d15c875ca04512f4a49868bfafbaeec25bfae6a1c69cd70d4031279b177f0a7a74b6860e323eccf8debfd2d81eef9aac82004ea88484aa114cc93982d7ba72f275f412f993918fab9d3bb94d27dfd791757c78c55e2ab22142f44ae36cf81bfa82dd6e6b2fab71a2c5c68e059cf548d0cd413ac4b774dfc3d4332b4c70529f55eaf39c14cc0477cd99744a63233e1b3507bd2446fa963de700feb30b58275e58fce8d46123e50bee4a722a8f92c0fc856ad68fc1608c668023e7c5bd4faaceb82fb16ffe0ff6f77a92423e868607ef657e2fc72751a98b6c9578ab55f445ead930ff824d1f13a0308136e664405e2e7d0f5e5cb141d5850df17da9f1f76e7f52a83a036ff57365189e52b785b96e60d0c54a3e125dbb95d42063951a214c5a5b4c5844203d5227fc110110dab75d35f2d4396c1811f068eaa5faf7ddaf47f6c2279b049af40da512afb96b42423c339fdbee476f1127df639d746baf441c5f6cd321d023e5090b7a4be"})
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0])

718.882314ms ago: executing program 2 (id=1540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b5181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

227.67629ms ago: executing program 7 (id=1541):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='kfree\x00', r2}, 0x18)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
openat$tun(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r6}, 0x10)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)

0s ago: executing program 2 (id=1542):
unshare(0x40600)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
poll(&(0x7f0000002040)=[{0xffffffffffffffff, 0x8040}], 0x1, 0xbf8)

kernel console output (not intermixed with test programs):

651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  172.771856][   T30] audit: type=1326 audit(1762889817.519:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  172.845994][   T30] audit: type=1326 audit(1762889817.519:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  172.913374][   T30] audit: type=1326 audit(1762889817.539:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  172.938740][ T7853] loop2: detected capacity change from 0 to 512
[  172.983205][ T7853] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  172.988157][   T30] audit: type=1326 audit(1762889817.539:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  173.042126][ T7853] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  173.101206][ T7853] EXT4-fs (loop2): 1 truncate cleaned up
[  173.113454][ T7853] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.116209][   T30] audit: type=1326 audit(1762889817.539:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  173.267451][   T30] audit: type=1326 audit(1762889817.539:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  173.319221][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.677982][ T7894] loop2: detected capacity change from 0 to 1024
[  174.758827][ T7894] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  174.842767][ T7894] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.855590][ T7900] netlink: 32 bytes leftover after parsing attributes in process `syz.3.670'.
[  176.174358][ T7894] EXT4-fs error (device loop2): ext4_map_blocks:819: inode #15: comm syz.2.668: lblock 0 mapped to illegal pblock 0 (length 1)
[  176.728732][ T7894] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  176.987329][ T7894] EXT4-fs (loop2): This should not happen!! Data will be lost
[  176.987329][ T7894] 
[  177.110291][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  177.213515][ T5902] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  177.303781][ T7919] loop2: detected capacity change from 0 to 128
[  177.369846][ T7919] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  177.403785][ T5902] usb 4-1: Using ep0 maxpacket: 8
[  177.415833][ T5902] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  177.442811][ T7919] ext4 filesystem being mounted at /137/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  177.453244][ T5902] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  177.487926][ T7919] netlink: 104 bytes leftover after parsing attributes in process `syz.2.676'.
[  177.497172][ T5902] usb 4-1: config 0 has no interface number 0
[  177.532014][ T5902] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  177.584866][ T5902] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  177.629807][ T5902] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  177.658774][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  177.686844][ T5902] usb 4-1: config 0 interface 52 has no altsetting 0
[  177.743494][ T5902] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  177.784822][ T5902] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  177.835672][ T5902] usb 4-1: Manufacturer: syz
[  177.860868][ T5902] usb 4-1: config 0 descriptor??
[  177.875079][ T5902] hub 4-1:0.52: bad descriptor, ignoring hub
[  177.882700][ T5902] hub 4-1:0.52: probe with driver hub failed with error -5
[  178.089614][ T5902] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input19
[  178.262407][  T794] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  178.402695][    T9] usb 4-1: USB disconnect, device number 8
[  178.422601][  T794] usb 3-1: device descriptor read/64, error -71
[  178.452109][ T7946] 9p: Bad value for 'wfdno'
[  178.662410][  T794] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  178.812409][  T794] usb 3-1: device descriptor read/64, error -71
[  178.932786][  T794] usb usb3-port1: attempt power cycle
[  179.292450][  T794] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  179.345362][  T794] usb 3-1: device descriptor read/8, error -71
[  179.602376][  T794] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  179.624913][  T794] usb 3-1: device descriptor read/8, error -71
[  179.774722][  T794] usb usb3-port1: unable to enumerate USB device
[  180.265595][ T7979] capability: warning: `syz.0.700' uses deprecated v2 capabilities in a way that may be insecure
[  180.582900][ T5821] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  180.592162][ T5821] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  180.600079][ T5821] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  180.608272][ T5821] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  180.616062][ T5821] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  181.670989][ T7987] chnl_net:caif_netlink_parms(): no params data found
[  182.189699][ T7987] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.212655][ T7987] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.236465][ T7987] bridge_slave_0: entered allmulticast mode
[  182.249476][ T7987] bridge_slave_0: entered promiscuous mode
[  182.289235][ T7987] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.323936][ T7987] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.331174][ T7987] bridge_slave_1: entered allmulticast mode
[  182.357232][ T7987] bridge_slave_1: entered promiscuous mode
[  182.497539][ T8025] veth1_to_team: entered promiscuous mode
[  182.505351][ T8025] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check.
[  182.574923][ T7987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.618566][ T7987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.634125][ T5821] Bluetooth: hci5: command tx timeout
[  182.757971][ T7987] team0: Port device team_slave_0 added
[  182.777227][ T7987] team0: Port device team_slave_1 added
[  182.951468][ T7987] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.965967][ T7987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  183.021625][ T7987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  183.055438][ T7987] batman_adv: batadv0: Adding interface: batadv_slave_1
[  183.062559][ T5961] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  183.078478][ T7987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  183.104841][ T7987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  183.212203][ T7987] hsr_slave_0: entered promiscuous mode
[  183.222721][ T5961] usb 4-1: Using ep0 maxpacket: 8
[  183.237501][ T5961] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  183.246452][ T7987] hsr_slave_1: entered promiscuous mode
[  183.254988][ T5961] usb 4-1: config 179 has no interface number 0
[  183.261380][ T7987] debugfs: 'hsr0' already exists in 'hsr'
[  183.268007][ T5961] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  183.281468][ T7987] Cannot create hsr debugfs directory
[  183.294316][ T5961] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  183.319203][ T5961] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  183.330105][ T5961] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  183.370390][ T5961] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  183.390145][ T5961] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.417731][ T8033] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  183.689156][ T5961] usb 4-1: USB disconnect, device number 9
[  183.978066][ T7987] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  184.006541][ T8049] netlink: 'syz.2.722': attribute type 1 has an invalid length.
[  184.012034][ T7987] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  184.062500][ T7987] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  184.132699][ T8054] netlink: 28 bytes leftover after parsing attributes in process `syz.2.722'.
[  184.314630][ T8050] 8021q: adding VLAN 0 to HW filter on device bond4
[  184.343753][ T8050] bond3: (slave bond4): making interface the new active one
[  184.365095][ T8050] bond3: (slave bond4): Enslaving as an active interface with an up link
[  184.385686][ T7987] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  184.709062][ T7987] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.712780][ T5821] Bluetooth: hci5: command tx timeout
[  184.791892][ T7987] 8021q: adding VLAN 0 to HW filter on device team0
[  184.810160][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.817353][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.874648][ T8085] 9p: Bad value for 'rfdno'
[  184.939155][ T8087] loop3: detected capacity change from 0 to 128
[  184.954520][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.961724][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.990772][ T8087] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  185.100800][ T8087] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  185.527488][ T7987] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.025453][ T8108] loop3: detected capacity change from 0 to 2048
[  186.055704][ T8108] udf: Bad value for 'volume'
[  186.833398][ T5821] Bluetooth: hci5: command tx timeout
[  187.664933][ T7987] veth0_vlan: entered promiscuous mode
[  187.678533][ T7987] veth1_vlan: entered promiscuous mode
[  187.780895][ T7987] veth0_macvtap: entered promiscuous mode
[  187.808506][ T7987] veth1_macvtap: entered promiscuous mode
[  187.831810][ T7987] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.853013][ T7987] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.938117][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.964690][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.982777][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.015368][ T6721] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.212390][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.242215][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.353461][ T8136] syzkaller0: entered promiscuous mode
[  188.356413][ T6721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.383111][ T6721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.390560][ T8136] syzkaller0: entered allmulticast mode
[  189.654287][ T5821] Bluetooth: hci5: command tx timeout
[  189.899850][ T8157] 9p: Bad value for 'rfdno'
[  189.984363][  T794] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  190.179256][ T8168] netlink: 8 bytes leftover after parsing attributes in process `syz.6.760'.
[  190.188725][ T8168] netlink: 8 bytes leftover after parsing attributes in process `syz.6.760'.
[  190.201483][  T794] usb 3-1: Using ep0 maxpacket: 8
[  190.391905][ T8176] loop3: detected capacity change from 0 to 512
[  190.400651][ T8168] netlink: 'syz.6.760': attribute type 1 has an invalid length.
[  190.427756][  T794] usb 3-1: config 0 has an invalid interface number: 144 but max is 0
[  190.436004][  T794] usb 3-1: config 0 has no interface number 0
[  190.442112][  T794] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0512, bcdDevice=ce.e9
[  190.451186][  T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.462764][  T794] usb 3-1: config 0 descriptor??
[  190.475166][ T8168] netlink: 224 bytes leftover after parsing attributes in process `syz.6.760'.
[  190.488231][ T8176] EXT4-fs (loop3): blocks per group (255) and clusters per group (8192) inconsistent
[  191.235262][  T794] qmi_wwan 3-1:0.144: probe with driver qmi_wwan failed with error -22
[  191.296795][  T794] usb 3-1: USB disconnect, device number 22
[  191.494360][ T8184] loop6: detected capacity change from 0 to 736
[  191.626007][ T8184] rock: directory entry would overflow storage
[  191.640300][ T8184] rock: sig=0x3b10, size=4, remaining=3
[  191.847747][ T8190] loop3: detected capacity change from 0 to 512
[  191.883814][ T8190] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  192.033886][ T8194] 9p: Bad value for 'rfdno'
[  193.057980][ T8209] netlink: 8 bytes leftover after parsing attributes in process `syz.6.777'.
[  193.099137][ T8209] netlink: 8 bytes leftover after parsing attributes in process `syz.6.777'.
[  193.126678][ T8211] loop3: detected capacity change from 0 to 128
[  193.208599][ T8209] netlink: 'syz.6.777': attribute type 1 has an invalid length.
[  193.234106][ T8209] netlink: 224 bytes leftover after parsing attributes in process `syz.6.777'.
[  193.651558][ T8226] loop3: detected capacity change from 0 to 128
[  193.726837][ T8226] FAT-fs (loop3): bogus number of reserved sectors
[  193.743480][ T8232] 9p: Bad value for 'rfdno'
[  193.754446][ T8226] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  193.805063][ T8226] FAT-fs (loop3): Can't find a valid FAT filesystem
[  193.993454][ T8236] xt_hashlimit: size too large, truncated to 1048576
[  194.020592][ T8236] xt_hashlimit: max too large, truncated to 1048576
[  194.163958][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  194.242581][ T5961] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  194.320095][ T8246] loop3: detected capacity change from 0 to 1024
[  194.424503][ T5961] usb 3-1: Using ep0 maxpacket: 8
[  194.438270][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.5.792'.
[  194.447500][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.5.792'.
[  194.467101][ T5961] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  194.533530][ T5961] usb 3-1: config 179 has no interface number 0
[  194.539816][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  194.596034][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  194.654550][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  194.682481][ T5961] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  194.705561][ T5961] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  194.767897][ T5961] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  194.787207][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.826685][ T8238] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  194.834215][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  194.888731][ T5961] xpad 3-1:179.65: probe with driver xpad failed with error -5
[  195.012901][   T24] usb 7-1: Using ep0 maxpacket: 8
[  195.022911][   T24] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[  195.039713][   T24] usb 7-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  195.068563][   T24] usb 7-1: config 0 has no interface number 0
[  195.075833][   T24] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  195.092714][   T24] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  195.100345][ T5893] usb 3-1: USB disconnect, device number 23
[  195.104031][ T5961] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  195.121502][   T24] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  195.158117][   T24] usb 7-1: config 0 interface 52 has no altsetting 0
[  195.166721][   T24] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  195.183068][   T24] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  195.202648][   T24] usb 7-1: Manufacturer: syz
[  195.223093][   T24] usb 7-1: config 0 descriptor??
[  195.244958][   T24] hub 7-1:0.52: bad descriptor, ignoring hub
[  195.250968][   T24] hub 7-1:0.52: probe with driver hub failed with error -5
[  195.304816][ T5961] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  195.333785][ T5961] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  195.360955][ T5961] usb 4-1: config 220 has no interface number 2
[  195.372429][ T5961] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  195.402402][ T5961] usb 4-1: config 220 interface 0 has no altsetting 0
[  195.419371][ T5961] usb 4-1: config 220 interface 76 has no altsetting 0
[  195.447978][ T5961] usb 4-1: config 220 interface 1 has no altsetting 0
[  195.460275][   T24] input: syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input20
[  195.483238][ T5961] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  195.505743][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.542506][ T5961] usb 4-1: Product: syz
[  195.546799][ T5961] usb 4-1: Manufacturer: syz
[  195.551397][ T5961] usb 4-1: SerialNumber: syz
[  195.788599][   T24] usb 7-1: USB disconnect, device number 2
[  195.824524][ T8258] loop3: detected capacity change from 0 to 256
[  195.876213][ T8258] exfat: Bad value for 'time_offset'
[  195.946993][ T5961] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  195.989305][ T5961] uvcvideo 4-1:220.0: No valid video chain found.
[  196.019738][ T5961] usb 4-1: selecting invalid altsetting 0
[  196.089590][ T5961] usb 4-1: selecting invalid altsetting 0
[  196.116458][ T5961] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  196.188104][ T5961] usb 4-1: USB disconnect, device number 10
[  196.236549][ T5829] Bluetooth: hci3: command 0x0406 tx timeout
[  196.243799][ T5825] Bluetooth: hci1: command 0x0406 tx timeout
[  196.250797][ T5825] Bluetooth: hci2: command 0x0406 tx timeout
[  196.258005][ T5825] Bluetooth: hci0: command 0x0406 tx timeout
[  196.429121][ T8295] loop6: detected capacity change from 0 to 1024
[  196.737103][ T3540] hfsplus: b-tree write err: -5, ino 8
[  196.902576][ T8304] loop6: detected capacity change from 0 to 1024
[  196.942433][ T5902] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  197.125023][ T3501] hfsplus: b-tree write err: -5, ino 4
[  197.134484][ T5902] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  197.164467][ T5902] usb 4-1: config 0 has no interface number 0
[  197.170579][ T5902] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  197.212179][ T5902] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  197.230221][ T5902] usb 4-1: config 0 interface 255 has no altsetting 0
[  197.237609][ T5902] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  197.246979][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.259090][ T5902] usb 4-1: config 0 descriptor??
[  197.268184][ T5902] ums-realtek 4-1:0.255: USB Mass Storage device detected
[  197.449461][ T8320] loop2: detected capacity change from 0 to 512
[  197.457774][ T8320] EXT4-fs: Ignoring removed orlov option
[  197.496190][ T8320] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002]
[  197.525098][ T8320] System zones: 1-12
[  197.552833][ T5902] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  197.572920][ T8320] EXT4-fs error (device loop2): ext4_iget_extra_inode:5079: inode #15: comm syz.2.819: corrupted in-inode xattr: e_value size too large
[  197.607999][ T8320] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.819: couldn't read orphan inode 15 (err -117)
[  197.665667][ T8320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.722249][ T8320] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.819: bg 0: block 424: padding at end of block bitmap is not set
[  197.762371][ T5902] usb 7-1: Using ep0 maxpacket: 8
[  197.778411][ T5902] usb 7-1: unable to get BOS descriptor or descriptor too short
[  197.798497][ T5902] usb 7-1: config 8 has an invalid interface number: 176 but max is 0
[  197.812682][ T5902] usb 7-1: config 8 has no interface number 0
[  197.820281][ T5902] usb 7-1: config 8 interface 176 has no altsetting 0
[  197.830585][ T5902] usb 7-1: New USB device found, idVendor=0bc2, idProduct=3332, bcdDevice=7a.6c
[  197.840051][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.860094][ T5902] usb 7-1: Product: syz
[  197.872521][ T5902] usb 7-1: Manufacturer: syz
[  197.878497][ T5902] usb 7-1: SerialNumber: syz
[  197.891370][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.037481][ T5961] usb 4-1: USB disconnect, device number 11
[  198.068687][ T8330] loop2: detected capacity change from 0 to 512
[  198.128762][ T5902] usb-storage 7-1:8.176: USB Mass Storage device detected
[  198.133125][ T8330] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.319555][ T8330] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.358748][ T5902] usb-storage 7-1:8.176: Quirks match for vid 0bc2 pid 3332: 200
[  198.424129][ T5902] usb 7-1: USB disconnect, device number 3
[  198.837572][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.242651][ T5971] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  199.538512][ T5971] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  199.571754][ T5971] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.643514][ T5971] usb 7-1: config 0 descriptor??
[  199.660404][ T5971] cp210x 7-1:0.0: cp210x converter detected
[  199.746740][ T8358] loop3: detected capacity change from 0 to 128
[  199.765160][ T8354] netlink: 156 bytes leftover after parsing attributes in process `syz.2.831'.
[  199.766099][ T8358] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  199.788084][ T8354] netlink: 12 bytes leftover after parsing attributes in process `syz.2.831'.
[  199.835530][ T8358] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  200.456637][ T5971] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  200.504949][    T9] kernel write not supported for file /vcsa (pid: 9 comm: kworker/0:0)
[  200.521688][ T8347] loop6: detected capacity change from 0 to 2048
[  200.579189][ T8347] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  200.651442][ T5971] usb 7-1: cp210x converter now attached to ttyUSB0
[  200.850209][ T5971] usb 7-1: USB disconnect, device number 4
[  200.894152][ T5971] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  200.907737][ T8371] loop2: detected capacity change from 0 to 512
[  200.945885][ T8371] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  200.993230][ T5971] cp210x 7-1:0.0: device disconnected
[  201.036481][ T8371] EXT4-fs (loop2): 1 truncate cleaned up
[  201.078420][ T8371] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.164941][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  201.164958][   T30] audit: type=1800 audit(1762889846.059:261): pid=8371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.837" name="file1" dev="loop2" ino=15 res=0 errno=0
[  201.207890][ T8382] loop3: detected capacity change from 0 to 1024
[  201.216021][ T8382] EXT4-fs: Ignoring removed nobh option
[  201.221601][ T8382] EXT4-fs: Ignoring removed bh option
[  201.301995][ T8382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.506398][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.528983][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.767336][ T8391] loop2: detected capacity change from 0 to 128
[  201.810270][ T8391] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  201.849067][ T8391] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  201.899295][ T8391] syz.2.843 (pid 8391) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  201.967093][ T8391] EXT4-fs (loop2): shut down requested (0)
[  201.982443][ T5961] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  201.996321][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  202.097716][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  202.145930][ T5961] usb 7-1: Using ep0 maxpacket: 16
[  202.199340][ T5961] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  202.292188][ T5961] usb 7-1: config 1 has no interface number 1
[  202.398484][ T5961] usb 7-1: config 1 interface 2 has no altsetting 0
[  202.541086][ T5961] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  202.688638][ T5961] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.694002][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  202.721834][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[  202.726836][ T5961] usb 7-1: Product: syz
[  202.740823][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.758471][ T5961] usb 7-1: Manufacturer: syz
[  202.772521][ T5961] usb 7-1: SerialNumber: syz
[  202.963042][    T9] usb 4-1: config 0 descriptor??
[  203.553817][    T9] logitech 0003:046D:C295.0005: unbalanced delimiter at end of report description
[  203.585159][    T9] logitech 0003:046D:C295.0005: parse failed
[  203.702007][    T9] logitech 0003:046D:C295.0005: probe with driver logitech failed with error -22
[  203.745204][ T5961] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  203.758887][ T5961] usb 7-1: selecting invalid altsetting 0
[  203.767567][ T5893] usb 4-1: USB disconnect, device number 12
[  203.783209][ T5961] usb 7-1: usbmixer: too many channels (44) in unit 6
[  203.864956][ T5961] usb 7-1: USB disconnect, device number 5
[  203.998308][ T8418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.853'.
[  204.003859][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  204.031980][ T8418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.853'.
[  205.847153][ T8446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.858'.
[  206.167127][ T8452] loop6: detected capacity change from 0 to 512
[  206.352454][ T8452] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.467106][ T8452] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.903527][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.162417][ T5971] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  208.352375][ T5971] usb 4-1: Using ep0 maxpacket: 8
[  208.394069][ T5971] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  208.402175][ T5971] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  208.442362][ T5971] usb 4-1: config 0 has no interface number 0
[  208.448506][ T5971] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  208.506342][ T5971] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  208.550657][ T5971] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  208.566821][ T8501] loop2: detected capacity change from 0 to 512
[  208.586126][ T5971] usb 4-1: config 0 interface 52 has no altsetting 0
[  208.611473][ T5971] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  208.620882][ T5971] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  208.642015][ T5971] usb 4-1: Manufacturer: syz
[  208.687734][ T5971] usb 4-1: config 0 descriptor??
[  208.724101][ T8501] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  208.738100][ T5971] hub 4-1:0.52: bad descriptor, ignoring hub
[  208.766647][ T5971] hub 4-1:0.52: probe with driver hub failed with error -5
[  208.790100][ T8501] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.129476][ T5971] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input21
[  209.956611][ T5971] usb 4-1: Failed to suspend device, error -71
[  209.976289][ T5971] usb 4-1: USB disconnect, device number 13
[  210.085241][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.318801][ T8530] loop2: detected capacity change from 0 to 1024
[  210.358074][ T8530] hfsplus: Filesystem is marked locked, mounting read-only.
[  210.447437][ T8530] hfsplus: filesystem is marked locked, leaving read-only.
[  210.529795][ T8535] fuse: Bad value for 'fd'
[  212.718117][ T8565] loop2: detected capacity change from 0 to 1024
[  212.794688][ T8569] loop6: detected capacity change from 0 to 8
[  212.816776][ T8565] hfsplus: extend alloc file! (16384,256,1048756)
[  212.877841][ T8569] SQUASHFS error: Failed to read block 0x260685: -5
[  212.928210][ T8569] SQUASHFS error: Unable to read metadata cache entry [260685]
[  212.937601][ T8569] SQUASHFS error: Unable to read directory block [260685:0]
[  213.003269][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  213.184635][    T9] usb 4-1: Using ep0 maxpacket: 8
[  213.213124][    T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  213.242041][    T9] usb 4-1: config 179 has no interface number 0
[  213.269239][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  213.311046][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  213.352149][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  213.389837][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  213.419160][    T9] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  213.892695][ T5961] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  214.103040][    T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  214.112115][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.123641][ T8570] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  214.161673][ T8591] 9p: Bad value for 'rfdno'
[  214.269651][ T5961] usb 3-1: Using ep0 maxpacket: 32
[  214.277299][ T5961] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  214.295187][ T5961] usb 3-1: config 0 has no interface number 0
[  214.301298][ T5961] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  214.347894][ T5961] usb 3-1: config 0 interface 85 has no altsetting 0
[  214.376159][ T5961] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  214.391514][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.422378][ T5961] usb 3-1: Product: syz
[  214.428939][ T5961] usb 3-1: Manufacturer: syz
[  214.442272][ T5961] usb 3-1: SerialNumber: syz
[  214.619998][ T5878] usb 4-1: USB disconnect, device number 14
[  214.620068][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  214.620119][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  214.650090][ T5961] usb 3-1: config 0 descriptor??
[  214.668266][ T8600] syz_tun: entered allmulticast mode
[  214.691605][ T8599] syz_tun: left allmulticast mode
[  215.435771][ T8605] loop6: detected capacity change from 0 to 1024
[  215.473725][ T8605] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  215.689487][ T8605] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  215.719861][ T8605] EXT4-fs (loop6): orphan cleanup on readonly fs
[  215.755217][ T5961] appletouch 3-1:0.85: Geyser mode initialized.
[  215.770348][ T8605] EXT4-fs error (device loop6): ext4_map_blocks:819: inode #3: block 3: comm syz.6.918: lblock 3 mapped to illegal pblock 3 (length 1)
[  215.793981][ T5961] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input22
[  215.840772][ T8605] Quota error (device loop6): write_blk: dquota write failed
[  215.887326][ T8605] Quota error (device loop6): find_free_dqentry: Can't write quota data block 3
[  216.004758][ T8605] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  216.042461][ T8605] EXT4-fs error (device loop6): ext4_acquire_dquot:6946: comm syz.6.918: Failed to acquire dquot type 0
[  216.046767][ T5961] usb 3-1: USB disconnect, device number 24
[  216.142723][ T8605] EXT4-fs error (device loop6): ext4_map_blocks:783: inode #3: block 3: comm syz.6.918: lblock 3 mapped to illegal pblock 3 (length 1)
[  216.164142][ T5961] appletouch 3-1:0.85: input: appletouch disconnected
[  216.188280][ T8605] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  216.220054][ T8605] EXT4-fs error (device loop6): ext4_acquire_dquot:6946: comm syz.6.918: Failed to acquire dquot type 0
[  216.241058][ T8605] EXT4-fs error (device loop6): ext4_free_blocks:6706: comm syz.6.918: Freeing blocks not in datazone - block = 0, count = 4096
[  216.267315][ T8605] EXT4-fs error (device loop6): ext4_map_blocks:783: inode #3: block 3: comm syz.6.918: lblock 3 mapped to illegal pblock 3 (length 1)
[  216.297469][ T8605] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  216.308045][ T8605] EXT4-fs error (device loop6): ext4_acquire_dquot:6946: comm syz.6.918: Failed to acquire dquot type 0
[  216.324540][ T8605] EXT4-fs (loop6): 1 orphan inode deleted
[  216.535127][ T8605] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  216.577215][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.444803][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'.
[  217.732537][ T5902] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  217.742378][ T5961] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  217.912553][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  217.917828][ T5961] usb 7-1: Using ep0 maxpacket: 8
[  217.925960][ T5902] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  217.942412][ T5961] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  217.961989][ T5902] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  217.974046][ T5961] usb 7-1: config 179 has no interface number 0
[  217.980329][ T5961] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  218.011737][ T5961] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  218.024284][ T5902] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  218.042548][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.060206][ T5961] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  218.071696][ T5902] usb 3-1: Product: syz
[  218.081811][ T5902] usb 3-1: Manufacturer: syz
[  218.086732][ T5961] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  218.098401][ T5902] usb 3-1: SerialNumber: syz
[  218.116726][ T5961] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  218.130253][ T5961] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  218.182770][ T5961] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.196338][ T8637] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  218.339493][ T5902] usb 3-1: 0:2 : does not exist
[  218.402867][ T5902] usb 3-1: USB disconnect, device number 25
[  218.584412][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  218.636162][ T5971] usb 7-1: USB disconnect, device number 6
[  218.636219][    C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  218.650571][    C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  219.619537][ T8681] loop6: detected capacity change from 0 to 512
[  219.657470][ T8681] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  219.842163][ T8681] EXT4-fs (loop6): orphan cleanup on readonly fs
[  219.860746][ T8681] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  219.875921][ T8681] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.945: corrupted inode contents
[  219.910574][ T8681] EXT4-fs error (device loop6): ext4_dirty_inode:6521: inode #11: comm syz.6.945: mark_inode_dirty error
[  219.943704][ T8681] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.945: invalid indirect mapped block 327680 (level 0)
[  219.960000][ T8681] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.945: corrupted inode contents
[  219.979821][ T8681] EXT4-fs error (device loop6) in ext4_orphan_del:301: Corrupt filesystem
[  219.990728][ T8681] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.945: corrupted inode contents
[  220.019577][ T8681] EXT4-fs error (device loop6): ext4_truncate:4641: inode #11: comm syz.6.945: mark_inode_dirty error
[  220.037324][ T8681] EXT4-fs error (device loop6) in ext4_process_orphan:343: Corrupt filesystem
[  220.055911][ T8681] EXT4-fs (loop6): 1 truncate cleaned up
[  220.075413][ T8681] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  220.488829][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.558798][ T8688] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'.
[  220.938930][ T5961] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  221.167340][ T5961] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4
[  221.246050][ T5961] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  221.552268][ T5961] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  221.638799][ T5961] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  221.667818][ T5961] usb 4-1: SerialNumber: syz
[  221.699873][ T5961] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  221.719569][ T5961] usb-storage 4-1:1.0: USB Mass Storage device detected
[  221.743245][ T5961] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  221.937669][ T5961] usb 4-1: USB disconnect, device number 15
[  222.094049][ T8722] loop6: detected capacity change from 0 to 164
[  222.130604][ T8722] rock: directory entry would overflow storage
[  222.179806][ T8722] rock: sig=0x5252, size=5, remaining=3
[  223.492390][ T5902] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  223.925467][ T8760] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  223.947084][ T8772] loop6: detected capacity change from 0 to 256
[  224.026591][ T8764] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  224.063768][ T5902] usb 3-1: unable to get BOS descriptor or descriptor too short
[  224.102996][ T5902] usb 3-1: unable to read config index 0 descriptor/start: -71
[  224.110637][ T5902] usb 3-1: can't read configurations, error -71
[  224.462407][ T5971] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  225.162410][ T5971] usb 4-1: Using ep0 maxpacket: 32
[  225.185789][ T5971] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.383193][ T5971] usb 4-1: config 0 has no interfaces?
[  225.391908][ T5971] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  225.401874][ T5971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.423854][ T5971] usb 4-1: Product: syz
[  225.428033][ T5971] usb 4-1: Manufacturer: syz
[  225.441329][ T5971] usb 4-1: SerialNumber: syz
[  225.450066][ T5971] usb 4-1: config 0 descriptor??
[  226.220569][ T8782] loop6: detected capacity change from 0 to 32768
[  226.274492][ T5832]  loop6: p1 p2 p3 < p5 p6 >
[  226.291329][ T5832] loop6: p2 size 16775168 extends beyond EOD, truncated
[  226.321594][ T5832] loop6: p5 start 4294970168 is beyond EOD, truncated
[  226.357039][ T8782]  loop6: p1 p2 p3 < p5 p6 >
[  226.364307][ T8782] loop6: p2 size 16775168 extends beyond EOD, truncated
[  226.375019][ T8782] loop6: p5 start 4294970168 is beyond EOD, truncated
[  226.525965][   T30] audit: type=1326 audit(1762890127.420:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8814 comm="syz.0.1002" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x0
[  227.039253][ T5971] kernel write not supported for file bpf-prog (pid: 5971 comm: kworker/0:7)
[  227.272809][ T5961] usb 4-1: USB disconnect, device number 16
[  227.299694][ T5994] udevd[5994]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  227.300603][ T5832] udevd[5832]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  227.322544][ T5964] udevd[5964]: inotify_add_watch(7, /dev/loop6p6, 10) failed: No such file or directory
[  227.333693][ T5986] udevd[5986]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  227.452640][ T5902] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  227.492494][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  227.782399][ T5902] usb 3-1: Using ep0 maxpacket: 32
[  227.789084][ T5902] usb 3-1: config 0 has an invalid interface number: 240 but max is 0
[  227.802368][   T24] usb 7-1: Using ep0 maxpacket: 8
[  227.812892][ T5902] usb 3-1: config 0 has no interface number 0
[  227.819056][ T5902] usb 3-1: config 0 interface 240 has no altsetting 0
[  228.331666][   T24] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[  228.353613][ T5902] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=19.6f
[  228.362894][   T24] usb 7-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  228.394077][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.402944][   T24] usb 7-1: config 0 has no interface number 0
[  228.422523][ T5902] usb 3-1: Product: syz
[  228.428959][   T24] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  228.462020][ T5902] usb 3-1: Manufacturer: syz
[  228.466928][ T5902] usb 3-1: SerialNumber: syz
[  228.475961][   T24] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  228.515516][ T5902] usb 3-1: config 0 descriptor??
[  228.562613][   T24] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.607680][   T24] usb 7-1: config 0 interface 52 has no altsetting 0
[  228.626219][   T24] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  228.658425][   T24] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  228.682637][   T24] usb 7-1: Manufacturer: syz
[  228.698828][   T24] usb 7-1: config 0 descriptor??
[  228.729751][   T24] hub 7-1:0.52: bad descriptor, ignoring hub
[  228.756256][   T24] hub 7-1:0.52: probe with driver hub failed with error -5
[  228.769598][ T5902] usb 3-1: Invalid firmware size=18.
[  228.782877][ T5902] usb 3-1: USB disconnect, device number 28
[  228.962813][   T24] input: syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input23
[  229.253011][ T5971] usb 7-1: USB disconnect, device number 7
[  229.920712][ T8871] loop2: detected capacity change from 0 to 1024
[  230.284815][ T8871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.454054][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.031556][ T8903] loop2: detected capacity change from 0 to 512
[  232.077780][ T5821] Bluetooth: hci4: command 0x0406 tx timeout
[  232.087563][ T8903] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  232.786740][ T8910] capability: warning: `syz.5.1032' uses 32-bit capabilities (legacy support in use)
[  233.153081][ T8912] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  233.272464][  T794] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  233.464327][  T794] usb 4-1: config 0 has an invalid interface number: 129 but max is 2
[  233.482935][  T794] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  233.506792][  T794] usb 4-1: config 0 has no interface number 0
[  233.532369][  T794] usb 4-1: config 0 interface 129 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.572365][  T794] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  233.601798][  T794] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.633468][  T794] usb 4-1: config 0 descriptor??
[  233.970095][ T8923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1039'.
[  233.977930][ T8927] kvm: Disabled LAPIC found during irq injection
[  234.028491][ T8923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1039'.
[  234.112694][  T794] usbhid 4-1:0.129: can't add hid device: -71
[  234.129085][  T794] usbhid 4-1:0.129: probe with driver usbhid failed with error -71
[  234.183141][  T794] usb 4-1: USB disconnect, device number 17
[  234.301603][ T8933] loop6: detected capacity change from 0 to 1024
[  234.325962][ T8933] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  234.342883][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  234.360513][ T8933] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  234.397713][ T8933] EXT4-fs (loop6): orphan cleanup on readonly fs
[  234.405586][ T8933] EXT4-fs error (device loop6): ext4_free_blocks:6706: comm syz.6.1042: Freeing blocks not in datazone - block = 0, count = 4096
[  234.426326][ T8933] EXT4-fs (loop6): 1 orphan inode deleted
[  234.443772][ T8933] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  234.626648][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.645779][    T9] usb 3-1: Using ep0 maxpacket: 8
[  235.183212][    T9] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  235.260373][ T8942] loop3: detected capacity change from 0 to 736
[  235.293381][ T8942] iso9660: Bad value for 'mode'
[  235.321065][    T9] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  235.332750][    T9] usb 3-1: config 0 has no interface number 0
[  235.339428][    T9] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  235.350580][    T9] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  235.384844][    T9] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  235.422541][    T9] usb 3-1: config 0 interface 52 has no altsetting 0
[  235.461451][    T9] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  235.502360][    T9] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  235.542460][    T9] usb 3-1: Manufacturer: syz
[  235.572941][    T9] usb 3-1: config 0 descriptor??
[  235.594085][    T9] hub 3-1:0.52: bad descriptor, ignoring hub
[  235.608977][    T9] hub 3-1:0.52: probe with driver hub failed with error -5
[  235.613874][ T8951] loop6: detected capacity change from 0 to 1024
[  235.637044][ T8953] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1051'.
[  235.653963][ T8951] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  235.783193][ T8951] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.895522][    T9] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input24
[  235.908425][   T30] audit: type=1804 audit(1762890136.810:263): pid=8951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1050" name="/newroot/46/bus/bus" dev="loop6" ino=18 res=1 errno=0
[  236.064398][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.142692][    T9] usb 3-1: USB disconnect, device number 29
[  237.523203][ T8984] 9p: Bad value for 'wfdno'
[  237.582550][  T794] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  237.783993][  T794] usb 3-1: Using ep0 maxpacket: 16
[  238.253286][   T24] usb 4-1: new low-speed USB device number 18 using dummy_hcd
[  238.339140][ T8998] loop6: detected capacity change from 0 to 2048
[  238.395845][  T794] usb 3-1: unable to get BOS descriptor or descriptor too short
[  238.428842][  T794] usb 3-1: unable to read config index 0 descriptor/start: -71
[  238.440637][ T8998] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.453018][  T794] usb 3-1: can't read configurations, error -71
[  238.483731][ T8998] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.585453][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.644125][   T30] audit: type=1800 audit(1762890139.540:264): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1070" name="file1" dev="tmpfs" ino=1102 res=0 errno=0
[  238.882367][   T30] audit: type=1800 audit(1762890139.780:265): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1074" name="file1" dev="tmpfs" ino=1365 res=0 errno=0
[  238.919821][ T9014] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1071'.
[  238.941648][ T9014] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1071'.
[  238.984027][ T9014] netlink: 'syz.6.1071': attribute type 1 has an invalid length.
[  238.993767][ T9014] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1071'.
[  239.252380][   T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  239.443553][   T24] usb 4-1: Using ep0 maxpacket: 32
[  239.471720][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.541554][   T24] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  239.557567][   T24] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  239.566846][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.600990][   T24] usb 4-1: Product: syz
[  239.613658][   T24] usb 4-1: Manufacturer: syz
[  239.630122][   T24] usb 4-1: SerialNumber: syz
[  239.833046][   T24] usb 4-1: config 0 descriptor??
[  240.849562][  T794] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  241.112409][  T794] usb 3-1: Using ep0 maxpacket: 8
[  241.154404][  T794] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  241.162875][  T794] usb 3-1: config 179 has no interface number 0
[  241.169154][  T794] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  241.223601][  T794] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  241.262457][  T794] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  241.292573][  T794] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  241.312654][  T794] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  241.341612][  T794] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  241.350756][  T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.375636][ T9056] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  241.778063][    T9] usb 4-1: USB disconnect, device number 19
[  241.840471][ T5893] usb 3-1: USB disconnect, device number 32
[  241.840521][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  241.854802][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  242.604456][ T9089] syzkaller0: entered promiscuous mode
[  242.609951][ T9089] syzkaller0: entered allmulticast mode
[  243.975953][ T9114] loop3: detected capacity change from 0 to 512
[  244.046127][ T9114] EXT4-fs (loop3): Test dummy encryption mode enabled
[  244.063309][ T9114] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  244.141512][ T9114] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1112: bad orphan inode 131083
[  244.214258][ T9114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.226369][ T9121] loop2: detected capacity change from 0 to 128
[  244.317025][ T9114] EXT4-fs error (device loop3): ext4_find_dest_de:2052: inode #2: block 13: comm syz.3.1112: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  245.239887][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.714774][ T9176] loop6: detected capacity change from 0 to 512
[  246.745617][ T9176] EXT4-fs: Ignoring removed bh option
[  246.801310][ T9176] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  246.810994][   T30] audit: type=1326 audit(1762890147.710:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  246.833949][ T9176] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  246.841513][ T9178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1136'.
[  246.882423][   T30] audit: type=1326 audit(1762890147.770:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  246.918694][ T9176] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended
[  246.955203][ T9178] netlink: 'syz.2.1136': attribute type 1 has an invalid length.
[  246.965979][ T9180] futex_wake_op: syz.5.1138 tries to shift op by -1; fix this program
[  246.995554][ T9178] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1136'.
[  247.017656][ T9176] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  247.051073][   T30] audit: type=1326 audit(1762890147.820:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.064483][ T9176] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.073958][   T30] audit: type=1326 audit(1762890147.820:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.108308][   T30] audit: type=1326 audit(1762890147.820:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.130681][   T30] audit: type=1326 audit(1762890147.840:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.671320][   T30] audit: type=1326 audit(1762890147.840:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.704234][   T30] audit: type=1326 audit(1762890147.840:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.730939][   T30] audit: type=1326 audit(1762890147.870:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.757102][ T9176] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1135: bg 0: block 353: padding at end of block bitmap is not set
[  247.799564][   T30] audit: type=1326 audit(1762890147.870:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.5.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  247.957534][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.970700][ T9195] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  248.272427][ T9211] dummy0: entered allmulticast mode
[  248.459670][ T9211] dummy0: left allmulticast mode
[  249.702670][ T9206] loop3: detected capacity change from 0 to 32768
[  249.730195][ T9228] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1153'.
[  249.739778][ T9228] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1153'.
[  249.767562][ T9228] netlink: 'syz.6.1153': attribute type 1 has an invalid length.
[  249.790399][ T9228] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1153'.
[  249.805630][ T5994]  loop3: p1 p2 p3 < p5 p6 >
[  249.813568][ T9237] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  249.863750][ T5994] loop3: p2 size 16775168 extends beyond EOD, truncated
[  249.882394][ T5994] loop3: p5 start 4294970168 is beyond EOD, truncated
[  249.921321][ T9237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1156'.
[  249.931785][ T9206]  loop3: p1 p2 p3 < p5 p6 >
[  249.946956][ T9206] loop3: p2 size 16775168 extends beyond EOD, truncated
[  249.967643][ T9237] hsr_slave_0: left promiscuous mode
[  249.977306][ T9206] loop3: p5 start 4294970168 is beyond EOD, truncated
[  250.003519][ T9237] hsr_slave_1: left promiscuous mode
[  250.160932][ T9246] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  250.193934][ T9246] syzkaller0: entered promiscuous mode
[  250.199429][ T9246] syzkaller0: entered allmulticast mode
[  250.730130][ T5832] udevd[5832]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  250.736178][ T5986] udevd[5986]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  250.754235][ T5964] udevd[5964]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  250.765600][ T5994] udevd[5994]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  250.779571][ T9259] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1166'.
[  251.061495][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1170'.
[  251.156236][ T9272] loop3: detected capacity change from 0 to 2048
[  251.173534][ T9272] udf: Bad value for 'volume'
[  251.792773][ T9278] loop2: detected capacity change from 0 to 1024
[  251.810629][ T9278] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  251.821950][ T9278] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  251.858786][ T9278] JBD2: no valid journal superblock found
[  251.864670][ T9278] EXT4-fs (loop2): Could not load journal inode
[  252.060953][   T30] kauditd_printk_skb: 88 callbacks suppressed
[  252.060971][   T30] audit: type=1326 audit(1762890408.961:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.172378][   T30] audit: type=1326 audit(1762890408.961:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.232493][ T5145] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  252.238935][ T5821] Bluetooth: hci6: command 0x1003 tx timeout
[  252.247692][   T30] audit: type=1326 audit(1762890408.961:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.323513][   T30] audit: type=1326 audit(1762890408.961:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.346883][   T30] audit: type=1326 audit(1762890408.961:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.372762][   T30] audit: type=1326 audit(1762890408.961:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.396836][   T30] audit: type=1326 audit(1762890408.961:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.422362][   T30] audit: type=1326 audit(1762890408.961:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.465710][   T30] audit: type=1326 audit(1762890408.961:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  252.655783][   T30] audit: type=1326 audit(1762890409.551:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.6.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  252.747430][ T9294] mmap: syz.2.1177 (9294) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  253.148330][ T9296] loop6: detected capacity change from 0 to 2048
[  253.244618][ T9296] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.368878][ T9296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.403510][ T9308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1185'.
[  253.411033][ T9296] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.440806][ T9296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.462581][ T9296] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.535699][ T9312] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  253.545195][ T9312] syzkaller0: entered promiscuous mode
[  253.550667][ T9312] syzkaller0: entered allmulticast mode
[  253.663653][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.702381][    T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  253.902611][    T9] usb 4-1: Using ep0 maxpacket: 16
[  253.922622][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  254.504032][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  254.517153][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  254.524059][ T9324] 9p: Bad value for 'wfdno'
[  254.527011][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.582437][    T9] usb 4-1: Product: syz
[  254.586612][    T9] usb 4-1: Manufacturer: syz
[  254.591207][    T9] usb 4-1: SerialNumber: syz
[  254.687092][ T9327] tipc: Failed to obtain node identity
[  254.722682][ T9327] tipc: Enabling of bearer <ib:team0> rejected, failed to enable media
[  254.884505][    T9] usb 4-1: 0:2 : does not exist
[  254.924345][    T9] usb 4-1: USB disconnect, device number 20
[  254.965797][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  255.601736][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  255.796621][ T9361] netlink: 'syz.5.1206': attribute type 1 has an invalid length.
[  255.911100][ T9361] 8021q: adding VLAN 0 to HW filter on device bond1
[  256.058756][ T9372] 9p: Bad value for 'version'
[  256.067084][ T9365] vlan2: entered promiscuous mode
[  256.072135][ T9365] bond1: entered promiscuous mode
[  256.163294][ T9365] vlan2: entered allmulticast mode
[  256.168452][ T9365] bond1: entered allmulticast mode
[  256.500640][ T9361] bond1: (slave gretap1): making interface the new active one
[  256.521911][ T9361] gretap1: entered promiscuous mode
[  256.538902][ T9361] gretap1: entered allmulticast mode
[  256.565266][ T9361] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  256.708359][  T794] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  256.854671][  T794] usb 4-1: device descriptor read/64, error -71
[  257.122429][  T794] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  257.834430][  T794] usb 4-1: device descriptor read/64, error -71
[  257.964797][  T794] usb usb4-port1: attempt power cycle
[  258.032593][ T5961] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  258.198524][ T5961] usb 3-1: Using ep0 maxpacket: 8
[  258.219698][ T5961] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  258.258929][ T5961] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  258.289272][ T5961] usb 3-1: config 0 has no interface number 0
[  258.322551][ T5961] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9
[  258.344194][  T794] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  258.366081][ T5961] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024
[  258.397227][  T794] usb 4-1: device descriptor read/8, error -71
[  258.414210][ T5961] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  258.449083][ T5961] usb 3-1: config 0 interface 52 has no altsetting 0
[  258.485709][ T5961] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  258.495413][ T5961] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  258.521255][ T5961] usb 3-1: Manufacturer: syz
[  258.557466][ T5961] usb 3-1: config 0 descriptor??
[  258.595924][ T5961] hub 3-1:0.52: bad descriptor, ignoring hub
[  258.631443][ T5961] hub 3-1:0.52: probe with driver hub failed with error -5
[  258.654721][  T794] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  258.706064][  T794] usb 4-1: device descriptor read/8, error -71
[  258.756179][ T9423] netlink: 'syz.6.1226': attribute type 10 has an invalid length.
[  258.793860][ T9423] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.801838][ T9423] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.819477][  T794] usb usb4-port1: unable to enumerate USB device
[  258.852937][ T5961] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input25
[  258.881037][ T9423] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.888329][ T9423] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.897889][ T9423] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.905117][ T9423] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.957363][ T9423] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  259.142673][ T5893] usb 3-1: USB disconnect, device number 33
[  259.281195][ T9430] IPv6: NLM_F_CREATE should be specified when creating new route
[  259.618922][ T9438] xt_hashlimit: max too large, truncated to 1048576
[  259.645706][ T9438] xt_CT: You must specify a L4 protocol and not use inversions on it
[  259.710665][   T30] kauditd_printk_skb: 69 callbacks suppressed
[  259.710680][   T30] audit: type=1326 audit(1762890672.607:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  259.797538][   T30] audit: type=1326 audit(1762890672.607:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  259.836654][ T9442] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  259.867435][ T9442] syzkaller0: entered promiscuous mode
[  259.885842][   T30] audit: type=1326 audit(1762890672.607:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  259.890021][ T9442] syzkaller0: entered allmulticast mode
[  259.958102][   T30] audit: type=1326 audit(1762890672.607:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.016762][   T30] audit: type=1326 audit(1762890672.607:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.036049][ T9444] loop2: detected capacity change from 0 to 1024
[  260.060693][   T30] audit: type=1326 audit(1762890672.607:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.112916][ T9444] ext4: Bad value for 'barrier'
[  260.151860][   T30] audit: type=1326 audit(1762890672.607:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.210380][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1235'.
[  260.222406][   T30] audit: type=1326 audit(1762890672.607:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.242180][ T9449] netlink: 660 bytes leftover after parsing attributes in process `syz.2.1235'.
[  260.332771][   T30] audit: type=1326 audit(1762890672.607:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.422373][   T30] audit: type=1326 audit(1762890672.607:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9439 comm="syz.0.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  260.806233][ T5971] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  260.965810][ T5971] usb 7-1: unable to get BOS descriptor or descriptor too short
[  260.977858][ T5971] usb 7-1: not running at top speed; connect to a high speed hub
[  261.006832][ T5971] usb 7-1: too many endpoints for config 1 interface 1 altsetting 6: 198, using maximum allowed: 30
[  261.034942][ T5971] usb 7-1: config 1 interface 1 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 198
[  261.067158][ T9444] infiniband syû: set active
[  261.074515][ T5971] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 251, changing to 4
[  261.086030][ T9444] infiniband syû: added bond_slave_0
[  261.092798][ T5971] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 1023
[  261.107785][ T9444] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  261.115630][ T9444] infiniband syû: Couldn't open port 1
[  261.130043][ T5971] usb 7-1: config 1 interface 1 has no altsetting 2
[  261.142032][ T5971] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  261.153955][ T5971] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.175144][ T5971] usb 7-1: Product: syz
[  261.185266][ T5971] usb 7-1: Manufacturer: syz
[  261.194578][ T5971] usb 7-1: SerialNumber: syz
[  261.224508][ T9444] RDS/IB: syû: added
[  261.228996][ T9444] smc: adding ib device syû with port count 1
[  261.240423][ T9444] smc:    ib device syû port 1 has no pnetid
[  261.441827][ T5971] usb 7-1: 2:1 : unsupported format bits 0x40
[  261.524138][ T5971] usb 7-1: USB disconnect, device number 8
[  261.721784][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  262.583254][ T9484] netlink: 'syz.6.1251': attribute type 10 has an invalid length.
[  263.144727][ T9484] team0: Port device netdevsim0 added
[  263.349808][ T9490] loop6: detected capacity change from 0 to 512
[  263.469145][ T9490] EXT4-fs error (device loop6): ext4_orphan_get:1418: comm syz.6.1253: bad orphan inode 11862016
[  263.525202][ T9490] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  263.562160][ T9490] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.742452][ T5971] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  263.951815][ T5971] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  264.331332][ T5971] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  264.579094][ T5971] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  264.611269][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  264.625835][ T5971] usb 4-1: SerialNumber: syz
[  264.679159][ T5971] usb 4-1: bad CDC descriptors
[  264.746041][ T5971] usb-storage 4-1:1.0: USB Mass Storage device detected
[  264.781031][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  264.782385][ T5971] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  264.978090][ T5971] usb 4-1: USB disconnect, device number 25
[  265.217356][ T9517] loop6: detected capacity change from 0 to 512
[  265.233240][ T9517] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  265.272640][ T9517] EXT4-fs (loop6): orphan cleanup on readonly fs
[  265.281925][ T9517] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  265.297664][ T9517] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1258: corrupted inode contents
[  265.313372][ T9517] EXT4-fs error (device loop6): ext4_dirty_inode:6521: inode #11: comm syz.6.1258: mark_inode_dirty error
[  265.333471][ T9517] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.1258: invalid indirect mapped block 327680 (level 0)
[  265.348682][ T9517] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1258: corrupted inode contents
[  265.378553][ T9517] EXT4-fs error (device loop6) in ext4_orphan_del:301: Corrupt filesystem
[  265.388744][ T9517] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1258: corrupted inode contents
[  265.408477][ T9517] EXT4-fs error (device loop6): ext4_truncate:4641: inode #11: comm syz.6.1258: mark_inode_dirty error
[  265.421193][ T9517] EXT4-fs error (device loop6) in ext4_process_orphan:343: Corrupt filesystem
[  265.432144][ T9517] EXT4-fs (loop6): 1 truncate cleaned up
[  265.467810][ T9517] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  265.981848][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.993876][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  265.993892][   T30] audit: type=1326 audit(1762890678.897:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.102402][   T30] audit: type=1326 audit(1762890678.927:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.185851][   T30] audit: type=1326 audit(1762890678.927:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.252770][   T30] audit: type=1326 audit(1762890678.927:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.355969][   T30] audit: type=1326 audit(1762890678.927:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.442412][   T30] audit: type=1326 audit(1762890678.927:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.442456][ T5893] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  266.523956][   T30] audit: type=1326 audit(1762890678.927:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.584877][   T30] audit: type=1326 audit(1762890678.927:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.631369][   T30] audit: type=1326 audit(1762890678.927:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.663630][ T9530] binder: BINDER_SET_CONTEXT_MGR already set
[  266.669855][ T9530] binder: 9528:9530 ioctl 4018620d 200000004a80 returned -16
[  266.677353][ T5893] usb 7-1: Using ep0 maxpacket: 32
[  266.710029][   T30] audit: type=1326 audit(1762890678.927:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.0.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  266.715686][ T5893] usb 7-1: config 0 has an invalid interface number: 151 but max is 0
[  266.761005][ T5893] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.832372][ T5893] usb 7-1: config 0 has no interface number 0
[  266.839114][ T5893] usb 7-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  266.925458][ T5893] usb 7-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  266.942985][ T5893] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.975823][ T5893] usb 7-1: Product: syz
[  266.992421][ T5893] usb 7-1: Manufacturer: syz
[  267.023196][ T5893] usb 7-1: SerialNumber: syz
[  267.030510][ T5893] usb 7-1: config 0 descriptor??
[  267.546316][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  267.778111][ T5902] usb 7-1: USB disconnect, device number 9
[  267.847931][ T9540] loop3: detected capacity change from 0 to 512
[  267.908586][ T9540] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1268: bad orphan inode 11862016
[  267.938413][ T9540] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  267.951368][ T9540] ext4 filesystem being mounted at /236/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.429597][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  269.431843][ T5893] kernel write not supported for file bpf-map (pid: 5893 comm: kworker/0:5)
[  270.494694][ T9567] loop6: detected capacity change from 0 to 8192
[  271.078508][ T9577] loop6: detected capacity change from 0 to 512
[  271.133321][ T9577] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  271.231310][ T9577] EXT4-fs (loop6): orphan cleanup on readonly fs
[  271.247058][ T9577] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  271.261648][ T9577] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1279: corrupted inode contents
[  271.278123][ T9577] EXT4-fs error (device loop6): ext4_dirty_inode:6521: inode #11: comm syz.6.1279: mark_inode_dirty error
[  271.292406][ T9577] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.1279: invalid indirect mapped block 327680 (level 0)
[  271.317294][ T9577] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1279: corrupted inode contents
[  271.331306][ T9577] EXT4-fs error (device loop6) in ext4_orphan_del:301: Corrupt filesystem
[  271.349790][ T9577] EXT4-fs error (device loop6): ext4_do_update_inode:5636: inode #11: comm syz.6.1279: corrupted inode contents
[  271.367733][ T9577] EXT4-fs error (device loop6): ext4_truncate:4641: inode #11: comm syz.6.1279: mark_inode_dirty error
[  271.382153][ T9577] EXT4-fs error (device loop6) in ext4_process_orphan:343: Corrupt filesystem
[  271.395980][ T9577] EXT4-fs (loop6): 1 truncate cleaned up
[  271.414560][ T9577] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  271.834164][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.153763][ T9602] loop2: detected capacity change from 0 to 512
[  274.894566][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  274.894583][   T30] audit: type=1326 audit(1762890687.797:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.010376][   T30] audit: type=1326 audit(1762890687.827:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.113782][   T30] audit: type=1326 audit(1762890687.837:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.211084][   T30] audit: type=1326 audit(1762890687.847:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.263895][ T9627] loop2: detected capacity change from 0 to 128
[  275.280389][   T30] audit: type=1326 audit(1762890687.847:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.367999][   T30] audit: type=1326 audit(1762890687.847:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.411291][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.411291][ T9628] loop2: rw=1, sector=145, nr_sectors = 16 limit=128
[  275.430974][ T9629] loop6: detected capacity change from 0 to 512
[  275.556630][ T9629] process 'syz.6.1298' launched './file0' with NULL argv: empty string added
[  275.567557][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.567557][ T9628] loop2: rw=1, sector=169, nr_sectors = 8 limit=128
[  275.573359][   T30] audit: type=1326 audit(1762890687.847:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.671383][   T30] audit: type=1326 audit(1762890687.847:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.697503][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.697503][ T9628] loop2: rw=1, sector=185, nr_sectors = 8 limit=128
[  275.747266][   T30] audit: type=1326 audit(1762890687.847:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.802512][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.802512][ T9628] loop2: rw=1, sector=201, nr_sectors = 8 limit=128
[  275.822030][   T30] audit: type=1326 audit(1762890687.847:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.6.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  275.849587][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.849587][ T9628] loop2: rw=1, sector=217, nr_sectors = 8 limit=128
[  275.912580][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.912580][ T9628] loop2: rw=1, sector=233, nr_sectors = 8 limit=128
[  275.962468][ T9628] syz.2.1300: attempt to access beyond end of device
[  275.962468][ T9628] loop2: rw=1, sector=249, nr_sectors = 8 limit=128
[  276.022483][ T9628] syz.2.1300: attempt to access beyond end of device
[  276.022483][ T9628] loop2: rw=1, sector=265, nr_sectors = 8 limit=128
[  276.082688][ T9628] syz.2.1300: attempt to access beyond end of device
[  276.082688][ T9628] loop2: rw=1, sector=281, nr_sectors = 8 limit=128
[  276.122495][ T9628] syz.2.1300: attempt to access beyond end of device
[  276.122495][ T9628] loop2: rw=1, sector=297, nr_sectors = 8 limit=128
[  276.396041][ T9647] loop2: detected capacity change from 0 to 512
[  276.472397][ T9647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.548127][ T9647] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.565257][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.371850][ T9680] loop2: detected capacity change from 0 to 1024
[  278.565400][ T9680] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  278.866802][ T9680] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  279.090166][ T9680] JBD2: no valid journal superblock found
[  279.113911][ T9680] EXT4-fs (loop2): Could not load journal inode
[  279.344975][ T9686] loop6: detected capacity change from 0 to 128
[  279.424358][ T9686] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  279.494791][ T9686] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  279.618106][ T7987] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  279.629091][ T9690] netlink: 'syz.5.1321': attribute type 83 has an invalid length.
[  282.042628][ T9727] geneve2: entered promiscuous mode
[  282.047882][ T9727] geneve2: entered allmulticast mode
[  282.121345][ T9729] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1536) !
[  282.302153][   T30] kauditd_printk_skb: 96 callbacks suppressed
[  282.302170][   T30] audit: type=1326 audit(1762890951.199:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  282.804622][ T9738] netlink: 'syz.2.1343': attribute type 39 has an invalid length.
[  283.013962][   T30] audit: type=1326 audit(1762890951.329:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  283.037021][ T9737] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1343'.
[  283.109333][   T30] audit: type=1326 audit(1762890951.489:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  283.169248][   T30] audit: type=1326 audit(1762890951.519:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  284.200179][   T30] audit: type=1326 audit(1762890951.539:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  284.227145][   T30] audit: type=1326 audit(1762890951.599:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  285.002369][   T30] audit: type=1326 audit(1762890951.649:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  285.045930][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1346'.
[  285.169068][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1346'.
[  285.208378][   T30] audit: type=1326 audit(1762890951.789:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  285.231979][   T30] audit: type=1326 audit(1762890951.789:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  285.315343][   T30] audit: type=1326 audit(1762890951.789:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.5.1344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  285.933095][ T5821] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  285.943654][ T5821] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  285.954750][ T5821] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  285.965900][ T5821] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  285.974353][ T5821] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  286.492522][ T9763] syz.6.1353 (9763) used greatest stack depth: 17864 bytes left
[  287.032896][ T9778] netlink: 'syz.0.1359': attribute type 39 has an invalid length.
[  287.089655][ T9780] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1359'.
[  287.800771][ T9757] chnl_net:caif_netlink_parms(): no params data found
[  288.064408][ T9799] loop6: detected capacity change from 0 to 164
[  288.079548][ T5145] Bluetooth: hci6: command tx timeout
[  288.139713][ T9799] Unable to read rock-ridge attributes
[  288.195820][ T9799] Unable to read rock-ridge attributes
[  288.492121][ T9806] loop6: detected capacity change from 0 to 1024
[  288.535875][ T9806] EXT4-fs: Ignoring removed orlov option
[  288.652764][ T9806] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.813974][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  288.813991][   T30] audit: type=1800 audit(1762890957.719:678): pid=9806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1364" name="bus" dev="loop6" ino=18 res=0 errno=0
[  289.008078][ T7987] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.112638][ T9757] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.121518][ T9757] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.152686][ T9757] bridge_slave_0: entered allmulticast mode
[  289.199528][ T9757] bridge_slave_0: entered promiscuous mode
[  289.310273][ T9757] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.342478][ T9757] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.353112][ T9757] bridge_slave_1: entered allmulticast mode
[  289.360851][ T9757] bridge_slave_1: entered promiscuous mode
[  289.651849][ T9817] syzkaller0: entered promiscuous mode
[  289.673438][ T9817] syzkaller0: entered allmulticast mode
[  289.762967][   T30] audit: type=1326 audit(1762890958.649:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.059096][   T30] audit: type=1326 audit(1762890958.649:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.154398][ T5145] Bluetooth: hci6: command tx timeout
[  290.202122][ T9823] tipc: Started in network mode
[  290.212560][   T30] audit: type=1326 audit(1762890958.649:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.242649][ T9823] tipc: Node identity 7ef9d05e2759, cluster identity 4711
[  290.262091][ T9823] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  290.327785][ T9757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.343353][   T30] audit: type=1326 audit(1762890958.649:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.378384][   T30] audit: type=1326 audit(1762890958.649:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.403456][   T30] audit: type=1326 audit(1762890958.659:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.418016][ T9757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.434832][   T30] audit: type=1326 audit(1762890958.659:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.521587][   T30] audit: type=1326 audit(1762890958.659:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.5.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ea98f6c9 code=0x7ffc0000
[  290.592700][ T9816] tipc: Resetting bearer <eth:syzkaller0>
[  290.655643][ T9816] tipc: Disabling bearer <eth:syzkaller0>
[  290.867550][ T9840] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1376'.
[  290.956460][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1375'.
[  291.087934][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1375'.
[  291.728571][ T9757] team0: Port device team_slave_0 added
[  291.804209][ T9757] team0: Port device team_slave_1 added
[  291.918283][ T9849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1379'.
[  291.970594][   T30] audit: type=1326 audit(1762890960.869:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9850 comm="syz.6.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa7ad8f6c9 code=0x7ffc0000
[  292.156335][ T9757] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.163571][ T9757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.293755][ T5145] Bluetooth: hci6: command tx timeout
[  292.399067][ T9757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.474860][ T9757] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.481827][ T9757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.549677][ T9858] netlink: 'syz.5.1383': attribute type 39 has an invalid length.
[  292.574437][ T9757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.599513][ T3462] bridge_slave_1: left allmulticast mode
[  292.605498][ T3462] bridge_slave_1: left promiscuous mode
[  292.608620][ T9859] netlink: 176 bytes leftover after parsing attributes in process `syz.5.1383'.
[  292.611253][ T3462] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.646515][ T3462] bridge_slave_0: left allmulticast mode
[  292.652169][ T3462] bridge_slave_0: left promiscuous mode
[  292.662626][ T3462] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.360098][ T5961] kernel write not supported for file bpf-map (pid: 5961 comm: kworker/1:8)
[  294.316683][ T5145] Bluetooth: hci6: command tx timeout
[  294.457513][ T3462] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  294.481025][ T3462] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  294.501958][ T3462] bond0 (unregistering): Released all slaves
[  294.690430][ T3462] tipc: Left network mode
[  294.715161][ T9757] hsr_slave_0: entered promiscuous mode
[  294.741398][ T9757] hsr_slave_1: entered promiscuous mode
[  294.775917][ T9757] debugfs: 'hsr0' already exists in 'hsr'
[  294.807363][ T9757] Cannot create hsr debugfs directory
[  295.596363][ T9946] loop6: detected capacity change from 0 to 128
[  295.619074][ T9946] msdos: Unknown parameter 'ÿÿÿÿÿ'
[  296.270766][ T3462] hsr_slave_0: left promiscuous mode
[  296.342431][ T3462] hsr_slave_1: left promiscuous mode
[  296.356403][ T3462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.382815][ T3462] batman_adv: batadv0: Removing interface: batadv_slave_1
[  296.409566][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  296.409581][   T30] audit: type=1326 audit(1762890965.309:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  296.511136][   T30] audit: type=1326 audit(1762890965.339:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  296.583366][   T30] audit: type=1326 audit(1762890965.349:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  296.828198][   T30] audit: type=1326 audit(1762890965.349:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  296.972682][   T30] audit: type=1326 audit(1762890965.349:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  297.066118][   T30] audit: type=1326 audit(1762890965.349:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8c38df10 code=0x7ffc0000
[  297.172192][T10001] xt_hashlimit: max too large, truncated to 1048576
[  297.178996][   T30] audit: type=1326 audit(1762890965.349:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  297.203560][T10001] xt_CT: You must specify a L4 protocol and not use inversions on it
[  297.277189][   T30] audit: type=1326 audit(1762890965.349:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  297.367490][   T30] audit: type=1326 audit(1762890965.349:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  297.406995][   T30] audit: type=1326 audit(1762890965.349:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.0.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  297.766496][ T3462] team0 (unregistering): Port device team_slave_1 removed
[  297.816587][ T3462] team0 (unregistering): Port device team_slave_0 removed
[  298.290611][ T9989] tipc: Started in network mode
[  298.307773][ T9989] tipc: Node identity 7a490eed0c15, cluster identity 4711
[  298.315237][ T9989] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  298.388732][T10004] tipc: Resetting bearer <eth:syzkaller0>
[  298.429858][ T9987] tipc: Disabling bearer <eth:syzkaller0>
[  298.782157][T10026] loop2: detected capacity change from 0 to 164
[  298.791861][ T9757] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  298.887705][ T9757] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  298.926459][ T9757] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  298.984894][ T9757] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  299.770030][ T9757] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.862263][ T5971] kernel write not supported for file bpf-prog (pid: 5971 comm: kworker/0:7)
[  299.872011][ T9757] 8021q: adding VLAN 0 to HW filter on device team0
[  299.888463][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.895667][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.941722][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.948917][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  300.062480][T10072] loop2: detected capacity change from 0 to 1024
[  300.174078][T10072] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.362365][ T5195] udevd[5195]: worker [5832] terminated by signal 33 (Unknown signal 33)
[  300.385188][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.626085][ T9757] 8021q: adding VLAN 0 to HW filter on device batadv0
[  300.747740][T10091] loop2: detected capacity change from 0 to 512
[  300.836957][T10091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.910364][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1438'.
[  300.933890][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1438'.
[  300.934705][T10091] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  300.995829][T10107] netlink: 'syz.5.1436': attribute type 2 has an invalid length.
[  301.005262][T10107] netlink: 'syz.5.1436': attribute type 2 has an invalid length.
[  301.022544][T10107] netlink: 'syz.5.1436': attribute type 1 has an invalid length.
[  301.039384][T10107] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1436'.
[  302.258562][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.495768][ T9757] veth0_vlan: entered promiscuous mode
[  302.496246][T10129] loop2: detected capacity change from 0 to 1024
[  302.534606][ T9757] veth1_vlan: entered promiscuous mode
[  302.568031][T10135] netlink: 'syz.6.1448': attribute type 7 has an invalid length.
[  302.575532][T10129] EXT4-fs: Ignoring removed orlov option
[  302.602593][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1448'.
[  302.616879][T10129] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.647264][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  302.647279][   T30] audit: type=1800 audit(1762890971.549:754): pid=10129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1444" name="bus" dev="loop2" ino=18 res=0 errno=0
[  302.744277][ T9757] veth0_macvtap: entered promiscuous mode
[  302.744328][   T30] audit: type=1804 audit(1762890971.579:755): pid=10129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1444" name="/newroot/257/bus/bus" dev="loop2" ino=18 res=1 errno=0
[  302.811204][ T9757] veth1_macvtap: entered promiscuous mode
[  302.888753][ T9757] batman_adv: batadv0: Interface activated: batadv_slave_0
[  303.068865][ T9757] batman_adv: batadv0: Interface activated: batadv_slave_1
[  303.140099][ T3540] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  303.185806][ T3540] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  303.218439][ T3540] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  303.308406][ T3540] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  303.367257][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.525186][ T9588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.560211][ T9588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.665872][ T3540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.677220][ T3540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.756570][ T5821] Bluetooth: hci5: command 0x0406 tx timeout
[  304.023353][T10151] random: crng reseeded on system resumption
[  304.104056][T10153] loop2: detected capacity change from 0 to 512
[  304.165053][T10153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.266020][T10153] ext4 filesystem being mounted at /260/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.119126][   T30] audit: type=1800 audit(1762890974.009:756): pid=10166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1453" name="file1" dev="loop2" ino=15 res=0 errno=0
[  305.317745][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.612345][   T30] audit: type=1326 audit(1762890974.509:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  305.671260][T10173] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.702242][   T30] audit: type=1326 audit(1762890974.509:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  305.782375][   T30] audit: type=1326 audit(1762890974.509:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  305.854936][   T30] audit: type=1326 audit(1762890974.509:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  305.881909][T10173] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.938685][   T30] audit: type=1326 audit(1762890974.509:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  306.017965][   T30] audit: type=1326 audit(1762890974.509:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  306.062979][   T30] audit: type=1326 audit(1762890974.509:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10174 comm="syz.2.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e13f8f6c9 code=0x7ffc0000
[  306.124212][T10173] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.476297][T10173] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.596618][T10194] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1467'.
[  306.618594][T10194] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1467'.
[  306.734980][T10197] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1468'.
[  306.761285][ T3462] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.786854][ T3462] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.819580][ T9588] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.862773][ T9588] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  307.099277][T10205] 9p: Bad value for 'wfdno'
[  307.926093][T10230] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  307.976240][T10232] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1483'.
[  308.161349][T10235] veth1: entered promiscuous mode
[  308.189771][T10235] macsec1: entered promiscuous mode
[  308.213797][T10235] veth1: left promiscuous mode
[  308.272602][T10224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1479'.
[  308.576826][   T30] kauditd_printk_skb: 68 callbacks suppressed
[  308.576841][   T30] audit: type=1326 audit(1762891233.485:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  308.768838][   T30] audit: type=1326 audit(1762891233.515:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  308.817595][T10254] IPv6: Can't replace route, no match found
[  308.883373][   T30] audit: type=1326 audit(1762891233.515:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  308.936824][   T30] audit: type=1326 audit(1762891233.515:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  308.959593][   T30] audit: type=1326 audit(1762891233.515:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  308.983796][   T30] audit: type=1326 audit(1762891233.515:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  309.006291][   T30] audit: type=1326 audit(1762891233.515:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  309.092399][   T30] audit: type=1326 audit(1762891233.525:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  309.133451][   T30] audit: type=1326 audit(1762891233.525:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  309.188339][   T30] audit: type=1326 audit(1762891233.525:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10239 comm="syz.0.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8c38f6c9 code=0x7ffc0000
[  309.278806][T10260] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  309.764092][T10280] loop2: detected capacity change from 0 to 512
[  309.817638][T10280] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  309.941845][T10280] EXT4-fs (loop2): orphan cleanup on readonly fs
[  309.960813][T10280] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  309.975587][T10280] EXT4-fs error (device loop2): ext4_do_update_inode:5636: inode #11: comm syz.2.1497: corrupted inode contents
[  309.989784][T10280] EXT4-fs error (device loop2): ext4_dirty_inode:6521: inode #11: comm syz.2.1497: mark_inode_dirty error
[  310.031528][T10280] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1497: invalid indirect mapped block 327680 (level 0)
[  310.057618][T10280] EXT4-fs error (device loop2): ext4_do_update_inode:5636: inode #11: comm syz.2.1497: corrupted inode contents
[  310.075941][T10280] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  310.090070][T10280] EXT4-fs error (device loop2): ext4_do_update_inode:5636: inode #11: comm syz.2.1497: corrupted inode contents
[  310.133740][T10280] EXT4-fs error (device loop2): ext4_truncate:4641: inode #11: comm syz.2.1497: mark_inode_dirty error
[  310.154671][T10280] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  310.175374][T10280] EXT4-fs (loop2): 1 truncate cleaned up
[  310.194360][T10280] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  310.597342][T10284] netlink: 'syz.5.1501': attribute type 1 has an invalid length.
[  310.661488][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.714971][    T9] kernel write not supported for file bpf-map (pid: 9 comm: kworker/0:0)
[  310.868729][T10298] xt_hashlimit: max too large, truncated to 1048576
[  310.920834][T10298] xt_CT: You must specify a L4 protocol and not use inversions on it
[  312.060001][T10330] ip6gre1: entered promiscuous mode
[  312.202456][T10330] ip6gre1: entered allmulticast mode
[  312.243944][   T34] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.267720][  T794] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.280030][   T34] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.418621][T10332] syz.2.1520 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  312.438348][T10333] loop6: detected capacity change from 0 to 128
[  312.451586][T10330] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.556240][  T794] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.577012][T10318] bio_check_eod: 101 callbacks suppressed
[  312.577030][T10318] syz.6.1514: attempt to access beyond end of device
[  312.577030][T10318] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  312.969028][  T794] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  313.070471][T10350] xt_hashlimit: max too large, truncated to 1048576
[  313.087085][T10350] xt_CT: You must specify a L4 protocol and not use inversions on it
[  313.109040][T10351] vlan2: entered allmulticast mode
[  313.503549][T10355] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1530'.
[  313.512709][T10355] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  313.567837][T10355] batman_adv: batadv0: Removing interface: batadv_slave_1
[  313.852965][ T5961] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  314.003750][ T5961] usb 7-1: device descriptor read/64, error -71
[  314.263675][ T5961] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  314.285692][   T30] kauditd_printk_skb: 69 callbacks suppressed
[  314.285707][   T30] audit: type=1326 audit(1762891239.195:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.357507][   T30] audit: type=1326 audit(1762891239.195:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.420216][   T30] audit: type=1326 audit(1762891239.195:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.426297][T10370] loop2: detected capacity change from 0 to 512
[  314.462487][ T5961] usb 7-1: device descriptor read/64, error -71
[  314.582239][   T30] audit: type=1326 audit(1762891239.195:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.604757][   T30] audit: type=1326 audit(1762891239.195:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.606422][T10370] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.628871][   T30] audit: type=1326 audit(1762891239.195:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.662918][   T30] audit: type=1326 audit(1762891239.195:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.685957][ T5961] usb usb7-port1: attempt power cycle
[  314.693555][   T30] audit: type=1326 audit(1762891239.195:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.717483][   T30] audit: type=1326 audit(1762891239.195:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.752500][T10370] ext4 filesystem being mounted at /277/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  314.763056][   T30] audit: type=1326 audit(1762891239.195:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10362 comm="syz.7.1535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f049fb8f6c9 code=0x7ffc0000
[  314.835437][T10366] loop7: detected capacity change from 0 to 32768
[  314.885198][T10366]  loop7: p1 p2 p3 < p5 p6 >
[  314.908512][T10366] loop7: p2 size 16775168 extends beyond EOD, truncated
[  314.927030][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.945366][T10366] loop7: p5 start 4294970168 is beyond EOD, truncated
[  315.062390][ T5961] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  315.093202][ T5961] usb 7-1: device descriptor read/8, error -71
[  315.180902][T10379] loop2: detected capacity change from 0 to 1024
[  315.198309][T10379] EXT4-fs: Ignoring removed bh option
[  315.212415][T10379] EXT4-fs: inline encryption not supported
[  315.230794][T10379] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  315.271158][T10379] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  315.285320][T10379] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #3: block 2: comm syz.2.1540: lblock 2 mapped to illegal pblock 2 (length 1)
[  315.322717][T10379] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #3: block 48: comm syz.2.1540: lblock 0 mapped to illegal pblock 48 (length 1)
[  315.368790][T10379] EXT4-fs error (device loop2): ext4_acquire_dquot:6946: comm syz.2.1540: Failed to acquire dquot type 0
[  315.372365][ T5961] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  315.410873][T10379] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6317: Corrupt filesystem
[  315.435241][ T5961] usb 7-1: device descriptor read/8, error -71
[  315.435757][T10379] EXT4-fs error (device loop2): ext4_evict_inode:253: inode #11: comm syz.2.1540: mark_inode_dirty error
[  315.484288][T10379] EXT4-fs warning (device loop2): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  315.525167][T10379] EXT4-fs (loop2): 1 orphan inode deleted
[  315.544589][ T5961] usb usb7-port1: unable to enumerate USB device
[  315.545719][   T34] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  315.588896][T10379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.611970][   T34] EXT4-fs error (device loop2): ext4_release_dquot:6982: comm kworker/u8:2: Failed to release dquot type 0
[  315.660610][T10379] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  315.751561][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.759067][   T31] INFO: task syz.4.613:7734 blocked for more than 143 seconds.
[  315.778745][   T31]       Not tainted syzkaller #0
[  315.788860][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  315.808177][   T31] task:syz.4.613       state:D stack:28128 pid:7734  tgid:7730  ppid:5826   task_flags:0x400040 flags:0x00080002
[  315.830077][   T31] Call Trace:
[  315.837148][   T31]  <TASK>
[  315.845966][   T31]  __schedule+0x1836/0x4ed0
[  315.850522][   T31]  ? __lock_acquire+0xab9/0xd20
[  315.872338][   T31]  ? __lock_acquire+0xab9/0xd20
[  315.889242][   T31]  ? __pfx___schedule+0x10/0x10
[  315.922381][   T31]  ? schedule+0x91/0x360
[  315.926665][   T31]  schedule+0x165/0x360
[  315.930839][   T31]  schedule_preempt_disabled+0x13/0x30
[  315.957795][   T31]  rwsem_down_write_slowpath+0x872/0xfe0
[  315.963852][   T31]  ? rwsem_down_write_slowpath+0x472/0xfe0
[  315.969834][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  315.976170][   T31]  ? __lock_acquire+0xab9/0xd20
[  315.981187][   T31]  ? filename_create+0x1f8/0x3c0
[  315.986328][   T31]  ? mnt_get_write_access+0x66/0x280
[  315.991776][   T31]  down_write_nested+0x1b5/0x200
[  315.996937][   T31]  ? __pfx_down_write_nested+0x10/0x10
[  316.002838][   T31]  filename_create+0x1f8/0x3c0
[  316.008119][   T31]  ? __pfx_filename_create+0x10/0x10
[  316.013697][   T31]  do_mkdirat+0xa0/0x650
[  316.018193][   T31]  ? __pfx_do_mkdirat+0x10/0x10
[  316.023168][   T31]  ? getname_flags+0x1e5/0x540
[  316.028112][   T31]  __x64_sys_mkdir+0x6c/0x80
[  316.039173][   T31]  do_syscall_64+0xfa/0xfa0
[  316.053789][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.065761][   T31]  ? clear_bhb_loop+0x60/0xb0
[  316.084258][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.095762][   T31] RIP: 0033:0x7fb35238f6c9
[  316.116051][   T31] RSP: 002b:00007fb35313f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  316.147150][   T31] RAX: ffffffffffffffda RBX: 00007fb3525e6090 RCX: 00007fb35238f6c9
[  316.157434][   T31] RDX: 0000000000000000 RSI: 0000000000000105 RDI: 0000200000000500
[  316.165486][   T31] RBP: 00007fb352411f91 R08: 0000000000000000 R09: 0000000000000000
[  316.173499][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  316.181474][   T31] R13: 00007fb3525e6128 R14: 00007fb3525e6090 R15: 00007fff791cd448
[  316.189563][   T31]  </TASK>
[  316.193201][   T31] INFO: task syz.4.613:7735 blocked for more than 143 seconds.
[  316.200751][   T31]       Not tainted syzkaller #0
[  316.207115][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  316.215819][   T31] task:syz.4.613       state:D stack:24264 pid:7735  tgid:7730  ppid:5826   task_flags:0x400040 flags:0x00080002
[  316.227822][   T31] Call Trace:
[  316.231101][   T31]  <TASK>
[  316.234336][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  316.285081][   T31]  __schedule+0x1836/0x4ed0
[  316.289642][   T31]  ? __lock_acquire+0xab9/0xd20
[  316.310790][   T31]  ? __lock_acquire+0xab9/0xd20
[  316.323395][   T31]  ? __pfx___schedule+0x10/0x10
[  316.349086][   T31]  ? schedule+0x91/0x360
[  316.518917][   T31]  schedule+0x165/0x360
[  316.532149][   T31]  schedule_preempt_disabled+0x13/0x30
[  316.550749][   T31]  rwsem_down_write_slowpath+0x872/0xfe0
[  316.573070][   T31]  ? rwsem_down_write_slowpath+0x472/0xfe0
[  316.600044][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  316.619900][   T31]  ? __lock_acquire+0xab9/0xd20
[  316.651116][   T31]  ? filename_create+0x1f8/0x3c0
[  316.698393][   T31]  ? mnt_get_write_access+0x66/0x280
[  316.711258][   T31]  down_write_nested+0x1b5/0x200
[  316.734433][   T31]  ? __pfx_down_write_nested+0x10/0x10
[  316.751714][   T31]  filename_create+0x1f8/0x3c0
[  316.770032][   T31]  ? __pfx_filename_create+0x10/0x10
[  316.788763][   T31]  do_mkdirat+0xa0/0x650
[  316.802353][   T31]  ? __pfx_do_mkdirat+0x10/0x10
[  316.807239][   T31]  ? getname_flags+0x1e5/0x540
[  316.812027][   T31]  __x64_sys_mkdir+0x6c/0x80
[  316.821328][   T31]  do_syscall_64+0xfa/0xfa0
[  316.841272][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.847413][   T31]  ? clear_bhb_loop+0x60/0xb0
[  316.852123][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.872898][   T31] RIP: 0033:0x7fb35238f6c9
[  316.877328][   T31] RSP: 002b:00007fb3505f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  316.902320][   T31] RAX: ffffffffffffffda RBX: 00007fb3525e6180 RCX: 00007fb35238f6c9
[  316.910312][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000020c0
[  316.922341][   T31] RBP: 00007fb352411f91 R08: 0000000000000000 R09: 0000000000000000
[  316.930324][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  316.962552][   T31] R13: 00007fb3525e6218 R14: 00007fb3525e6180 R15: 00007fff791cd448
[  316.982353][   T31]  </TASK>
[  316.992469][   T31] INFO: task syz.4.613:7739 blocked for more than 144 seconds.
[  317.002334][   T31]       Not tainted syzkaller #0
[  317.007271][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  317.039740][   T31] task:syz.4.613       state:D stack:28744 pid:7739  tgid:7730  ppid:5826   task_flags:0x400040 flags:0x00080002
[  317.045424][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  317.061959][   T31] Call Trace:
[  317.065293][   T31]  <TASK>
[  317.068233][   T31]  __schedule+0x1836/0x4ed0
[  317.082348][   T31]  ? __lock_acquire+0xab9/0xd20
[  317.092538][   T31]  ? __lock_acquire+0xab9/0xd20
[  317.100776][   T31]  ? __lock_acquire+0xab9/0xd20
[  317.111304][   T31]  ? __pfx___schedule+0x10/0x10
[  317.123392][   T31]  ? schedule+0x91/0x360
[  317.131088][   T31]  schedule+0x165/0x360
[  317.141633][   T31]  schedule_preempt_disabled+0x13/0x30
[  317.153753][   T31]  rwsem_down_write_slowpath+0x872/0xfe0
[  317.164951][   T31]  ? rwsem_down_write_slowpath+0x472/0xfe0
[  317.178340][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  317.195438][   T31]  ? __lock_acquire+0xab9/0xd20
[  317.205863][   T31]  ? do_rmdir+0x1b2/0x550
[  317.214666][   T31]  ? mnt_get_write_access+0x66/0x280
[  317.225642][   T31]  down_write_nested+0x1b5/0x200
[  317.236127][   T31]  ? __pfx_down_write_nested+0x10/0x10
[  317.249173][   T31]  do_rmdir+0x1b2/0x550
[  317.257853][   T31]  ? __pfx_do_rmdir+0x10/0x10
[  317.268142][   T31]  ? strncpy_from_user+0x150/0x2c0
[  317.281721][   T31]  ? getname_flags+0x1e5/0x540
[  317.292073][   T31]  __x64_sys_rmdir+0x47/0x50
[  317.303522][   T31]  do_syscall_64+0xfa/0xfa0
[  317.312904][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.325968][   T31]  ? clear_bhb_loop+0x60/0xb0
[  317.335117][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.351359][   T31] RIP: 0033:0x7fb35238f6c9
[  317.357083][   T31] RSP: 002b:00007fb3501d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  317.374567][   T31] RAX: ffffffffffffffda RBX: 00007fb3525e6270 RCX: 00007fb35238f6c9
[  317.393470][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[  317.410756][   T31] RBP: 00007fb352411f91 R08: 0000000000000000 R09: 0000000000000000
[  317.428117][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  317.444563][   T31] R13: 00007fb3525e6308 R14: 00007fb3525e6270 R15: 00007fff791cd448
[  317.461450][   T31]  </TASK>
[  317.471994][   T31] 
[  317.471994][   T31] Showing all locks held in the system:
[  317.492149][   T31] 1 lock held by ksoftirqd/0/15:
[  317.502681][   T31] 1 lock held by khungtaskd/31:
[  317.514408][   T31]  #0: ffffffff8df3d820 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  317.541638][   T31] 3 locks held by kworker/u8:8/3540:
[  317.552346][   T31] 2 locks held by getty/5580:
[  317.561503][   T31]  #0: ffff88814d5d90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  317.587836][   T31]  #1: ffffc900036c32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  317.608938][   T31] 4 locks held by kworker/u8:10/6827:
[  317.621024][   T31] 2 locks held by syz.4.613/7731:
[  317.633347][   T31] 2 locks held by syz.4.613/7734:
[  317.643913][   T31]  #0: ffff88807b832420 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  317.662377][   T31]  #1: ffff888058a488f0 (&type->i_mutex_dir_key#11/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0
[  317.690176][   T31] 2 locks held by syz.4.613/7735:
[  317.706116][   T31]  #0: ffff88807b832420 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  317.725644][   T31]  #1: ffff888058a488f0 (&type->i_mutex_dir_key#11/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0
[  317.753949][   T31] 2 locks held by syz.4.613/7739:
[  317.762503][   T31]  #0: ffff88807b832420 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  317.782378][   T31]  #1: ffff888058a488f0 (&type->i_mutex_dir_key#11/1){+.+.}-{4:4}, at: do_rmdir+0x1b2/0x550
[  317.806607][   T31] 
[  317.811181][   T31] =============================================
[  317.811181][   T31] 
[  317.837447][   T31] NMI backtrace for cpu 1
[  317.837471][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  317.837493][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  317.837505][   T31] Call Trace:
[  317.837513][   T31]  <TASK>
[  317.837522][   T31]  dump_stack_lvl+0x189/0x250
[  317.837557][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  317.837592][   T31]  ? __pfx__printk+0x10/0x10
[  317.837627][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  317.837654][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  317.837680][   T31]  ? __pfx__printk+0x10/0x10
[  317.837706][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  317.837732][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  317.837759][   T31]  watchdog+0xfa8/0xff0
[  317.837791][   T31]  ? watchdog+0x1f4/0xff0
[  317.837826][   T31]  kthread+0x711/0x8a0
[  317.837848][   T31]  ? __pfx_watchdog+0x10/0x10
[  317.837876][   T31]  ? __pfx_kthread+0x10/0x10
[  317.837896][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  317.837922][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  317.837948][   T31]  ? __pfx_kthread+0x10/0x10
[  317.837968][   T31]  ret_from_fork+0x599/0xb30
[  317.837994][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  317.838027][   T31]  ? __switch_to_asm+0x39/0x70
[  317.838046][   T31]  ? __switch_to_asm+0x33/0x70
[  317.838064][   T31]  ? __pfx_kthread+0x10/0x10
[  317.838082][   T31]  ret_from_fork_asm+0x1a/0x30
[  317.838119][   T31]  </TASK>
[  317.838130][   T31] Sending NMI from CPU 1 to CPUs 0:
[  317.985391][    C0] NMI backtrace for cpu 0
[  317.985408][    C0] CPU: 0 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  317.985428][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  317.985440][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  317.985466][    C0] RIP: 0010:lock_release+0x80/0x3d0
[  317.985490][    C0] Code: 05 e0 0d 00 0f 84 44 02 00 00 65 8b 05 f9 7a d7 10 85 c0 0f 85 35 02 00 00 65 4c 8b 3c 25 08 40 75 92 41 83 bf 2c 0b 00 00 00 <0f> 85 1e 02 00 00 49 81 3e c0 f3 38 93 0f 84 11 02 00 00 48 c7 44
[  317.985504][    C0] RSP: 0018:ffffc90000007750 EFLAGS: 00000246
[  317.985519][    C0] RAX: 0000000000000000 RBX: ffffffff90692801 RCX: c7da264d135aa700
[  317.985533][    C0] RDX: ffffc90000007801 RSI: ffffffff8bbf4140 RDI: ffffffff8bbf4100
[  317.985546][    C0] RBP: dffffc0000000000 R08: ffffc90000ad7a70 R09: 0000000000000000
[  317.985564][    C0] R10: ffffc900000078d8 R11: fffff52000000f1d R12: ffffc90000ad7a80
[  317.985577][    C0] R13: ffffffff8173cfd5 R14: ffffffff8df3d820 R15: ffff8881416c9e80
[  317.985591][    C0] FS:  0000000000000000(0000) GS:ffff888125ecc000(0000) knlGS:0000000000000000
[  317.985606][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  317.985618][    C0] CR2: 00007f7c8c5b4198 CR3: 000000001b706000 CR4: 00000000003526f0
[  317.985633][    C0] Call Trace:
[  317.985640][    C0]  <IRQ>
[  317.985647][    C0]  ? deref_stack_reg+0x19f/0x230
[  317.985673][    C0]  ? unwind_next_frame+0xa5/0x2390
[  317.985696][    C0]  unwind_next_frame+0x19a9/0x2390
[  317.985723][    C0]  ? unwind_next_frame+0xa5/0x2390
[  317.985746][    C0]  ? nsim_dev_trap_report_work+0x7c7/0xb80
[  317.985767][    C0]  ? rcu_core+0xc37/0x1770
[  317.985788][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  317.985809][    C0]  arch_stack_walk+0x11c/0x150
[  317.985834][    C0]  ? process_one_work+0x93a/0x15e0
[  317.985857][    C0]  stack_trace_save+0x9c/0xe0
[  317.985876][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  317.985896][    C0]  ? kasan_save_track+0x4f/0x80
[  317.985914][    C0]  ? __lock_acquire+0xab9/0xd20
[  317.985934][    C0]  kasan_save_track+0x3e/0x80
[  317.985950][    C0]  ? kasan_save_track+0x3e/0x80
[  317.985965][    C0]  ? kasan_save_free_info+0x46/0x50
[  317.985986][    C0]  ? __kasan_slab_free+0x5c/0x80
[  317.986002][    C0]  ? slab_free_after_rcu_debug+0x12c/0x2a0
[  317.986023][    C0]  ? rcu_core+0xcab/0x1770
[  317.986043][    C0]  ? handle_softirqs+0x27d/0x880
[  317.986064][    C0]  ? do_softirq+0xec/0x180
[  317.986083][    C0]  ? __local_bh_enable_ip+0x17d/0x1c0
[  317.986103][    C0]  ? nsim_dev_trap_report_work+0x7c7/0xb80
[  317.986147][    C0]  kasan_save_free_info+0x46/0x50
[  317.986169][    C0]  __kasan_slab_free+0x5c/0x80
[  317.986187][    C0]  slab_free_after_rcu_debug+0x12c/0x2a0
[  317.986207][    C0]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  317.986227][    C0]  ? rcu_core+0xc37/0x1770
[  317.986249][    C0]  rcu_core+0xcab/0x1770
[  317.986280][    C0]  ? __pfx_rcu_core+0x10/0x10
[  317.986303][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  317.986328][    C0]  ? sched_clock_cpu+0x74/0x430
[  317.986349][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  317.986375][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  317.986396][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  317.986419][    C0]  ? try_to_wake_up+0x7f5/0x12b0
[  317.986439][    C0]  handle_softirqs+0x27d/0x880
[  317.986463][    C0]  ? do_softirq+0xec/0x180
[  317.986486][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  317.986511][    C0]  ? nsim_dev_trap_report_work+0x7c7/0xb80
[  317.986532][    C0]  do_softirq+0xec/0x180
[  317.986552][    C0]  </IRQ>
[  317.986563][    C0]  <TASK>
[  317.986570][    C0]  ? __pfx_do_softirq+0x10/0x10
[  317.986590][    C0]  ? devlink_trap_report+0x216/0x6a0
[  317.986612][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  317.986633][    C0]  __local_bh_enable_ip+0x17d/0x1c0
[  317.986655][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  317.986678][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  317.986696][    C0]  ? nsim_dev_trap_report_work+0x7c7/0xb80
[  317.986717][    C0]  nsim_dev_trap_report_work+0x7c7/0xb80
[  317.986748][    C0]  ? process_one_work+0x868/0x15e0
[  317.986767][    C0]  process_one_work+0x93a/0x15e0
[  317.986787][    C0]  ? __lock_acquire+0xab9/0xd20
[  317.986817][    C0]  ? __pfx_process_one_work+0x10/0x10
[  317.986841][    C0]  ? assign_work+0x3a1/0x410
[  317.986864][    C0]  worker_thread+0x9b0/0xee0
[  317.986897][    C0]  kthread+0x711/0x8a0
[  317.986914][    C0]  ? __pfx_worker_thread+0x10/0x10
[  317.986935][    C0]  ? __pfx_kthread+0x10/0x10
[  317.986951][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  317.986973][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  317.986996][    C0]  ? __pfx_kthread+0x10/0x10
[  317.987011][    C0]  ret_from_fork+0x599/0xb30
[  317.987032][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  317.987057][    C0]  ? __switch_to_asm+0x39/0x70
[  317.987074][    C0]  ? __switch_to_asm+0x33/0x70
[  317.987090][    C0]  ? __pfx_kthread+0x10/0x10
[  317.987105][    C0]  ret_from_fork_asm+0x1a/0x30
[  317.987130][    C0]  </TASK>
[  318.522411][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  318.529294][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  318.538398][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  318.548450][   T31] Call Trace:
[  318.551722][   T31]  <TASK>
[  318.554654][   T31]  dump_stack_lvl+0x99/0x250
[  318.559265][   T31]  ? __asan_memcpy+0x40/0x70
[  318.563862][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.569062][   T31]  ? __pfx__printk+0x10/0x10
[  318.573665][   T31]  vpanic+0x237/0x6d0
[  318.577650][   T31]  ? __pfx_vpanic+0x10/0x10
[  318.582147][   T31]  ? preempt_schedule+0xae/0xc0
[  318.587012][   T31]  panic+0xb9/0xc0
[  318.590730][   T31]  ? __pfx_panic+0x10/0x10
[  318.595148][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  318.600534][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  318.606688][   T31]  watchdog+0xfe7/0xff0
[  318.610856][   T31]  ? watchdog+0x1f4/0xff0
[  318.615212][   T31]  kthread+0x711/0x8a0
[  318.619285][   T31]  ? __pfx_watchdog+0x10/0x10
[  318.623968][   T31]  ? __pfx_kthread+0x10/0x10
[  318.628555][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  318.633765][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.638972][   T31]  ? __pfx_kthread+0x10/0x10
[  318.643569][   T31]  ret_from_fork+0x599/0xb30
[  318.648165][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  318.653284][   T31]  ? __switch_to_asm+0x39/0x70
[  318.658045][   T31]  ? __switch_to_asm+0x33/0x70
[  318.662803][   T31]  ? __pfx_kthread+0x10/0x10
[  318.667392][   T31]  ret_from_fork_asm+0x1a/0x30
[  318.672175][   T31]  </TASK>
[  318.675460][   T31] Kernel Offset: disabled
[  318.679785][   T31] Rebooting in 86400 seconds..