last executing test programs:

2m20.742404827s ago: executing program 1 (id=291):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x87, &(0x7f0000000180), 0x0, 0x594, &(0x7f00000002c0)="$eJzs3U9sFNUfAPDvzPYPLf3R8osxwMUmHCAxLrQ1gp4Ab8YY/x5NaEohDQsltCZAeoC7Bw8cvJp48eoF9USi8eDBgyfw5NmEmAapiTHWzO5MWej2T0rbKZ3PJ5nuvHnbfe/bybfz3s6+bACVNZz9SCMORsTZJGKwra4r8srh1vMW5ucm/pqfm0hicfGDP5JIIuLR/NxE8fwkf9ybF/ZExC9nIv5fW97uzPUbF8cbjcmrefnY7KUrx2au33hl6tL4hckLk5fHRkZff3VsbOzEyeJXep811o/eP/RO/eO37n81/do/t9/b91MSp2KgVVWLtjg2y3AML/1N2mV/1xOb3VhJank8neJk5yvOX3dEvBiDUcuzPjMYU5+W2jlgSy3WIhaBikrkP1RUMQ7I5vHFVu6IZHs9ON2aAGVxL+Rbq6ar9d5I7MnmRgO9D5O2mVFrvju0Ce1nbVw7cub7bIun3k/ZDjdvRcSBTuc/afZtqPkuTkT/w/SJ+NOIOJ4/ZsdHN9j+8FPl5yn+U23xn9lg+6vF37XB1wSAtdw93bqQL7/+pUvjn2he/54c/wx0uHZtRNnX/2L8t7Bs/Pc4/lqH+LPx37vrbOPXH+/8vFJd+/gv2xbmaxPFWHA7PLgVcahj/MlS/EmH+LNxz9l1tvH1N4dXvHe3PP65bY1/8YuII9E5/kKy+v3JY+enGpPHWz87tvHbgTfvrNR+2fFn579/hfhXO//ZsSvrbONk/9HPV6pbO/70957kw+ZeT37k2vjs7NWRiJ7k7eXH15iIFM8pXiOL/+jh1fO/U/x92dxhnfE/mv7u743Hv7Wy+M9t8Px/ts42vv3yh3sr1ZUdPwAAAAAAAOwmafOzHElaX9pP03q9tYb3hehPG9Mzsy+fn/7k8rnWZz6Gojst7nQPtspJVh7JPw9blEefKo9FxP6IuF3ra5brE9ONc2UHDwAAAAAAAAAAAAAAAAAAADvE3rb1/10R8Wettf4fqAhfNAbVJf+huuQ/VJf8h+qS/1Bd8h+qS/5Ddcl/qC75D9Ul/6G65D8AAAAA7Er7X7p7P4mIm2/0NbdMT17XXWrPgK2Wlt0BoDS1sjsAlMatf6guc3wgWaN+zxMPbe6u9ZsAAAAAAAAAAAAAwGY5ctD6f6gq6/+huqz/h+qy/h+qyxwfWOf6/+Ws/wcAAAAAAAAAAACAbTPQ3JK0nq8FHog0rdcj/hcRQ9GdnJ9qTB6PiH0Rca/W3ZuVR8ruNAAAAAAAAAAAAAAAAAAAAOwyM9dvXBxvNCav2rGz/Tt9EbEDuvEMO/+O7oBu9ObZvJmvXPI/JgAAAAAAAAAAAAAAAAAAqKDHi37L7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlOfx9/9v3U7ZMQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6f/AgAA///fCQzH")
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2m18.459720016s ago: executing program 1 (id=304):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)
pipe2$9p(0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

2m17.511813437s ago: executing program 1 (id=309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x8, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
close(r2)

2m16.95132721s ago: executing program 1 (id=310):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10084, &(0x7f00000000c0)={[{@minixdf}, {@i_version}, {@usrquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@nomblk_io_submit}, {@lazytime}, {@jqfmt_vfsold}]}, 0x1, 0x401, &(0x7f0000000540)="$eJzs209oHFUYAPBvZpNUm9bEWv+1VbcNYkBNmkSFgJeKioLgQW8eJDRpKW6a0qzYFg8qgqfixZOePOnBoxcPgnj3JHiydykEKZ5lZXZnmm2yGzfprms7vx9M+97MW9578+bbvHkzG0BpVbN/kogDEfF7REy0srcWqLb+++vGh6ezLYlG460/k2a5LF8ULT43nmem04j00ySOdqh3/fKV95ZqtZWLeX62vnphdv3ylWfPrS6dXTm7cn5h8fmT8wuLLywu9KObY1nbrt449tvaV2/+/fmJa+MvXX335WzfgbxAez/6pRrVW89lmyf7XdmQHWxLJyNDbAi7UomIbLhGm/E/EZXYHLyJeOWToTYOGKhGo9HY1/3wRw3gLpbEsFsADEfxh764tx/EffD/2cap1g3Q9v6PRJqXGd1yf9tP1Yi49M5nP2ZbDGgdAgCg3U/Z/OeZTvOfNB5qK3df/mxoMiLuj4hDEfFARByOiAcjmmUfjohHdll/dUt++/wnvb6njvUom/+92HH+W8z+YrKS5w42+z+anDlXWzmZn5PpGN2X5ed2qOPX17/9ptux9vlftmX1F3PBvB3XR7Ys0C0v1Zdup8/tNj6OONJx/pvcfBKQRMSjEXFkj3X8cKrxZbdj/97/wWp8HfFUx/HffHKX7Px8crZ5PcwWV8V2xz64sNyt/mH3Pxv//Tv3fzJpf167vvs6vp88vtHt2F6v/7Hk7WZ6LN93aalevzgXMZa8sX3//OZni3xRPuv/9FTn+D8Um2fiaDaOEfFYRDweEU/kbT8eESciYmqH/r869dpK1/7fExFDHf/vxlupXsd/94nV+Z9/6VZ/b+P/XDM1ne/p5fuv1wbu+cQBAADAHSRtvgOfpDM302k6M9N6h/9w7E9ra+v1p8+svX9+ufWu/GSMpsVK10TbeuhcvjZc5Oe35BfydeMvKvc28zOn12pdF8WA/8R4l/jP/FEZduuAgfN7LSgv8Q/lJf6hvMQ/lJf4h/IS/1BS1yriH0pM/EN5iX8oL/EPpXQ7v+uXkJC4WxPD/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoj38CAAD//2Gy3iA=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x2, 0x0, &(0x7f0000000000))
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000100000000000000000000850000006d00000085"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

2m16.464965747s ago: executing program 1 (id=314):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x2c, r1, 0xc11, 0x0, 0x0, {0x5}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x88c0)

2m14.96816581s ago: executing program 1 (id=322):
unshare(0x2c060000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, r0, 0x4000)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13})
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x60f2, 0x18, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000d9670000001d00000008000300", @ANYRES32=r4, @ANYBLOB="0c002f800800010000000000"], 0x28}}, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r5, 0x4018f50b, &(0x7f0000000080)={0x0, 0x0, 0x1d8})
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x0, 0x9}}, 0x36)

2m14.514578634s ago: executing program 32 (id=322):
unshare(0x2c060000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, r0, 0x4000)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13})
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x60f2, 0x18, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000d9670000001d00000008000300", @ANYRES32=r4, @ANYBLOB="0c002f800800010000000000"], 0x28}}, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r5, 0x4018f50b, &(0x7f0000000080)={0x0, 0x0, 0x1d8})
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x0, 0x9}}, 0x36)

41.107626722s ago: executing program 5 (id=700):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="600000000206010100000000000000000000fffc05000100070000000900020073797a300000000014000780050015000000000008001240200000000c000300686173683a69700005000500cf1c55e052c2c6af7d7cb8837b01388fa077d565dac36989e17bb54b54d98e37d95146a318170aa63d2948f14455a1f0d78ecd5b362f91e3f909ef9f28657addde07e3d8e3e9b1dce930cc9110abd9c951", @ANYRESOCT], 0x60}}, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r6, 0x1)
listen(r6, 0x0)
shutdown(r6, 0x0)
writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1)

40.206147008s ago: executing program 5 (id=701):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESOCT, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
fstat(r0, 0x0)

40.135491945s ago: executing program 5 (id=702):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000007007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
readv(r2, &(0x7f0000000200)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
openat2(r4, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f000000e280)={0x2020, 0x0, <r8=>0x0}, 0x2020)
mknod$loop(&(0x7f00000002c0)='./file0/../file0/file0\x00', 0xa002c000, 0x0)
write$FUSE_INIT(r7, &(0x7f0000000380)={0x50, 0x0, r8, {0x7, 0x27, 0x0, 0x64266}}, 0x50)

39.212178063s ago: executing program 5 (id=703):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2000480, &(0x7f0000001900), 0x1, 0x762, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9GxdNttQs8mW7KY0IaAighdBxYOgl579UW/exB9X/S88SEvVtFjxIJHZzKbbZrfJpkmWup8PTPt9M7N5892Zee/tzrATQM8aTf/JRRyOiA+TiOFsfhIRA/WoP+Lk2no3V5aL6ZTE6uqrfyT1dW6sLBej6TWpg1nh0Yj48b2II7mN9VYXl2YK5XJpPiuP12bPj1cXl46emy1Ml6ZLc8cnJiePnXjmxPGdy/WvX5YOXf3opSe/PvnPu49c/uCnJE7GoWxZcx47ZTRGs/dkIH0Lb/PiTlfWZUm3N4BtSU/NvrWzPA7HcPTVIwDg/+ytiFgFAHpMov8HgB7T+B7gxspysTF19xuJvXXthYjYv5Z/4/rm2pL+7Jrd/vp10KEbyW1XRpKIGNmB+kcj4vNvX/8ynWKXrkMCtPL2d1mwof1PNtyz0KmntrDO6B1l7R/sne/T8c+zrcZ/ufXxT7QY/wy2OHe3Y/PzP3dlB6ppKx3/Pd90b9vNpvwzI31Z6YH6mG8gOXuuXErbtgcjYiwGBtPyxF3qGLv+7/V2y5rHf39+/OYXaf3p/7fWyF3pH7z9NVOFWuFecm527Z2Ix/pb5Z+s7/+kzfj39BbrePm59z9rtyzNP823MW3Mf3etXop4ouX+v3VHW3LX+xPH64fDeOOgaOGbXz8dald/8/5Pp7T+xmeBvZDu/6G75z+SNN+vWe28jp8vDf/Qbtnm+bc+/vclr9Xjfdm8i4VabX4iYl/yysb5x269tlFurJ/mP/Z4Pf8D2Sob2r9Wx3/6mfCNzRLPNqL/6u9fbT//3ZXmP9XR/u88uHxzpq9d/Vvb/5P1aCybs5X2b6sbeC/vHQAAAAAAAAAAAAAAAAAAAAAAAABsVS4iDkWSy6/HuVw+v/YM74djKFeuVGtHzlYW5qai/qzskRjINX7qcrjp91Anst/Db5SP3VF+OiIeiohPBg/Uy/lipTzV7eQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHOwzfP/U78NdnvrAIBds7/bGwAA7Dn9PwD0nk77f+MFALj/6c8BoPfo/wGg9+j/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GWnT51Kp9W/V5aLaXnqwuLCTOXC0alSdSY/u1DMFyvz5/PTlcp0uZQvVmY3+3vlSuX8ZMwtXByvlaq18eri0pnZysJc7cy52cJ06UxpYE+yAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDOVBeXZgrlcmleIBAI1oNut0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA94f/AgAA///tuiN0")
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)

38.671653805s ago: executing program 5 (id=706):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1e0000003900007cb69e3a4f9911db0001000000", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300000001000000040000000b00"/28], 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040))
ioctl$TCSETSW(r7, 0x5403, &(0x7f00000000c0)={0xfffffffa, 0x0, 0x0, 0x0, 0x0, "ff24e57a1c873d098b488659cdd21490da2ffa"})
r8 = dup3(r2, r1, 0x0)
sendmsg$key(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/profiling', 0x42, 0x0)
syz_read_part_table(0x607, &(0x7f00000009c0)="$eJzs2z9olGccB/Df3Xl/9MDr4ORSdegkiGK33FAlOS0WwkUpSAdbLCJ1ihC40sMDHdoraJtBOnaRwi02TsYMHUpCAp1LyNASuCFLoVlC0yFvueTlSBrSJHAZCp/P8jzPj9/7ft8Hnnd8gv+1bOTTWZJsDhc+icjs3Z9UKv15K251hkeuJ0mS3CxGJj6KfJz9+eRUMeJYv7+4NZ6LiMK297z4/sTMV6vX8p2lsbV37sy2s/13FuOtiCgX9v304uF2ylF4WZ2rPH4yXnvaW9Sa3Y0PI378c7g+faM9OfV+/urdXv1RxHzav3UwjsfD3I7C4ZR35rd6+Y3q/cVas/tdZ/nixula5/W9ofUzM89+uhQx0YsY3ezedrD3P18H0t9/L/9CWmxeOf/q1PPLjTcL9ZXcX8mWNDL93b4eG0w+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD9bI6V3n8ZLz2tFG9v1hrdr/89ZcP3p34Zmj6RntyKlu4ejftm0/HY+n4MBrxeXwWH8eDeBCfxvh/ppzcvrididIe+X+fiFi+uHG61nl9b2h9ZOZZ+VLaN9p/4vggtv2v/Ey6anYnzn57e7J55fyrU88vN94s1Fdyu58pDvQLAAAAAAAAAAAAAAAAAAAAIGJ45PqZ0ffqN3vzViki/vgi25sn6SX3zZvxpYhzaf9vaf1FKaK1ei3fWRpbK9yZbf+e1ltRjFbkovzD9K2It/s5j3YlZ454ZxzEPwEAAP//Cv6Meg==")
unshare(0x60600)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0xf983e000)

34.727755743s ago: executing program 5 (id=716):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a0000904"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='rss_stat\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
write$cgroup_int(r2, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00'}, 0x10)
close(0x3)
syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x20, 0x1, [{{0x9, 0x4, 0x0, 0xc7, 0x1, 0x7, 0x1, 0x3, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x9, 0x7f, 0x8}}}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x110, 0x6, 0x6, 0x6, 0x10, 0xcc}, 0x62, &(0x7f0000000240)={0x5, 0xf, 0x62, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0x4d, 0x10, 0x4, "1b4e77de4158ceb74698bd9f7cfe16e1a0c8683805193e7315b0a0dad0c00ea0c9dc2508ce1ddc9e216861f8c02dfd5a156be1ffb567c825dc4700ef48814bde000f5bb4df422859b3d7"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x10, 0x9, 0x5, 0x2}]}, 0x4, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x500a}}, {0x61, &(0x7f0000000300)=@string={0x61, 0x3, "b8b0bdab5a7365cf0aa3ada64267694f887081ed7af74ffe3fda1918e508796d66c08694b616abdf315b10d44de04fca813bcf88d0c8b4fd8eee5497cd6d62e3834213f103de8b67798e4b9d29a162ccf25e9299422547ea669df08ddbfa1b"}}, {0x72, &(0x7f0000000380)=@string={0x72, 0x3, "1178fdb4c128dd74ed99e131ef868496c94c53a32fd102c8822af8b25710a7a5711c7fbf4408c47d7a4a085777d98d50dc613e7cbf2b3d707d821fdb43ba99b54a667881d7de053d41868e2ce0382a66baa21c03616c6ee277ab7c8bcf5591b60ba193e13eec129decccc3848d99654f"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x2809}}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r3}, 0x10)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x183d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x80, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0xfe, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

33.809552341s ago: executing program 33 (id=716):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a0000904"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='rss_stat\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
write$cgroup_int(r2, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00'}, 0x10)
close(0x3)
syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x20, 0x1, [{{0x9, 0x4, 0x0, 0xc7, 0x1, 0x7, 0x1, 0x3, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x9, 0x7f, 0x8}}}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x110, 0x6, 0x6, 0x6, 0x10, 0xcc}, 0x62, &(0x7f0000000240)={0x5, 0xf, 0x62, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0x4d, 0x10, 0x4, "1b4e77de4158ceb74698bd9f7cfe16e1a0c8683805193e7315b0a0dad0c00ea0c9dc2508ce1ddc9e216861f8c02dfd5a156be1ffb567c825dc4700ef48814bde000f5bb4df422859b3d7"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x10, 0x9, 0x5, 0x2}]}, 0x4, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x500a}}, {0x61, &(0x7f0000000300)=@string={0x61, 0x3, "b8b0bdab5a7365cf0aa3ada64267694f887081ed7af74ffe3fda1918e508796d66c08694b616abdf315b10d44de04fca813bcf88d0c8b4fd8eee5497cd6d62e3834213f103de8b67798e4b9d29a162ccf25e9299422547ea669df08ddbfa1b"}}, {0x72, &(0x7f0000000380)=@string={0x72, 0x3, "1178fdb4c128dd74ed99e131ef868496c94c53a32fd102c8822af8b25710a7a5711c7fbf4408c47d7a4a085777d98d50dc613e7cbf2b3d707d821fdb43ba99b54a667881d7de053d41868e2ce0382a66baa21c03616c6ee277ab7c8bcf5591b60ba193e13eec129decccc3848d99654f"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x2809}}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r3}, 0x10)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x183d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x80, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0xfe, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

13.207806585s ago: executing program 2 (id=764):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x87, &(0x7f0000000180), 0x0, 0x594, &(0x7f00000002c0)="$eJzs3U9sFNUfAPDvzPYPLf3R8osxwMUmHCAxLrQ1gp4Ab8YY/x5NaEohDQsltCZAeoC7Bw8cvJp48eoF9USi8eDBgyfw5NmEmAapiTHWzO5MWej2T0rbKZ3PJ5nuvHnbfe/bybfz3s6+bACVNZz9SCMORsTZJGKwra4r8srh1vMW5ucm/pqfm0hicfGDP5JIIuLR/NxE8fwkf9ybF/ZExC9nIv5fW97uzPUbF8cbjcmrefnY7KUrx2au33hl6tL4hckLk5fHRkZff3VsbOzEyeJXep811o/eP/RO/eO37n81/do/t9/b91MSp2KgVVWLtjg2y3AML/1N2mV/1xOb3VhJank8neJk5yvOX3dEvBiDUcuzPjMYU5+W2jlgSy3WIhaBikrkP1RUMQ7I5vHFVu6IZHs9ON2aAGVxL+Rbq6ar9d5I7MnmRgO9D5O2mVFrvju0Ce1nbVw7cub7bIun3k/ZDjdvRcSBTuc/afZtqPkuTkT/w/SJ+NOIOJ4/ZsdHN9j+8FPl5yn+U23xn9lg+6vF37XB1wSAtdw93bqQL7/+pUvjn2he/54c/wx0uHZtRNnX/2L8t7Bs/Pc4/lqH+LPx37vrbOPXH+/8vFJd+/gv2xbmaxPFWHA7PLgVcahj/MlS/EmH+LNxz9l1tvH1N4dXvHe3PP65bY1/8YuII9E5/kKy+v3JY+enGpPHWz87tvHbgTfvrNR+2fFn579/hfhXO//ZsSvrbONk/9HPV6pbO/70957kw+ZeT37k2vjs7NWRiJ7k7eXH15iIFM8pXiOL/+jh1fO/U/x92dxhnfE/mv7u743Hv7Wy+M9t8Px/ts42vv3yh3sr1ZUdPwAAAAAAAOwmafOzHElaX9pP03q9tYb3hehPG9Mzsy+fn/7k8rnWZz6Gojst7nQPtspJVh7JPw9blEefKo9FxP6IuF3ra5brE9ONc2UHDwAAAAAAAAAAAAAAAAAAADvE3rb1/10R8Wettf4fqAhfNAbVJf+huuQ/VJf8h+qS/1Bd8h+qS/5Ddcl/qC75D9Ul/6G65D8AAAAA7Er7X7p7P4mIm2/0NbdMT17XXWrPgK2Wlt0BoDS1sjsAlMatf6guc3wgWaN+zxMPbe6u9ZsAAAAAAAAAAAAAwGY5ctD6f6gq6/+huqz/h+qy/h+qyxwfWOf6/+Ws/wcAAAAAAAAAAACAbTPQ3JK0nq8FHog0rdcj/hcRQ9GdnJ9qTB6PiH0Rca/W3ZuVR8ruNAAAAAAAAAAAAAAAAAAAAOwyM9dvXBxvNCav2rGz/Tt9EbEDuvEMO/+O7oBu9ObZvJmvXPI/JgAAAAAAAAAAAAAAAAAAqKDHi37L7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlOfx9/9v3U7ZMQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6f/AgAA///fCQzH")
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12.548007388s ago: executing program 2 (id=766):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x4a, {0x2, 0x4e20, @multicast1}, 'lo\x00'})
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001280)={0x78, r5, 0xacf5e67dd0b583a1, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4f, 0xe, {{{0x0, 0x2}, {}, @device_a, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @val={0x3, 0x1}, @void, @void, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6}}}]]}, 0x78}}, 0x0)

12.410131201s ago: executing program 3 (id=767):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000400)='./bus\x00', 0xc10, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRESDEC], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r5, &(0x7f0000000580)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f0000001cc0)={0x1074, 0x13, 0x200, 0x70bd2d, 0x25dfdbfe, {0x3, 0x8, 0x77, 0x5, {0x4e23, 0x4e21, [0x0, 0x10001, 0x57ee, 0x7], [0x6, 0xd, 0x4, 0x4], 0x0, [0x2, 0x2]}, 0x2, 0x1000}, [@INET_DIAG_REQ_BYTECODE={0x24, 0x1, "2b890f7365ea414e9769e2858b3ca054c6d44b8152d1e6b2d7e22f8e2ee3f354"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "2b487de31390ea06e95f45c2b24af3c219f5fb066d6339fe1fbea1eba3ef0ef54ec4ee182a00090c1c26bd5bdb032d5bc42783a8a09260d9ad8d7914a087f4d19e76198bc4b564f358c682216568af59fab633920f4dc9e05268215aab3cdfd8f2419b4a7f16a1e8339bd99557a8a618e93888385bb595519ed980c97b46dbf79b38e711f5baab116b62474f0653f6d53fa2751c588f186d7e5cf02f694e86a417a534ccaf39158f64f139a6f4f6daa58efa719b28b0094854c7cfb3034befd42de3bb08852a22422ae1bfb0e6c40c8433d2cc77acaf05d22cbf3e0f76e41ca7dbd2274ff4d1fa60a7b94ae6356d4ab1f97c7a3276358aa58f85f46de70e26037790b3a026e9757a69347b8f1874ded0dd40a35649c01122aaee4e3f19bc3835db81391580a5fc113c0b639d3c7b9e6cbd1aa61d52d36e402dfcbd132e644fc94b468e979070ae8996bca4d76a1bf118b7091fa4f4c1121df509193a514422338e461437d79c27409f7611978162bc99b7aec5cc4676398aa74668c1b1981c56adafee45ed341bb9b7b920281323e268ae353c87beba7f2dbe4774e522fe54344ab07347df18e17e83f663983903b2aca8b6d08d5bc1c272af8953b8c28e07efe6e01b097dc62a06e041271205d280a391531af45d92216859b0664384c90d6e5053a18f109ba541ae396b4b8bf1d0f0b44ca66ccbeb905eff97f058501b49ad002e8275931e44b50e8948f1d4d2f237fc3e98fe57ebd9067e8af400c4ad3e5e357c17a69e6750cc232245e2141bb4d438184f156459bd7a3168947210a166e0ba558388a3de0f0e95f4d108958036367b2329be25be53a1dd9e2e0cf540871c6135ed3334dfc7fc7c3bcbcb8545063b28894c829a109b46ff4162b4878f580a5ea5c6f0cc508256b164a243c5dff4e07e30588ed84d0ec94730cec0af07f481dec7c1003c22add7f44068da4dd1584eea7d438294a8f833e6a4510ed419dba4ed43014fa4fdaaf50d891fab6169a6f0276e1977be1218c8e0600ba258e1ca1cdc78640fae08a48dcba1ff6d967a9f4d10c670fa1f2909239e9f69d59a1195e796e81856a5e17af44f383de44e2ac1d7a772c9aa269c67987cdd3c4b3dc3a71f1ab7461e29792e04e73e3bdbc4d032723001f3c455a4397d8c6132bbc630c290a65f6744e65fb965337b4fc9e05b53605d3488f9be2e849e948962b916bb84aec62ec34fa89b39bdd6592e4781d411655d058b36f4450172ebcb7ae587bd7ae1bc629ecd289621d75263de9e3026fb152504c319c33a90b0536e78d0a815a840270dc8e8ff87d7a485eb0839dca120ac8afe6bb5c14f3fa3e00d7bba1e7004e694ffb41a1fbce997aaf83cd27190b29353b20f47c6de87513c754ad1437ec054a016b407abdacccf8200891ec53b497851180023c92e3663d44086216bebaee9fe840d4f1200a78c1a0137a3d84cbe3e9e6676741768532a7ea3f10072561aa7b8c27b477050a247d9a4ef421ebe67387335aca4b14ae287b44e81bfa5d23f82c5d2910460fae5e8b7f7adbdac972076dc4dcb333077bdb8fc24d49fe52908548edfaa1b1802e39228dc7b368b09f381ed5e2c1b3a82a1b848cb59f2f5c03247e175ab2a9e4412249430ad8f003c91b2f90c770326e611523fe6d5ee409606b66ba88d66f8d34925a425760d51df4b236350cbeea75329b543b4f8fe7a63bd82e17832a095894bbcdfacd800ff24ab2d6fe1814f2abb03e8d80dacc461ca9b113919a3dc98493439b6deb910b0385f3e85f8a58d54b9a3140051c13826babc284012183c4577062aa33d1ad4f3c33a99664107a2f70a348e306b0f0cbcb4f1ab819fb61b72c25d61b39d4e536a19464216d2393a59891983a8e4464823e8da43b1d7445bad56d8ad28b4bb1839441f4f4836ccb02d691e838720cd47cf427fb65ff4a47114aa6b0df1390823caa601b0c6578ad0b77f9b606f6528b9fa32290d38347d5694698689f683a61ec327326349d53901ced7c19e86c6ec74c0c2cc381261515e62df4b45ce8eb0b64994f663ebf3a24c947c72deaf07de8dc9d68e115127a07489e011ff0e71fb79d28bc81b886dae26e696fc37875a9160be7906688f0eaea9e54c92554bb6acddea5ddfc016fc32661728fa88a72eaf62255878864b4de1a4142c5e2800088a9dda46664727abc8da8c851be6371ef73944f7a9cf991b5c275ee1a2df866d3d819c6e47445e91e77cf9f9139ad6fe6f92d12a6de658cad9e51426589b8331030c836d612c5bb1fb0e89e3b9acedaed52703e82e1dd45686dfb1d5f63884bfc3a5948d801d1dd569bcd967d5eab1e23a7b79e44eba73429efb205ac775045fa74677616b9c43e5d82ea076f03bd777424bf002a9f835dad999fcb4bf78963384980be039a885dd9481d520984769a22d96df51e88443950eba4f780f9aba2b3d6a96bc577b707e42dbf62a9859cb6864f03a04d2a99033984d6af9ba916834e9929d4f2c00740611d58ff79ed23c21a5ed73f1134b69a3632b39614e9fad1e3c0042717cdbd7173c88f73de1a1ddf806040097c948bf594c5d64d841fa93101ff75eef2419b01b6a87e262c97aec33319e4b387f815e016e7fc62e32c978900f20ca3068f2dffe582d9eb83a59ec446a29c74096a13f74ee41868f0e5dea0883c8ea3d82945fdbf87ee9e56327a394cb7f5a853802bdd3f0db7e37c88988ff36a495bf27658cac7cf8843add6f5a4aa8cb2f52a51c7487408684792319ef93907c901052f22e028b07031b384799637a53db8a97989d2a4fa92c412e898172c5f83de102afdccd66c63aead87fffe3e4389dc0ca90afedd4d6447cb48fdc718727176c671b7fc93566242c98415754a8a9556a883e61c66574b4db3c6d60edd7ee816a54fe3e0beff8a7ab3ffea68bac05d7d082cd03778bc669083df012d872d990c9b351b56e7f33f4600fc9552571dd706458b4275fc450d374b8153199101bfc2bf8967d916785a8c0b6daf828f3347943b7b340c0a26c5afce03a6177e144702e87bd4d074f7ac6a276467ce141c7c0930c1bb0bb03575f8bc4e994e11668eea2ca9793a450ead592d19f87f79108ce03a680306592911edcd561a15d572c38907e01cd6f96ca6a3d2611c8c5ba9364be2e2648b4e13cdcf953bd065c090fe05ba8b46d07e62911012bdf6cbbed3edc8c9b75f17bc887210160dddea7295c9a085c0d76881b754c35b88b071ebd7829c1649df65863311be4a52f74dcedb48a8e120e1cf6473b944d22a50f8e83b7406aef98944dc63f70b645fa29e3f642c22f4cf34c455281f10262085976c9acdd627343854dbbea2daff177fd3eb70e2d9d64cdbb393454477246f437d686840c0f766239e0bca0e6f75f63f8342835a5f51f8ecb7d499aaa3c9dbd33687be2dc397647169965b352089d0a569bd8a0b6e5adbd361b42e5b92906b11cc58062a06e23289801241618085c4a3096175c3837f6857e889330495935c2a60b871e6cce31bd75bcb01d5a789b10194b8da4d1e7528d024133cb213f20f752d2db6394195e66885ee26460da8ab3dea36083fe04f127216d744cc1ff71bb27877259ae3f24d095b60ea0ee704ea81f979a4d887cb4939f8160664c532b3e93ef2fc83f2126b0386b9f747dc3d7a317d586c0984219cb65fa14002a493545dd0e1c93038cbffbe0211b96fea5923e79e09ee119457ef20dbab4df16c5f049cba6e80c78b5dbc69320ade92f83dfa7e10ec407ee610eb56d29d9634c26f505eea43a000628c322055643b3a3e72cb096a5420bab8f8b2cb595cd591361d1f22fc77849050e99d41dfb6c1659713e374a2ce17c8d9904a0b9ff87cdd6cee2547223cb909ff0eb364620f4ed2d2a939739874ff74cf48b7ec4c53676bfd1be17f25a124e38de03034805989257e629b4d9683ac9055eb0f10ad849b8f6327a12ab70ab2e86a484218db4ff9229966012187fb3abe92c41f23f2c8078dd1581176dd92bff0bb6a2fd4881be3c5fa010329b9cfe1024e7d694b71e94b175a9a2435f0514634c34b70a472d8135028a2614ec076ab69b5f9a3583fc9668cbb631995c3758c8a37de2744b70ecd0c4bcf46425b95a729b8bc4f7bcdb5c42375229ef3565c60571ddf9a2033368491a92201fe9e4e7fc2f521b0f6758d734b605ef862760521f6e1fd2117a707ffa0805d9cf30e7d6a5e769dc540d5250b388a066750dd0b1ee8b04fb3d8175a06ec43531db889b597186be7eb6b490bb9e29cbe8c600b56a2b31c23ba1182a78887f5cdb15b2cbfbc933e59c3a1e8bea51bb5d98457a59cada37288649f32fee61c0537daaa9c3cce4667c2a02a920e448ec5f59061e9f9d1f7a1be9b7aeef49dbf178259a62fb7efde65e43a53e7b4ce07c7f9862047600922a824d5ef39a83f58b005c81e6bf8813673d5cd978bb79423474454e9b5e6018f6c03030ec929c85d91a5f5031f784e144571182f6abd63923f0fb885355819994c13cfc635c4fd9050ef640c5bc255f478ba95e9c1733939250d7fd2e0578ea89ef4dfc3083efd5da48436966c5416b65ed11dfcb2f5096bff84fa57518f44f5bc3306f75ba3c803768474884d2d89f509aba68675ad9ed94ba3a2080c39b5f9a49e0840cf7435e86567b7e6c42c116babceef037e5838cea514e0bdd2b1500d8cdbaba358ba144c3fa95e3725cd558733bc93f497afdc530a2a7f0ce75546cd451b371239e0e12727ff7938e6d97e914059aae7ce56609acaf9018f5754ab7dbe9618cabd60da4c6a53471cb3e4005f1db7458363c527a28051308f292ee0eb7ec5fe98d774ea3d995865ecd4e094a4537b3705c6d0b7a9a5a31cd295cf68f97e7545a03b4e835da342296245166a5816a55f41bf70ec582a8515545d91f7293ff96f08c1d4d361eb964c30598bc144a2325d1f8c7ecbb8c0be1a0a0bf8ee4e947625d50b8ff1552b45c745ed08b8fdb1fbbed4ad1fc73d260587dad4bd74a7d493cbd9cd0a4f37fb5da240568bfcbb1b65848dde42cf96376dca3debe6230358dcd6961b6df8c91c3207ff2b3d0fc6ab421c70c863e2ae5296fa3b3234a615d6e794bb5e9e8c1fa627e308b27e7da2b53076701de3d38dd5a46f748f899c8ab4fa7b2d8f46de66587c442e4f03e7e9d782480179528c9015febaecb9619782e78246788259e13cda5b0bccbbf76548be2ef090972c03a02329ca4fe6a6e84652eef6260a648fcf3c0f594c8a859ddeddb8d93d5509465b47397270d25e49028cec8488f9eed99c6df2a3815ceec87b0efd80fab066082aa6307002265b1b3d47a541164954cc5d5eb5b139724a0d23cfac9580926f222054e3cb0cadf691f50171c1e4a9aaa0281c8a11d3ad3aa1fd526a8d8d5d063374356b208297d5248baffb389cbccba0642a6e04369202ac71d476d9998b24d9f85e0689698e7032cbf9a239782490776922d71f4768cc39bfb17d7e1a58ed67d7c3582fef3278681230cd7145f443dc48e59d9b23a0a0f54859a40df975c815737b392a26df9f0174b57325a0bb9daebc397425d0aa0ee8cb4f8b86ee285eaceb675957e31202b4aa63f5312a8188433b9f9c52a1296548389ffdd6b47c6aff4ac83d8eb09135f35c74e683869e3f45b0ae8e462664d2ad66c9c27ff85e118159fd9e81cca04dca4730fd86687faa9391731c2d54f2cb0f7eb88ebb17f6f0fe61f07b8856f8eb438ba9155cd0df15bcc5728e461023085eb8aa60c3716585f2daad31ee6f759453d1e6c1735"}]}, 0x1074}, 0x1, 0x0, 0x0, 0x4000000}, 0x44000)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r4, 0x29, 0x38, &(0x7f0000001740)=0x6, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

7.772804555s ago: executing program 0 (id=780):
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESOCT=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
fstat(r1, 0x0)

7.694798783s ago: executing program 0 (id=782):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000200)={[{@resuid}, {@init_itable}, {@stripe}, {@stripe={'stripe', 0x3d, 0x200}}]}, 0x3, 0x453, &(0x7f0000001f80)="$eJzs3M9vFFUcAPDvzHaLCNiKqPxS8Vck/mgpoHLwoEYTD5iY6EGPTVsIslBDayKEKBiDJ2NMvBuP/gt60Ysxnoxe9W5IiOECeFozuzN0d7u7tNsti93PJxl4b+ZN3/v2zdt9M2+3AQytfdk/ScTWiPgzIsbq2eYC++r/Xb96fubG1fMzSVSrb/+T1Mpdu3p+pihanLclz+xPI9LPktjTpt6Fs+dOTlcqc2fy/OTiqQ8mF86ee+7Eqenjc8fnTh88cuTwoakXXzj4fF/izNp0bffH83t3vfHeV28e/aIp/pY41mznpsYf3daT1WrfqrsTbGtIJyMDbAirUoqIrLvKtfE/FqVY6ryxeP3TgTYOWFfVarW6pfPhC1VgA0uiOW/Iw7Ao3uiz+99ia50EvLx+04+Bu/JK/QYoi/t6vtWPjESalym33N/2076IePfCv99kW/T7OQQAQBs/ZvOfZ9vN/9J4oKHcPfna0HhE3BsR2yPivojYERH3R9TKPhgRO1dZf+siyfL5T3q5p8BWKJv/vZSvbTXP/4rZX4yX8ty2Wvzl5NiJytyB/HeyP8qbsvxUlzp+eu2PLzsda5z/ZVtWfzEXzNtxeWRT8zmz04vTa4m50ZWLEbtH2sWf3FwJSCJiV0Ts7rGOE09/t7fTsVvH30Uf1pmq30Y8Ve//C9ESfyHpvj45eVdU5g5MFlfFcr/+dumtTvWvKf4+yPr/7rbX/834x5PG9dqF1ddx6a/PO97T9Hr9jybv1NKj+b6PphcXz0xFjCZH641u3H9w6dwiX5T/4ff6/nbjf3ss/Sb2RER2ET8UEQ9HxCN52x+NiMci4vEu8f/y6hPv9x7/+sr6f3ZV/b+UGI3WPe0TpZM/f99U6fiy+G907//DtdT+fM9KXv9W0q7ermYAAAD4/0kjYmsk6cTNdJpOTNQ/L78jIq3MLyw+c2z+w9Oz9e8IjEc5LZ50jTU8D53Kb+vr+YsRUf9oQXH8UP7c+OvS5lp+Yma+Mjvo4GHIbekw/jN/lwbdOmDd+b4WDC/jH4aX8Q/Dy/iH4dVm/G8eRDuA26/d+/8nA2gHcPu1jH/LfjBE3P/D8Oo4/jfyX/4Barz/w1Ba2By3/pJ810Txk3o8fcMmonxHNGPtiWrStnMjHXTDJNYzMdjXJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH75LwAA//8HW+BC")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r4}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})

6.659855772s ago: executing program 2 (id=784):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'veth1_vlan\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000006c0)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc3524cc67f8b5aeb3b1cc329e0396256f39052d7ecbc34b03546faa976fc65e3", 0x44, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)

6.47149349s ago: executing program 3 (id=786):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, r1, 0x25, 0x0, @val=@tracing}, 0x40)
syz_emit_ethernet(0x112e, &(0x7f00000005c0)=ANY=[], 0x0)

6.402302617s ago: executing program 2 (id=787):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

5.787867516s ago: executing program 3 (id=788):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r6, 0x1)
listen(r6, 0x0)
shutdown(r6, 0x0)
writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1)

5.709475363s ago: executing program 2 (id=790):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe, 0xfffffffd, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x8}, @ptr, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r4, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, &(0x7f0000000100)=[0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r6=>0x0, 0x89, &(0x7f0000000180)=[{}], 0x8, 0x0, 0x0, &(0x7f00000002c0), 0x8, 0x84, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000040)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000180), &(0x7f0000000200)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.815497195s ago: executing program 2 (id=791):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000084c05e60c00000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="2001"], 0x0})
socketpair$unix(0x1, 0x1, 0x0, 0x0)

3.703893175s ago: executing program 6 (id=793):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
io_uring_setup(0x36a3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x400000})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'pim6reg1\x00', 0x20})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r4, 0x802c550a, &(0x7f0000000280)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.606278734s ago: executing program 6 (id=795):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0xa)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x80d1}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r7, 0x3)

3.5558253s ago: executing program 0 (id=796):
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r2}, 0x18)
r3 = io_uring_setup(0x5751, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x2, &(0x7f0000000200), 0x1)
sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000100)=0x1c9, 0x4)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000140)=0x6, 0x4)
sendto$inet(r1, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0)
recvmsg(r1, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x2002)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r4, &(0x7f0000000000)="fa", 0xfffffdef)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
memfd_create(&(0x7f0000000200)='{%@]*\'\x00', 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x3000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
setsockopt$MRT6_DEL_MFC_PROXY(r7, 0x29, 0xd3, &(0x7f0000000240)={{0xa, 0x4e24, 0x234a0a0d, @mcast1, 0xfff}, {0xa, 0x4e21, 0x5, @empty, 0x7e}, 0x0, {[0x150a, 0x9, 0xa8, 0x1000, 0xee, 0xf8, 0x101, 0x8]}}, 0x5c)
write$binfmt_misc(0xffffffffffffffff, &(0x7f00000004c0), 0xfffffcdd)

2.498548851s ago: executing program 4 (id=797):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'veth1_vlan\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000006c0)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc3524cc67f8b5aeb3b1cc329e0396256f39052d7ecbc34b03546faa976fc65e3", 0x44, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)

2.494211371s ago: executing program 6 (id=798):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r6, 0x1)
listen(r6, 0x0)
shutdown(r6, 0x0)
writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1)

2.29984708s ago: executing program 4 (id=799):
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x4})
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000280)=""/74})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000480)={0x1, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)={0x1, 0x0, [{0x2, 0x56, &(0x7f0000000600)=""/86}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000004c0)=0x1)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x40)

1.516147935s ago: executing program 6 (id=800):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000040), 0x4)

1.432147883s ago: executing program 6 (id=801):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

1.291886896s ago: executing program 0 (id=802):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r0 = syz_open_dev$vcsu(0x0, 0x9, 0x2000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0x5}, {0x9, 0x5, 0xd, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622ea74b2b7f6a0cad8c932e1559f5fc8cd77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d00b391d8177d7bb9f129db3d36dd015c7bd3f15aa6aadbeafdc3cf4cda547a9f1c27a7b2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11befffffffeffffffff97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00512fea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579ebb6d949fb12f63be72a3d817b324d6cada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108f6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0xe, 0x0, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x241, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r5}, 0x38)

1.055881199s ago: executing program 6 (id=803):
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x103400, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02})
preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x20000385}], 0x1, 0x0, 0x0)

238.848927ms ago: executing program 3 (id=804):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESOCT=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
fstat(r1, 0x0)

235.093197ms ago: executing program 0 (id=805):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
io_uring_setup(0x36a3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x400000})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'pim6reg1\x00', 0x20})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r4, 0x802c550a, &(0x7f0000000280)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

211.23321ms ago: executing program 4 (id=806):
r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r0, 0x501c4814, 0x0)
ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x0, 0x0, 0x4})

135.898297ms ago: executing program 4 (id=807):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x3a4, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NODE={0x334, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x32a, 0x3, "8e42fd1d2329b145e12cd57d9d7dd1ccfa3e9b73de032fb7841220a74bddef4bdadd89759fe3b9fcf03a2214932e4ac0c7bef23467226db81a59b25114d663251f22358d6789665cac6bd3d8bd9db0ef4de3a18bfaf3782d86c1de7515cd680583e72c9bd4267e21ee00fa61412f5da6cce23bbb33e4263e731d025cbf494cff72e8312e823b2569e3f1727ef5b59dfe313253ab9d77884a8c93567c11ab36b2d509fc0d0b87826981d622d7d5f494ef21031f3434a04fc0184fc89f8f1066514878205ae6b649f93ca3be9a3e3c0d57bd435f1be2a98d7620be218dbb5e36726eda3a253194764d7566b2cccd649aa558793b3a9e84482760ebb9f90d103b9a36fc2a6743bfaf9de974c216aac6d23c73334afac9019f29d5f94d305f4404f0e67d20c086ea9193b97467e19079619c94ce2b30b1b0007a9d7e7075154a73ed7a551d4bc24e66769cdd659f8a7853aeb649d4d62147aba0008edae131814efe830938a14e0b7e03df975dde088d120167752efe7d8f7317bdfb774e91b1470c4e8f22c66ff6db6ec36e848775f982558bf60c1d55856d0e0ba959d2915c7abc15cf93f486825164becb9e2dd988e5380fb972b3eaa2b4de10ff753c1fefae597c8c7501d6ddbb388c9788d6054d7f85d0292efc15002e79f1daa55af63a2ffa94ecc5c3004949c1152bb769caa3322a9edbe402070f570bce38d59014e2f9a102024978c2b211af9c43f893a0dea2d2a5fb3af6196c32bb55f8786fbbf498b2e3a16b42195f17ec48ca4e885f80731dfa51c816505299f77611830c33e3c9b1b3bdac07d5930f90918a2b23c6588166437f7f52875cc66d19283c6c42984ee2f1b467f700d38d8dccd50c785f034e493d1e7d16a57ec30316003ea8bbf8d8eddff1ebcde2368c6352e0100a7ddb710fca41c489e9dcaff5c875bf995ed91fa177c08373a6bce21a7ade82166f414cc79fb75b8ee7feafd8259d40b3fa428d68203c5446d969c3a3df0b61b66b7c957a3bb748a9e6fc1c2e568ff4481f514df26e0258b1373a69116a64589a109338602de798633b8994d6556ca8c814005507349ae8f08a8a78d8e1f00faa85a8d11aa521377d1812732aff65e287a4062feb4ac55521ac62"}]}]}, 0x3a4}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000004c0)=0x68)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

87.994561ms ago: executing program 4 (id=808):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000e80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = dup2(r1, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
lchown(0x0, 0x0, 0x0)

66.623444ms ago: executing program 3 (id=809):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth1_vlan\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f00000006c0)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc3524cc67f8b5aeb3b1cc329e0396256f39052d7ecbc34b03546faa976fc65e3", 0x44, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)

25.152558ms ago: executing program 4 (id=810):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000120cf4bf5c8049ebaf167aee29325d63057860c4734d3c0000000000000100", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_to_bond\x00', <r2=>0x0})
r3 = socket(0x1, 0x5, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x3]}, 0x8, 0x80800)
io_setup(0x1, &(0x7f0000000b80)=<r6=>0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x500000, 0x0)
io_submit(r6, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
getsockopt(r3, 0x1, 0x8, &(0x7f00000032c0)=""/12, &(0x7f0000003300)=0xc)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES64], 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
connect$inet(r8, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendmmsg$inet(r8, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r9 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$BLKTRACESTART(r9, 0x1274, 0x0)
r10 = syz_open_dev$hiddev(&(0x7f0000000300), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r10, 0x400c4808, &(0x7f00000000c0)={0x2})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001900010000000000000000001d01000008000a00", @ANYRES32=r2, @ANYBLOB="08010900", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r0}, 0x20)
syz_usb_connect$cdc_ecm(0x4, 0x56, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x20, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x0, 0x5, 0x0, 0x81}}], {}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x0, 0xf1}}}}}]}}]}}, &(0x7f0000000300)={0x0, 0x0, 0xf, &(0x7f0000000000)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa}]}})
preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/62, 0x3e}], 0x1, 0x1000, 0x7)

613.96µs ago: executing program 3 (id=811):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r6, 0x1)
listen(r6, 0x0)
shutdown(r6, 0x0)
writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1)

0s ago: executing program 0 (id=812):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000040), 0x4)

kernel console output (not intermixed with test programs):

648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.119'.
[  100.185864][ T4649] xt_TCPMSS: Only works on TCP SYN packets
[  100.808443][ T4656] loop1: detected capacity change from 0 to 512
[  101.041162][ T4656] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  101.291113][ T4656] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  101.488480][ T4656] System zones: 1-12
[  101.635161][ T4656] EXT4-fs (loop1): 1 truncate cleaned up
[  101.687180][ T4656] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  101.818229][ T4675] loop4: detected capacity change from 0 to 512
[  101.964077][ T4675] EXT4-fs (loop4): bad s_want_extra_isize: 11962
[  102.045484][ T4681] xt_TCPMSS: Only works on TCP SYN packets
[  102.363988][ T4683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.130'.
[  102.375470][   T21] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  102.772918][   T21] usb 4-1: Using ep0 maxpacket: 16
[  102.803368][ T4673] usb usb8: usbfs: process 4673 (syz.4.128) did not claim interface 0 before use
[  102.895986][   T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.916353][   T21] usb 4-1: config 0 has no interfaces?
[  102.921991][   T21] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  102.936274][   T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.949647][   T21] usb 4-1: config 0 descriptor??
[  103.105765][ T4696] loop2: detected capacity change from 0 to 512
[  103.185753][ T4696] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  103.205509][ T4696] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  103.215887][ T4680] udc-core: couldn't find an available UDC or it's busy
[  103.220294][ T4696] System zones: 1-12
[  103.223981][ T4680] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  103.338037][ T4696] EXT4-fs (loop2): 1 truncate cleaned up
[  103.352211][ T4696] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  103.617267][ T4703] loop1: detected capacity change from 0 to 1024
[  103.627087][ T2018] usb 4-1: USB disconnect, device number 2
[  103.693677][ T4703] EXT4-fs (loop1): first meta block group too large: 50331648 (group descriptor block count 1)
[  103.723832][ T4707] xt_TCPMSS: Only works on TCP SYN packets
[  104.671626][ T4716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.141'.
[  104.926413][ T4721] loop4: detected capacity change from 0 to 512
[  105.042790][ T4721] EXT4-fs (loop4): bad s_want_extra_isize: 11962
[  105.075999][ T4728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.142'.
[  105.098214][ T4721] usb usb8: usbfs: process 4721 (syz.4.143) did not claim interface 0 before use
[  105.909779][ T4743] xt_TCPMSS: Only works on TCP SYN packets
[  106.711016][ T4752] loop2: detected capacity change from 0 to 512
[  106.842045][ T4752] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  107.118034][ T4752] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  107.309921][ T4752] System zones: 1-12
[  107.472411][ T4752] EXT4-fs (loop2): 1 truncate cleaned up
[  107.555394][ T4752] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  107.808304][ T4759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.154'.
[  108.534042][ T4770] loop0: detected capacity change from 0 to 512
[  108.543058][ T4769] loop3: detected capacity change from 0 to 1024
[  108.586785][ T4769] EXT4-fs (loop3): first meta block group too large: 50331648 (group descriptor block count 1)
[  108.633146][ T4770] EXT4-fs (loop0): bad s_want_extra_isize: 11962
[  108.679555][ T4776] xt_TCPMSS: Only works on TCP SYN packets
[  108.758927][ T4770] usb usb8: usbfs: process 4770 (syz.0.158) did not claim interface 0 before use
[  109.803756][ T4790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'.
[  110.034568][ T4811] xt_TCPMSS: Only works on TCP SYN packets
[  110.049487][ T4809] loop2: detected capacity change from 0 to 512
[  110.107779][ T4809] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  110.137415][ T4809] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  110.166623][ T4816] loop3: detected capacity change from 0 to 512
[  110.183353][ T4809] System zones: 1-12
[  110.194077][ T4809] EXT4-fs (loop2): 1 truncate cleaned up
[  110.199848][ T4809] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  110.260575][ T4816] EXT4-fs (loop3): bad s_want_extra_isize: 11962
[  110.948380][ T4816] usb usb8: usbfs: process 4816 (syz.3.174) did not claim interface 0 before use
[  111.380846][ T4832] loop0: detected capacity change from 0 to 1024
[  111.574339][ T4832] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1)
[  112.682082][ T4846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'.
[  112.855309][ T4850] loop2: detected capacity change from 0 to 512
[  112.902673][ T4850] EXT4-fs (loop2): bad s_want_extra_isize: 11962
[  112.975858][ T4857] loop0: detected capacity change from 0 to 512
[  113.009038][ T4857] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  113.020925][ T4850] usb usb8: usbfs: process 4850 (syz.2.185) did not claim interface 0 before use
[  113.110102][ T4857] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  113.175542][ T4857] System zones: 1-12
[  113.243040][ T4857] EXT4-fs (loop0): 1 truncate cleaned up
[  113.248870][ T4857] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  113.332886][ T4867] loop1: detected capacity change from 0 to 512
[  113.996738][ T4872] xt_TCPMSS: Only works on TCP SYN packets
[  114.049747][ T4867] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  114.440020][ T4867] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  114.477718][ T4867] System zones: 1-12
[  114.503719][ T4867] EXT4-fs (loop1): 1 truncate cleaned up
[  114.510903][ T4867] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  114.790969][ T4883] loop0: detected capacity change from 0 to 256
[  114.795526][ T4885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'.
[  114.921504][ T4883] exFAT-fs (loop0): Invalid exboot-signature(sector = 7): 0xaa00006c
[  115.115958][ T4883] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2119ad3c)
[  115.827487][ T4883] exFAT-fs (loop0): invalid boot region
[  115.880464][ T4883] exFAT-fs (loop0): failed to recognize exfat type
[  116.234262][ T4895] loop2: detected capacity change from 0 to 1024
[  116.290256][ T4895] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[  116.478498][ T4903] loop4: detected capacity change from 0 to 512
[  116.647041][ T4903] EXT4-fs (loop4): bad s_want_extra_isize: 11962
[  116.977982][ T4902] usb usb8: usbfs: process 4902 (syz.4.199) did not claim interface 0 before use
[  117.491823][ T4920] fuse: Bad value for 'fd'
[  117.688678][ T4927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.207'.
[  117.718981][ T4928] loop0: detected capacity change from 0 to 512
[  117.784157][ T4928] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  117.987849][ T4928] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  117.999785][ T4928] System zones: 1-12
[  118.008837][ T4928] EXT4-fs (loop0): 1 truncate cleaned up
[  118.025124][ T4928] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  118.150852][ T4937] loop4: detected capacity change from 0 to 512
[  118.231893][ T4937] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  118.290521][ T4937] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  118.300546][ T4937] System zones: 1-12
[  118.316988][ T4937] EXT4-fs (loop4): 1 truncate cleaned up
[  118.336914][ T4942] xt_TCPMSS: Only works on TCP SYN packets
[  118.350854][ T4937] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  118.372320][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.840657][ T4944] loop3: detected capacity change from 0 to 1024
[  119.382623][ T4944] EXT4-fs (loop3): first meta block group too large: 50331648 (group descriptor block count 1)
[  119.901899][ T4952] loop0: detected capacity change from 0 to 512
[  120.287799][ T4952] EXT4-fs (loop0): bad s_want_extra_isize: 11962
[  120.431723][ T4952] usb usb8: usbfs: process 4952 (syz.0.213) did not claim interface 0 before use
[  120.589800][ T4962] fuse: Bad value for 'fd'
[  120.646320][ T4968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.218'.
[  120.699212][ T1323] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  120.955156][ T4980] loop3: detected capacity change from 0 to 512
[  121.040623][ T4980] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  121.065433][ T1323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.090516][ T1323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.091415][ T4980] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  121.116911][ T1323] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  121.130501][ T1323] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  121.139988][ T1323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.150606][ T1323] usb 5-1: config 0 descriptor??
[  121.156800][ T4980] System zones: 1-12
[  121.176846][ T4980] EXT4-fs (loop3): 1 truncate cleaned up
[  121.195555][ T4980] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  121.355130][ T4984] loop0: detected capacity change from 0 to 512
[  121.617045][ T4987] xt_TCPMSS: Only works on TCP SYN packets
[  122.013186][ T4984] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  122.048859][ T4984] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.154314][ T1323] prodikeys 0003:041E:2801.0003: unexpected long global item
[  122.162215][ T1323] prodikeys 0003:041E:2801.0003: hid parse failed
[  122.184593][ T1323] prodikeys: probe of 0003:041E:2801.0003 failed with error -22
[  122.359308][ T4992] loop0: detected capacity change from 0 to 512
[  122.362336][   T23] usb 5-1: USB disconnect, device number 5
[  122.426286][ T4992] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  122.499389][ T4992] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  122.514220][ T4992] System zones: 1-12
[  122.563580][ T4992] EXT4-fs (loop0): 1 truncate cleaned up
[  122.569266][ T4992] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  123.509396][ T5006] loop3: detected capacity change from 0 to 1024
[  123.560528][ T5008] loop2: detected capacity change from 0 to 512
[  123.578995][ T5006] EXT4-fs (loop3): first meta block group too large: 50331648 (group descriptor block count 1)
[  123.586129][ T5012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.232'.
[  123.666514][ T5008] EXT4-fs (loop2): bad s_want_extra_isize: 11962
[  123.676798][ T5016] fuse: Bad value for 'fd'
[  123.753932][ T5008] usb usb8: usbfs: process 5008 (syz.2.229) did not claim interface 0 before use
[  123.832996][ T5021] loop0: detected capacity change from 0 to 512
[  123.858882][ T5021] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  123.913397][ T5021] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  123.921784][ T5021] System zones: 1-12
[  123.935994][ T5021] EXT4-fs (loop0): 1 truncate cleaned up
[  123.941681][ T5021] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  124.229445][ T5026] xt_TCPMSS: Only works on TCP SYN packets
[  124.812733][    T7] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  125.034155][ T5034] loop1: detected capacity change from 0 to 512
[  125.118350][ T5034] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  125.169001][ T5034] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  125.172921][    T7] usb 3-1: config 1 interface 0 has no altsetting 0
[  125.194046][ T5034] System zones: 1-12
[  125.237789][ T5034] EXT4-fs (loop1): 1 truncate cleaned up
[  125.304926][ T5034] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  125.352845][    T7] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  125.366794][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.380619][    T7] usb 3-1: Product: syz
[  125.384940][    T7] usb 3-1: Manufacturer: syz
[  125.396299][    T7] usb 3-1: SerialNumber: syz
[  125.623379][ T4207] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  126.225722][    T7] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  126.242886][ T4207] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  126.264663][ T4207] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  126.298939][ T4207] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  126.329297][ T4207] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  126.485646][ T5051] netlink: 4 bytes leftover after parsing attributes in process `syz.1.243'.
[  126.514124][ T4207] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  126.532664][    C0] usblp0: nonzero write bulk status received: -71
[  126.569750][ T4207] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.582176][ T4207] usb 4-1: Product: syz
[  126.612621][ T4207] usb 4-1: Manufacturer: syz
[  126.618266][ T4207] usb 4-1: SerialNumber: syz
[  126.637079][ T4207] usb 4-1: config 0 descriptor??
[  126.657312][    T7] usb 3-1: USB disconnect, device number 3
[  126.693738][ T4207] ums-isd200 4-1:0.0: USB Mass Storage device detected
[  126.725158][ T5022] usblp0: removed
[  126.758623][ T5058] loop1: detected capacity change from 0 to 512
[  126.864540][ T5058] EXT4-fs (loop1): bad s_want_extra_isize: 11962
[  126.917658][ T5062] loop4: detected capacity change from 0 to 512
[  126.988575][ T5062] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  127.002952][ T5058] usb usb8: usbfs: process 5058 (syz.1.246) did not claim interface 0 before use
[  127.027608][ T5062] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  127.052379][ T5062] System zones: 1-12
[  127.086039][ T5062] EXT4-fs (loop4): 1 truncate cleaned up
[  127.091723][ T5062] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  127.303584][ T5067] loop0: detected capacity change from 0 to 1024
[  127.420346][ T5067] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1)
[  127.433054][ T5075] xt_TCPMSS: Only works on TCP SYN packets
[  128.341661][ T5092] loop4: detected capacity change from 0 to 512
[  128.452455][ T5092] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  128.490577][ T5092] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  128.509610][ T5092] System zones: 1-12
[  128.521816][ T5092] EXT4-fs (loop4): 1 truncate cleaned up
[  128.532855][ T5092] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  129.535795][ T4207] scsi host1: usb-storage 4-1:0.0
[  129.585029][ T4207] usb 4-1: USB disconnect, device number 3
[  129.687457][ T5112] loop4: detected capacity change from 0 to 128
[  130.293304][ T5116] loop1: detected capacity change from 0 to 512
[  130.669517][ T5116] EXT4-fs (loop1): bad s_want_extra_isize: 11962
[  131.069835][ T5116] usb usb8: usbfs: process 5116 (syz.1.261) did not claim interface 0 before use
[  131.275384][ T4207] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  131.297785][ T5127] loop1: detected capacity change from 0 to 512
[  131.378357][ T5127] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  131.411700][ T5127] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  131.428828][ T5127] System zones: 1-12
[  131.440847][ T5127] EXT4-fs (loop1): 1 truncate cleaned up
[  131.465726][ T5127] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  131.662965][ T4207] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  131.683435][ T4207] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  131.748108][ T4207] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.794044][ T5139] loop0: detected capacity change from 0 to 512
[  131.858716][ T5140] xt_TCPMSS: Only works on TCP SYN packets
[  132.320362][ T5139] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  132.408095][ T5139] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  132.424762][ T5139] System zones: 1-12
[  132.431521][ T5139] EXT4-fs (loop0): 1 truncate cleaned up
[  132.443375][ T5139] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  132.565025][ T4207] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  132.576537][ T4207] usb 4-1: USB disconnect, device number 4
[  132.992989][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  132.999337][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  133.037688][ T5150] loop1: detected capacity change from 0 to 1024
[  133.366306][ T5156] loop2: detected capacity change from 0 to 256
[  133.778635][ T5157] loop3: detected capacity change from 0 to 1024
[  133.835806][ T5150] EXT4-fs (loop1): first meta block group too large: 50331648 (group descriptor block count 1)
[  134.010834][ T5157] EXT4-fs (loop3): Ignoring removed orlov option
[  134.087944][ T5157] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  134.145747][ T5157] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  134.179814][ T5156] FAT-fs (loop2): IO charset mact=maccroatian not found
[  134.536102][ T5172] hub 6-0:1.0: USB hub found
[  134.553339][ T5172] hub 6-0:1.0: 1 port detected
[  135.002026][ T5171] loop0: detected capacity change from 0 to 512
[  135.096713][ T5171] EXT4-fs (loop0): bad s_want_extra_isize: 11962
[  135.224034][ T5171] usb usb8: usbfs: process 5171 (syz.0.278) did not claim interface 0 before use
[  135.839773][ T5188] loop1: detected capacity change from 0 to 512
[  135.866645][ T5188] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  135.892841][ T5188] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  135.900998][ T5188] System zones: 1-12
[  135.910608][ T5188] EXT4-fs (loop1): 1 truncate cleaned up
[  135.917803][ T5188] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  136.261699][ T5194] loop3: detected capacity change from 0 to 512
[  136.735778][ T5194] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  136.838123][ T5194] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  136.867731][ T5194] System zones: 1-12
[  136.893930][ T5194] EXT4-fs (loop3): 1 truncate cleaned up
[  136.909989][ T5194] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  137.286170][ T5211] loop1: detected capacity change from 0 to 1024
[  137.548296][ T5211] EXT4-fs (loop1): first meta block group too large: 50331648 (group descriptor block count 1)
[  137.566224][ T5216] usb usb8: usbfs: process 5216 (syz.0.292) did not claim interface 0 before use
[  139.330335][ T5251] loop2: detected capacity change from 0 to 512
[  139.510082][ T5251] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  139.673518][ T5259] loop3: detected capacity change from 0 to 512
[  140.053265][ T5251] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  140.072223][ T5259] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  140.099458][ T5251] System zones: 1-12
[  140.123612][ T5259] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  140.139635][ T5251] EXT4-fs (loop2): 1 truncate cleaned up
[  140.166649][ T5259] System zones: 1-12
[  140.174775][ T5251] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  140.222216][ T5259] EXT4-fs (loop3): 1 truncate cleaned up
[  140.229925][ T5259] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  140.295535][ T5272] device pim6reg1 entered promiscuous mode
[  140.890728][ T5280] loop1: detected capacity change from 0 to 512
[  140.982410][ T5280] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  141.020769][ T5280] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.310: bad orphan inode 1
[  141.079689][ T5280] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,i_version,usrquota,min_batch_time=0x0000000000000005,nomblk_io_submit,lazytime,jqfmt=vfsold,,errors=continue. Quota mode: writeback.
[  141.347466][ T4165] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /59/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.425662][ T4165] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 21: comm syz-executor: bad entry in directory: inode out of bounds - offset=7168, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.427899][ T5293] loop0: detected capacity change from 0 to 1024
[  141.466345][ T4165] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /59/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.528714][ T4165] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 21: comm syz-executor: bad entry in directory: inode out of bounds - offset=7168, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.571265][ T4165] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /59/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.645194][ T4165] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 21: comm syz-executor: bad entry in directory: inode out of bounds - offset=7168, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.649055][ T5293] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1)
[  141.699104][ T4165] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /59/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.744368][ T4165] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 21: comm syz-executor: bad entry in directory: inode out of bounds - offset=7168, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.785579][ T4165] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /59/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[  141.881940][ T4165] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 21: comm syz-executor: bad entry in directory: inode out of bounds - offset=7168, inode=64815104, rec_len=1024, size=1024 fake=0
[  142.788405][ T4295] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.988402][ T4295] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.350276][ T5313] loop3: detected capacity change from 0 to 512
[  143.493908][ T5313] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  143.589545][ T5313] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  143.612779][ T5313] System zones: 1-12
[  143.626875][ T4295] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.646999][ T5313] EXT4-fs (loop3): 1 truncate cleaned up
[  143.700917][ T5313] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  145.169226][ T4295] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.233696][ T5328] loop0: detected capacity change from 0 to 512
[  145.478255][ T5328] EXT4-fs error (device loop0): ext4_do_update_inode:5174: inode #3: comm syz.0.325: corrupted inode contents
[  145.611138][ T5341] loop4: detected capacity change from 0 to 512
[  145.613397][ T5328] EXT4-fs error (device loop0): ext4_dirty_inode:6010: inode #3: comm syz.0.325: mark_inode_dirty error
[  145.666953][ T5345] loop2: detected capacity change from 0 to 1024
[  145.679135][ T5328] EXT4-fs error (device loop0): ext4_do_update_inode:5174: inode #3: comm syz.0.325: corrupted inode contents
[  145.700783][ T5341] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  145.718084][ T5345] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[  145.742609][ T5328] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #3: comm syz.0.325: mark_inode_dirty error
[  145.770844][ T5341] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  145.792902][ T5341] System zones: 1-12
[  145.814754][ T5328] Quota error (device loop0): write_blk: dquota write failed
[  145.826872][ T5328] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  145.837058][ T5328] EXT4-fs error (device loop0): ext4_acquire_dquot:6197: comm syz.0.325: Failed to acquire dquot type 0
[  145.837489][ T5341] EXT4-fs (loop4): 1 truncate cleaned up
[  145.889805][ T5328] EXT4-fs (loop0): 1 orphan inode deleted
[  145.913808][ T5328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  145.920407][ T5320] chnl_net:caif_netlink_parms(): no params data found
[  145.935434][ T5328] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.976433][ T5341] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  146.145382][ T5357] loop3: detected capacity change from 0 to 512
[  146.516035][ T5357] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  146.602759][ T5357] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  146.715874][ T5357] System zones: 1-12
[  146.797461][ T5357] EXT4-fs (loop3): 1 truncate cleaned up
[  146.831594][ T5357] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  147.163509][ T4211] Bluetooth: hci0: command 0x0409 tx timeout
[  147.258050][ T5375] xt_TCPMSS: Only works on TCP SYN packets
[  147.979455][ T1323] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  148.008009][ T5320] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.160848][ T5320] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.448148][ T5320] device bridge_slave_0 entered promiscuous mode
[  148.739115][ T5320] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.775800][ T5320] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.793946][ T5320] device bridge_slave_1 entered promiscuous mode
[  149.091210][ T5320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.107262][ T5391] usb usb8: usbfs: process 5391 (syz.3.339) did not claim interface 0 before use
[  149.142004][ T5320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.162825][ T1323] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.205458][ T1323] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  149.222744][ T4211] Bluetooth: hci0: command 0x041b tx timeout
[  149.232647][ T1323] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.273775][ T1323] usb 3-1: config 0 descriptor??
[  149.297585][ T5320] team0: Port device team_slave_0 added
[  149.356838][ T5320] team0: Port device team_slave_1 added
[  149.457704][ T5320] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.486986][ T5320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.628890][ T5320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.660805][ T5320] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.678251][ T5320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.759878][ T5320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.764220][ T1323] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  149.804014][ T1323] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0004/input/input7
[  149.882795][ T4212] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  149.908813][ T5320] device hsr_slave_0 entered promiscuous mode
[  149.928087][ T5320] device hsr_slave_1 entered promiscuous mode
[  149.957816][ T5320] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.969862][ T5320] Cannot create hsr debugfs directory
[  149.983846][ T1323] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  150.168514][ T5421] loop3: detected capacity change from 0 to 1024
[  150.252973][ T4212] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.264345][ T5421] EXT4-fs (loop3): first meta block group too large: 50331648 (group descriptor block count 1)
[  150.289759][ T4212] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.308513][ T4212] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  150.319846][ T4212] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  150.410441][ T4207] usb 3-1: USB disconnect, device number 4
[  150.482876][ T4212] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  150.491997][ T4212] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.539441][ T4212] usb 5-1: Product: syz
[  150.552803][ T4212] usb 5-1: Manufacturer: syz
[  150.557475][ T4212] usb 5-1: SerialNumber: syz
[  150.613441][ T4295] device hsr_slave_0 left promiscuous mode
[  150.643205][ T4295] device hsr_slave_1 left promiscuous mode
[  150.671058][ T4295] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.692885][ T4295] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.722400][ T4295] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.758020][ T4295] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.786862][ T4295] device bridge_slave_1 left promiscuous mode
[  150.807938][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.850128][ T4295] device bridge_slave_0 left promiscuous mode
[  150.873144][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.921454][ T4295] device veth1_macvtap left promiscuous mode
[  150.959699][ T4295] device veth0_macvtap left promiscuous mode
[  150.992731][ T4295] device veth1_vlan left promiscuous mode
[  151.019259][ T4295] device veth0_vlan left promiscuous mode
[  151.282537][ T5449] usb usb8: usbfs: process 5449 (syz.0.349) did not claim interface 0 before use
[  151.391419][ T4211] Bluetooth: hci0: command 0x040f tx timeout
[  151.942757][ T4212] cdc_ncm 5-1:1.0: bind() failure
[  151.972688][ T4212] cdc_ncm: probe of 5-1:1.1 failed with error -71
[  151.986132][ T4295] team0 (unregistering): Port device team_slave_1 removed
[  151.993881][ T4212] cdc_mbim: probe of 5-1:1.1 failed with error -71
[  152.012347][ T4295] team0 (unregistering): Port device team_slave_0 removed
[  152.019840][ T4212] usbtest: probe of 5-1:1.1 failed with error -71
[  152.039203][ T4212] usb 5-1: USB disconnect, device number 6
[  152.068032][ T4295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.090409][ T4295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.182890][ T4295] bond0 (unregistering): Released all slaves
[  152.345634][ T5454] loop0: detected capacity change from 0 to 512
[  152.356744][ T5320] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  152.401925][ T5320] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  152.424563][ T5320] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  152.435692][ T5320] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  152.464437][ T5457] loop3: detected capacity change from 0 to 512
[  152.496275][ T5454] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  152.519235][ T5457] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  152.590805][ T5454] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  152.648311][ T5457] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  152.669564][ T5454] System zones: 1-12
[  152.701521][ T5457] System zones: 1-12
[  152.711597][ T5454] EXT4-fs (loop0): 1 truncate cleaned up
[  152.732314][ T5457] EXT4-fs (loop3): 1 truncate cleaned up
[  152.734862][ T5320] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.757893][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  152.763148][ T5454] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  152.783390][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  152.787000][ T5457] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  152.875168][ T5320] 8021q: adding VLAN 0 to HW filter on device team0
[  153.068440][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  153.087970][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  153.172356][ T5481] xt_TCPMSS: Only works on TCP SYN packets
[  153.388390][ T4245] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.395568][ T4245] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.453074][ T2018] Bluetooth: hci0: command 0x0419 tx timeout
[  153.763277][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  153.851107][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  153.860506][ T4245] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.867785][ T4245] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.877319][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  153.906804][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  153.956181][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  153.990674][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  154.037148][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  154.052834][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  154.062331][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  154.078411][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  154.091188][ T5488] loop4: detected capacity change from 0 to 256
[  154.109097][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  154.118573][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  154.149708][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  154.183254][ T4322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  154.215315][ T5320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  154.306842][ T5496] usb usb8: usbfs: process 5496 (syz.0.359) did not claim interface 0 before use
[  154.564724][ T5502] loop4: detected capacity change from 0 to 1024
[  154.860789][ T5502] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  154.871528][ T4177] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  155.093927][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  155.101427][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  155.263377][ T5320] 8021q: adding VLAN 0 to HW filter on device batadv0
[  155.302801][ T4177] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  155.352635][ T4177] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.388696][ T4177] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  155.438292][ T4177] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.488443][ T4177] usb 1-1: config 0 descriptor??
[  156.012076][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  156.037872][ T5544] loop4: detected capacity change from 0 to 512
[  156.043113][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  156.092104][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  156.099493][ T5544] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  156.125585][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  156.148249][ T5544] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  156.157932][ T5544] System zones: 1-12
[  156.164219][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  156.175469][ T5544] EXT4-fs (loop4): 1 truncate cleaned up
[  156.182640][ T5544] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  156.232038][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  156.430653][ T5320] device veth0_vlan entered promiscuous mode
[  156.457720][ T5320] device veth1_vlan entered promiscuous mode
[  156.536476][ T5548] xt_TCPMSS: Only works on TCP SYN packets
[  156.703983][ T4177] uclogic 0003:256C:006D.0005: interface is invalid, ignoring
[  157.124147][ T4177] usb 1-1: USB disconnect, device number 3
[  157.441649][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  157.457514][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  157.531455][ T5320] device veth0_macvtap entered promiscuous mode
[  157.560507][ T5320] device veth1_macvtap entered promiscuous mode
[  157.647520][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.729761][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.745749][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.808841][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.824519][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.850230][ T5563] usb usb8: usbfs: process 5563 (syz.2.370) did not claim interface 0 before use
[  157.855375][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.896760][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.912591][ T4207] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  157.922267][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.949147][ T5320] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.977036][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  158.003530][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  158.038164][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  158.085996][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.122546][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.142557][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.163771][ T4207] usb 1-1: Using ep0 maxpacket: 32
[  158.185560][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.187787][ T5574] loop4: detected capacity change from 0 to 512
[  158.202535][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.223575][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.253376][ T5320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.270530][ T5320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.283528][ T4207] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  158.299327][ T5320] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.306953][ T5574] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  158.317331][ T4207] usb 1-1: config 0 has no interface number 0
[  158.331607][ T4207] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.347698][ T5574] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  158.348526][ T4207] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.372789][ T5574] System zones: 1-12
[  158.402069][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  158.426001][ T5574] EXT4-fs (loop4): 1 truncate cleaned up
[  158.431679][ T5574] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  158.454719][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  158.502631][ T4207] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  158.525723][ T5320] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.569201][ T4207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.612199][ T4207] usb 1-1: config 0 descriptor??
[  158.648458][ T5320] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.698750][ T5320] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.721842][ T5320] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.862893][ T5325] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  159.183157][ T5325] usb 3-1: Using ep0 maxpacket: 32
[  159.254944][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.297910][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.322949][ T5325] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.370429][ T5325] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.391659][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  159.422905][ T5325] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  159.451288][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.515875][ T5325] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.526224][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.586836][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  159.593490][ T5325] usb 3-1: config 0 descriptor??
[  159.603045][ T4207] uclogic 0003:28BD:0094.0006: pen parameters not found
[  159.610137][ T4207] uclogic 0003:28BD:0094.0006: interface is invalid, ignoring
[  159.814857][ T4177] usb 1-1: USB disconnect, device number 4
[  160.008756][ T5600] loop4: detected capacity change from 0 to 1024
[  160.113585][ T5600] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  160.125662][ T5578] udc-core: couldn't find an available UDC or it's busy
[  160.152231][ T5578] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  160.204812][ T5325] hkems 0003:2006:0118.0007: unbalanced delimiter at end of report description
[  160.223324][ T5325] hkems 0003:2006:0118.0007: parse failed
[  160.242023][ T5325] hkems: probe of 0003:2006:0118.0007 failed with error -22
[  160.412131][ T4177] usb 3-1: USB disconnect, device number 5
[  160.502843][ T5616] loop0: detected capacity change from 0 to 512
[  160.570778][ T5616] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  160.614214][ T5616] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  160.629914][ T5616] System zones: 1-12
[  160.712251][ T5616] EXT4-fs (loop0): 1 truncate cleaned up
[  160.739180][ T5616] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  161.124900][ T5631] xt_TCPMSS: Only works on TCP SYN packets
[  162.194068][ T5636] usb usb8: usbfs: process 5636 (syz.2.381) did not claim interface 0 before use
[  162.329427][ T5642] loop0: detected capacity change from 0 to 512
[  162.462916][ T5642] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  162.529292][ T5642] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  162.567727][ T5642] System zones: 1-12
[  162.597855][ T5642] EXT4-fs (loop0): 1 truncate cleaned up
[  162.635239][ T5642] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  162.830547][ T5664] syz.2.388 (5664) used obsolete PPPIOCDETACH ioctl
[  163.647158][ T5675] loop4: detected capacity change from 0 to 1024
[  163.675879][ T5680] loop0: detected capacity change from 0 to 512
[  163.763705][ T5680] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  163.783020][ T5675] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  163.802456][ T5680] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  163.817373][ T5686] usb usb8: usbfs: process 5686 (syz.3.394) did not claim interface 0 before use
[  163.823010][ T5680] System zones: 1-12
[  163.858738][ T5680] EXT4-fs (loop0): 1 truncate cleaned up
[  163.892264][ T5680] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  164.304473][ T5697] xt_TCPMSS: Only works on TCP SYN packets
[  165.139581][ T5723] loop4: detected capacity change from 0 to 512
[  165.276426][ T4207] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  165.295529][ T5723] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  165.402185][ T5723] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  165.531574][ T5723] System zones: 1-12
[  165.783942][ T5723] EXT4-fs (loop4): 1 truncate cleaned up
[  165.946753][ T5723] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  166.316001][ T4207] usb 1-1: Using ep0 maxpacket: 16
[  166.332431][ T5742] usb usb8: usbfs: process 5742 (syz.2.406) did not claim interface 0 before use
[  166.434504][ T4207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.455849][ T4207] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  166.521869][ T4207] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  166.560603][ T4207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.577829][ T5759] loop2: detected capacity change from 0 to 512
[  166.599908][ T4207] usb 1-1: config 0 descriptor??
[  166.739499][ T5759] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  166.740064][ T5761] loop4: detected capacity change from 0 to 512
[  166.760195][ T5761] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  166.782862][ T5759] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.804295][ T5761] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  166.827629][ T5761] System zones: 1-12
[  166.932319][ T5761] EXT4-fs (loop4): 1 truncate cleaned up
[  166.941170][ T5761] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  167.352683][ T5770] xt_TCPMSS: Only works on TCP SYN packets
[  167.901909][ T4207] HID 045e:07da: Invalid code 65791 type 1
[  167.957422][ T4207] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0008/input/input8
[  168.056995][ T4207] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  168.141837][ T5776] loop4: detected capacity change from 0 to 1024
[  168.239077][ T5776] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  168.691396][ T4207] usb 1-1: USB disconnect, device number 5
[  169.230425][ T5788] loop3: detected capacity change from 0 to 40427
[  169.242442][ T5795] usb usb8: usbfs: process 5795 (syz.2.418) did not claim interface 0 before use
[  169.310872][ T5788] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  169.336171][ T5788] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  169.368371][ T5797] loop2: detected capacity change from 0 to 512
[  169.411801][ T5788] F2FS-fs (loop3): invalid crc value
[  169.467439][ T5788] F2FS-fs (loop3): Found nat_bits in checkpoint
[  169.481493][ T5797] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  169.561319][ T5797] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  169.578289][ T5797] System zones: 1-12
[  169.602436][ T5797] EXT4-fs (loop2): 1 truncate cleaned up
[  169.636009][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.641713][ T5797] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  169.648946][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.673834][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.681322][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.689808][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.699825][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.707458][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.715681][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.723182][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.731404][ T5788] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  169.733462][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.746269][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.754782][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.762680][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.777110][ T5788] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  169.931730][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.939802][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.947938][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.956126][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.963607][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.971350][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.979006][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.987021][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  169.994520][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.002189][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.009887][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.017709][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.025201][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.032706][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.040116][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.047619][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.055261][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.063795][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.071222][ T4177] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  170.109730][ T4177] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  170.293618][ T5819] loop0: detected capacity change from 0 to 512
[  170.379251][ T5819] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  170.409800][ T5823] loop5: detected capacity change from 0 to 1024
[  170.425969][ T5819] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  170.456615][ T5819] System zones: 1-12
[  170.469676][ T5819] EXT4-fs (loop0): 1 truncate cleaned up
[  170.489124][ T5823] EXT4-fs (loop5): first meta block group too large: 50331648 (group descriptor block count 1)
[  170.549641][ T5819] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  170.785428][   T26] audit: type=1800 audit(1730636890.218:2): pid=5814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.416" name="file1" dev="loop3" ino=10 res=0 errno=0
[  171.092329][ T5837] xt_TCPMSS: Only works on TCP SYN packets
[  171.147523][ T4174] attempt to access beyond end of device
[  171.147523][ T4174] loop3: rw=2049, want=45104, limit=40427
[  171.177798][ T5839] usb usb8: usbfs: process 5839 (syz.4.430) did not claim interface 0 before use
[  172.173815][ T1323] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  172.355897][ T5862] loop3: detected capacity change from 0 to 1024
[  172.416843][ T5868] loop2: detected capacity change from 0 to 512
[  172.422616][ T1323] usb 1-1: Using ep0 maxpacket: 8
[  172.451236][ T5872] syz.4.441[5872] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  172.451317][ T5872] syz.4.441[5872] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  172.478306][ T5868] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  172.480307][ T5862] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback.
[  172.577360][ T5868] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  172.585730][ T1323] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  172.598896][ T5868] System zones: 1-12
[  172.603842][ T1323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.620955][ T5868] EXT4-fs (loop2): 1 truncate cleaned up
[  172.629797][ T1323] usb 1-1: config 0 descriptor??
[  172.638853][ T5868] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  172.700363][ T5878] usb usb8: usbfs: process 5878 (syz.4.442) did not claim interface 0 before use
[  173.429415][   T26] audit: type=1800 audit(1730636892.858:3): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.436" name="bus" dev="loop3" ino=18 res=0 errno=0
[  173.499466][ T5884] loop4: detected capacity change from 0 to 512
[  173.585523][ T5886] loop5: detected capacity change from 0 to 1024
[  173.649288][ T5886] EXT4-fs (loop5): first meta block group too large: 50331648 (group descriptor block count 1)
[  173.649489][ T5884] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  173.708584][ T5884] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  173.721601][ T5884] System zones: 1-12
[  173.729443][ T5884] EXT4-fs (loop4): 1 truncate cleaned up
[  173.736006][ T5884] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  174.092132][ T5901] xt_TCPMSS: Only works on TCP SYN packets
[  174.113053][ T1323] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  174.139904][ T1323] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  174.628516][ T1323] asix: probe of 1-1:0.0 failed with error -71
[  174.638114][ T1323] usb 1-1: USB disconnect, device number 6
[  174.792651][ T4177] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  174.831235][ T5928] usb usb8: usbfs: process 5928 (syz.4.453) did not claim interface 0 before use
[  175.241402][ T4177] usb 3-1: Using ep0 maxpacket: 32
[  175.399710][ T4177] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  175.550335][ T4177] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  175.812668][ T4177] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  175.859914][ T4177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.982815][ T5944] loop5: detected capacity change from 0 to 512
[  175.990229][ T4177] usb 3-1: config 0 descriptor??
[  176.054942][ T5915] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  176.064682][ T5944] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  176.083863][ T4177] hub 3-1:0.0: USB hub found
[  176.118613][ T5944] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  176.128844][ T5944] System zones: 1-12
[  176.148820][ T5944] EXT4-fs (loop5): 1 truncate cleaned up
[  176.164802][ T5944] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  176.402874][ T4212] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  176.469125][ T5968] loop4: detected capacity change from 0 to 512
[  176.532766][ T4177] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  176.576149][ T5968] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  176.644070][ T5968] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  176.662998][ T4177] usbhid 3-1:0.0: can't add hid device: -71
[  176.672178][ T5968] System zones: 1-12
[  176.705143][ T4177] usbhid: probe of 3-1:0.0 failed with error -71
[  176.733199][ T5968] EXT4-fs (loop4): 1 truncate cleaned up
[  176.739004][ T5968] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  176.782942][ T4212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.802156][ T5977] loop5: detected capacity change from 0 to 1024
[  176.802590][ T4212] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  176.828543][ T4212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.830592][ T4177] usb 3-1: USB disconnect, device number 6
[  176.844676][ T4212] usb 4-1: config 0 descriptor??
[  176.950495][ T5977] EXT4-fs (loop5): first meta block group too large: 50331648 (group descriptor block count 1)
[  177.111154][ T5987] xt_TCPMSS: Only works on TCP SYN packets
[  177.333981][ T4212] keytouch 0003:0926:3333.000A: fixing up Keytouch IEC report descriptor
[  177.388549][ T4212] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000A/input/input9
[  177.400812][ T5996] usb usb8: usbfs: process 5996 (syz.2.464) did not claim interface 0 before use
[  177.605924][ T4212] keytouch 0003:0926:3333.000A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  178.525624][ T6046] loop5: detected capacity change from 0 to 512
[  178.608132][ T6046] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  178.662217][ T6046] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  178.688905][ T6046] System zones: 1-12
[  178.717527][ T6046] EXT4-fs (loop5): 1 truncate cleaned up
[  178.809775][ T6046] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  178.866529][ T6065] loop2: detected capacity change from 0 to 512
[  178.902372][ T6076] usb usb8: usbfs: process 6076 (syz.0.476) did not claim interface 0 before use
[  178.927169][ T6065] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  179.083439][ T6081] loop4: detected capacity change from 0 to 1024
[  179.123916][ T6065] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  179.167248][ T6065] System zones: 1-12
[  179.186136][ T4212] usb 4-1: USB disconnect, device number 5
[  179.253181][ T6081] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  179.296114][ T6065] EXT4-fs (loop2): 1 truncate cleaned up
[  179.301845][ T6065] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  179.679203][ T6117] xt_TCPMSS: Only works on TCP SYN packets
[  179.966611][ T4177] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  180.276940][ T6138] loop3: detected capacity change from 0 to 2048
[  180.371071][ T6138] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,resgid=0x0000000000000000,delalloc,minixdf,barrier=0x0000000000000003,grpjquota=,bsddf,. Quota mode: none.
[  180.392976][ T4177] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.457739][ T4177] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.513265][ T4177] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  180.573465][ T4177] usb 6-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  180.601720][ T4177] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.662758][ T4177] usb 6-1: config 0 descriptor??
[  181.165054][ T4177] gt683r_led 0003:1770:FF00.000B: item fetching failed at offset 1/5
[  181.189947][ T4177] gt683r_led 0003:1770:FF00.000B: hid parsing failed
[  181.216595][ T4177] gt683r_led: probe of 0003:1770:FF00.000B failed with error -22
[  181.243567][ T6170] usb usb8: usbfs: process 6170 (syz.2.489) did not claim interface 0 before use
[  181.366737][ T4177] usb 6-1: USB disconnect, device number 2
[  181.438396][ T6175] binder: 6173:6175 ioctl 4018620d 0 returned -22
[  181.484346][ T6175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'.
[  182.220295][ T6186] loop5: detected capacity change from 0 to 512
[  182.338727][ T6186] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  182.384642][ T6186] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  182.393848][ T6186] System zones: 1-12
[  182.469128][ T6186] EXT4-fs (loop5): 1 truncate cleaned up
[  182.501907][ T6186] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  182.748741][ T6192] loop4: detected capacity change from 0 to 512
[  182.912181][ T6192] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  182.962776][ T6192] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  182.970809][ T6192] System zones: 1-12
[  182.997093][ T6192] EXT4-fs (loop4): 1 truncate cleaned up
[  183.005065][ T6192] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  183.181247][ T6198] loop5: detected capacity change from 0 to 1024
[  183.283450][ T6198] EXT4-fs (loop5): first meta block group too large: 50331648 (group descriptor block count 1)
[  183.296524][ T6201] xt_TCPMSS: Only works on TCP SYN packets
[  183.323420][ T6205] xt_hashlimit: size too large, truncated to 1048576
[  185.763886][ T6220] usb usb8: usbfs: process 6220 (syz.4.500) did not claim interface 0 before use
[  186.022963][ T4177] Bluetooth: hci1: command 0x0406 tx timeout
[  186.041023][ T4177] Bluetooth: hci3: command 0x0406 tx timeout
[  186.220597][ T4177] Bluetooth: hci4: command 0x0406 tx timeout
[  186.393561][ T4177] Bluetooth: hci2: command 0x0406 tx timeout
[  186.651592][ T6231] loop4: detected capacity change from 0 to 512
[  186.723092][ T6231] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  186.803440][ T6231] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  186.811641][ T6231] System zones: 1-12
[  186.863553][ T6231] EXT4-fs (loop4): 1 truncate cleaned up
[  186.879619][ T6231] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  187.274872][ T6248] loop5: detected capacity change from 0 to 512
[  187.376298][ T6248] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  187.498324][ T6248] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  187.532355][ T6248] System zones: 1-12
[  187.645939][ T6248] EXT4-fs (loop5): 1 truncate cleaned up
[  187.678625][ T6248] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  187.981516][ T6254] xt_TCPMSS: Only works on TCP SYN packets
[  188.064466][ T6256] loop2: detected capacity change from 0 to 1024
[  188.233338][ T6256] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[  188.390805][ T6261] usb usb8: usbfs: process 6261 (syz.3.515) did not claim interface 0 before use
[  188.610541][ T6273] loop4: detected capacity change from 0 to 512
[  188.767550][ T6273] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  188.779977][ T6279] loop5: detected capacity change from 0 to 512
[  188.794970][ T6273] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.863664][ T6279] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  189.079464][ T6279] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  189.105265][ T6279] System zones: 1-12
[  189.135044][ T6279] EXT4-fs (loop5): 1 truncate cleaned up
[  189.140818][ T6279] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  189.830446][ T6293] loop0: detected capacity change from 0 to 512
[  189.935118][ T6293] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  190.015825][ T6293] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  190.175161][ T6293] System zones: 1-12
[  190.217358][ T6293] EXT4-fs (loop0): 1 truncate cleaned up
[  190.244334][ T6293] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  190.782055][ T6309] xt_TCPMSS: Only works on TCP SYN packets
[  191.407892][ T6317] usb usb8: usbfs: process 6317 (syz.0.530) did not claim interface 0 before use
[  191.497902][ T6322] loop3: detected capacity change from 0 to 512
[  191.548609][ T6330] loop5: detected capacity change from 0 to 512
[  191.556571][ T6322] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  191.574370][ T6322] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  191.582659][ T6322] System zones: 1-12
[  191.590633][ T6322] EXT4-fs (loop3): 1 truncate cleaned up
[  191.596686][ T6322] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  191.760919][ T6330] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  191.786852][ T6330] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.822582][ T4207] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  192.565933][ T4207] usb 1-1: Using ep0 maxpacket: 32
[  192.692606][ T4207] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  192.732146][ T6347] loop3: detected capacity change from 0 to 512
[  192.747541][ T4207] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  192.762020][ T4207] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  192.778074][ T4207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  192.788441][ T4207] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  192.805524][ T4207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  192.818194][ T4207] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  192.821273][ T6347] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  192.832131][ T4207] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  192.860662][ T6347] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  192.868839][ T4207] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  192.870660][ T6347] System zones: 1-12
[  192.888172][ T4207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.901102][ T6347] EXT4-fs (loop3): 1 truncate cleaned up
[  192.906925][ T6347] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  192.948946][ T4207] usb 1-1: config 0 descriptor??
[  193.294859][ T4207] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  193.349851][ T4207] usb 1-1: USB disconnect, device number 7
[  193.381644][ T4207] usblp0: removed
[  193.388568][ T6362] xt_TCPMSS: Only works on TCP SYN packets
[  193.602964][ T6365] usb usb8: usbfs: process 6365 (syz.5.546) did not claim interface 0 before use
[  194.000885][ T6369] loop0: detected capacity change from 0 to 512
[  194.267204][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  194.273588][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  194.357415][ T6369] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  194.444462][ T6369] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  194.499600][ T6369] System zones: 1-12
[  194.558420][ T6369] EXT4-fs (loop0): 1 truncate cleaned up
[  194.602848][ T6369] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  194.699817][ T6383] loop2: detected capacity change from 0 to 512
[  194.903092][ T6383] EXT4-fs (loop2): orphan cleanup on readonly fs
[  194.930216][ T6359] loop4: detected capacity change from 0 to 40427
[  194.944937][ T6383] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  194.984711][ T6383] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  195.022812][ T6383] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.550: Failed to acquire dquot type 0
[  195.041364][ T6383] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  195.080534][ T6383] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  195.146349][ T6383] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.550: Failed to acquire dquot type 0
[  195.216893][ T6383] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.550: bg 0: block 64: padding at end of block bitmap is not set
[  195.244452][ T6394] netem: change failed
[  195.275351][ T6383] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  195.332418][ T6383] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  195.355161][ T6383] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  195.390152][ T6383] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.550: Failed to acquire dquot type 0
[  195.422677][ T6398] usb usb8: usbfs: process 6398 (syz.0.557) did not claim interface 0 before use
[  195.439331][ T6383] EXT4-fs (loop2): 1 orphan inode deleted
[  195.475075][ T6383] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  195.481874][ T6401] loop4: detected capacity change from 0 to 512
[  195.615236][ T6401] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  195.681535][ T6401] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  195.720578][ T6401] System zones: 1-12
[  195.751563][ T6401] EXT4-fs (loop4): 1 truncate cleaned up
[  195.777485][ T6401] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  196.450892][ T6414] xt_TCPMSS: Only works on TCP SYN packets
[  196.666088][ T6418] loop0: detected capacity change from 0 to 512
[  196.739391][ T6386] loop3: detected capacity change from 0 to 40427
[  196.881283][ T6418] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  196.917613][ T6386] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  196.932462][ T6418] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  196.986841][ T6386] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  196.987012][ T6418] System zones: 1-12
[  197.018922][ T6418] EXT4-fs (loop0): 1 truncate cleaned up
[  197.053924][ T6418] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  197.111781][ T6386] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  197.213555][ T6386] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  197.221020][ T6386] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  197.373894][ T4212] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  197.480602][ T6440] usb usb8: usbfs: process 6440 (syz.5.570) did not claim interface 0 before use
[  197.576267][ T6442] syz.3.553[6442] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  197.576904][ T6442] syz.3.553[6442] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  197.702362][ T6442] attempt to access beyond end of device
[  197.702362][ T6442] loop3: rw=2049, want=53256, limit=40427
[  197.763522][ T6442] attempt to access beyond end of device
[  197.763522][ T6442] loop3: rw=2049, want=53264, limit=40427
[  198.172450][ T4174] attempt to access beyond end of device
[  198.172450][ T4174] loop3: rw=2049, want=45112, limit=40427
[  198.413076][ T4212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  199.191581][ T4212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  199.203458][ T4212] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  199.212938][ T4212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.223472][ T4212] usb 5-1: config 0 descriptor??
[  199.290528][ T6456] loop2: detected capacity change from 0 to 512
[  199.367003][ T6456] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  199.541580][ T6456] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  199.567514][ T6456] System zones: 1-12
[  200.202139][ T6456] EXT4-fs (loop2): 1 truncate cleaned up
[  200.209090][ T4212] hid (null): bogus close delimiter
[  200.233966][ T6456] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  200.260481][ T6445] loop0: detected capacity change from 0 to 40427
[  200.472748][ T4212] usb 5-1: string descriptor 0 read error: -22
[  200.497366][ T6456] xt_TCPMSS: Only works on TCP SYN packets
[  200.530424][ T6445] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  200.618136][ T6445] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  200.667609][ T6445] F2FS-fs (loop0): invalid crc value
[  200.692237][ T6474] loop3: detected capacity change from 0 to 512
[  200.725809][ T6474] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  200.757036][ T6445] F2FS-fs (loop0): Found nat_bits in checkpoint
[  200.789256][ T6475] loop5: detected capacity change from 0 to 4096
[  200.811643][ T6474] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  200.820457][ T6474] System zones: 1-12
[  200.856067][ T6445] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  200.900666][ T6474] EXT4-fs (loop3): 1 truncate cleaned up
[  200.917090][ T4212] uclogic 0003:256C:006D.000C: failed retrieving string descriptor #100: -71
[  200.932795][ T6445] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  200.951271][ T6474] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  200.979452][ T4212] uclogic 0003:256C:006D.000C: failed retrieving pen parameters: -71
[  201.003841][ T6475] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  201.031445][ T6445] attempt to access beyond end of device
[  201.031445][ T6445] loop0: rw=16812033, want=78672, limit=40427
[  201.050219][ T4212] uclogic 0003:256C:006D.000C: failed probing pen v1 parameters: -71
[  201.068397][ T4212] uclogic 0003:256C:006D.000C: failed probing parameters: -71
[  201.782673][ T4212] uclogic: probe of 0003:256C:006D.000C failed with error -71
[  201.792385][ T4212] usb 5-1: USB disconnect, device number 7
[  202.614316][ T6491] fs-verity: sha512 using implementation "sha512-avx2"
[  203.419248][ T6497] usb usb8: usbfs: process 6497 (syz.3.581) did not claim interface 0 before use
[  203.649783][ T6508] netlink: 28 bytes leftover after parsing attributes in process `syz.3.587'.
[  203.659724][ T6508] netlink: 28 bytes leftover after parsing attributes in process `syz.3.587'.
[  204.185439][ T6518] loop3: detected capacity change from 0 to 512
[  204.282945][ T6518] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  204.445211][ T6518] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  204.472616][ T6518] System zones: 1-12
[  204.510504][ T6518] EXT4-fs (loop3): 1 truncate cleaned up
[  204.532701][ T6518] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  204.590870][ T6527] loop2: detected capacity change from 0 to 512
[  204.778133][ T6527] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  204.802973][ T6518] xt_TCPMSS: Only works on TCP SYN packets
[  204.894998][ T6527] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  204.923516][ T6511] loop4: detected capacity change from 0 to 256
[  204.934287][ T6527] System zones: 1-12
[  204.971246][ T6527] EXT4-fs (loop2): 1 truncate cleaned up
[  204.997942][ T6527] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  206.436070][ T6555] loop0: detected capacity change from 0 to 512
[  206.469405][ T6548] usb usb8: usbfs: process 6548 (syz.2.597) did not claim interface 0 before use
[  206.520347][ T6555] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.598: casefold flag without casefold feature
[  206.553407][ T6555] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.598: couldn't read orphan inode 15 (err -117)
[  206.634077][ T6555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  208.151832][ T6569] loop0: detected capacity change from 0 to 1024
[  208.339100][ T6569] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback.
[  208.576688][ T6582] loop3: detected capacity change from 0 to 512
[  208.843506][ T6584] loop2: detected capacity change from 0 to 512
[  209.133705][ T6592] usb usb8: usbfs: process 6592 (syz.4.609) did not claim interface 0 before use
[  209.189363][ T6584] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  209.293728][ T6582] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  209.312785][ T6584] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  209.342139][ T6582] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.348529][ T6584] System zones: 1-12
[  209.573855][ T6584] EXT4-fs (loop2): 1 truncate cleaned up
[  209.602656][ T6584] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  211.105911][ T6618] loop0: detected capacity change from 0 to 512
[  211.197358][ T6584] xt_TCPMSS: Only works on TCP SYN packets
[  211.233780][ T6618] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  211.311181][ T6618] EXT4-fs (loop0): 1 truncate cleaned up
[  211.317008][ T6618] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none.
[  211.618205][ T6624] loop3: detected capacity change from 0 to 1024
[  211.750743][   T26] audit: type=1326 audit(1730636931.178:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.0.616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3fbdd9719 code=0x0
[  212.033980][ T6624] EXT4-fs (loop3): Mount option "journal_dev=0x0000000000000004" incompatible with ext2
[  212.309165][ T6631] usb usb8: usbfs: process 6631 (syz.4.621) did not claim interface 0 before use
[  213.537125][ T6650] input: syz0 as /devices/virtual/input/input10
[  213.621401][ T6653] loop0: detected capacity change from 0 to 512
[  213.657795][ T6655] loop2: detected capacity change from 0 to 512
[  213.719576][ T6653] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  213.736227][ T6655] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  213.843516][ T6655] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  213.902809][ T6653] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.931433][ T6655] System zones: 1-12
[  214.006064][ T6655] EXT4-fs (loop2): 1 truncate cleaned up
[  214.006092][ T6655] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  214.063003][ T6660] xt_TCPMSS: Only works on TCP SYN packets
[  215.191820][ T6672] loop2: detected capacity change from 0 to 256
[  216.069375][ T6675] loop2: detected capacity change from 0 to 512
[  216.162700][ T6675] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  216.237357][ T6675] EXT4-fs (loop2): 1 truncate cleaned up
[  216.267626][ T6675] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none.
[  216.695348][   T26] audit: type=1326 audit(1730636936.128:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.2.632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bb85c3719 code=0x0
[  217.991145][ T6691] loop0: detected capacity change from 0 to 1024
[  218.074443][ T6691] EXT4-fs (loop0): Test dummy encryption mode enabled
[  218.092692][ T6691] EXT4-fs (loop0): inline encryption not supported
[  218.113300][ T6691] EXT4-fs (loop0): Ignoring removed orlov option
[  218.160455][ T6691] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,inlinecrypt,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  218.519967][ T6691] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  218.948411][ T6708] loop4: detected capacity change from 0 to 256
[  218.954158][ T6707] netlink: 68 bytes leftover after parsing attributes in process `syz.0.641'.
[  219.229721][ T6708] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  219.645593][ T6708] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  220.066986][ T6720] syz.0.642[6720] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.067093][ T6720] syz.0.642[6720] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.676242][ T6730] loop2: detected capacity change from 0 to 512
[  220.764772][ T6733] serio: Serial port pts0
[  220.789817][ T6730] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  220.831783][ T6730] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  220.840060][ T6730] System zones: 1-12
[  220.846876][ T6730] EXT4-fs (loop2): 1 truncate cleaned up
[  220.853496][ T6730] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  221.217344][ T6741] xt_TCPMSS: Only works on TCP SYN packets
[  222.494823][ T6753] loop5: detected capacity change from 0 to 1024
[  222.583795][ T6753] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback.
[  222.795774][ T6758] loop3: detected capacity change from 0 to 512
[  222.949306][ T6758] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  222.976378][ T6758] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.166823][ T6788] loop5: detected capacity change from 0 to 128
[  225.980297][ T6794] xt_TPROXY: Can be used only with -p tcp or -p udp
[  226.044362][ T6788] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  226.044531][ T6788] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  227.017324][ T6784] loop4: detected capacity change from 0 to 40427
[  227.136967][ T6784] F2FS-fs (loop4): invalid crc value
[  227.148511][ T6784] F2FS-fs (loop4): Found nat_bits in checkpoint
[  227.203929][ T6814] loop0: detected capacity change from 0 to 2048
[  227.273569][ T6814] Alternate GPT is invalid, using primary GPT.
[  227.273717][ T6814]  loop0: p1 p2 p3
[  227.328771][ T6784] F2FS-fs (loop4): Start checkpoint disabled!
[  227.367596][ T6784] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  228.546930][ T4341] attempt to access beyond end of device
[  228.546930][ T4341] loop4: rw=2049, want=40984, limit=40427
[  228.586195][ T6830] loop5: detected capacity change from 0 to 512
[  228.665681][ T6830] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  228.704526][ T6830] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  228.722876][ T6830] System zones: 1-12
[  228.771469][ T6830] EXT4-fs (loop5): 1 truncate cleaned up
[  228.781854][ T6830] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  229.456212][ T6846] loop4: detected capacity change from 0 to 2048
[  229.502131][ T6848] serio: Serial port pts0
[  229.576080][ T6846] EXT4-fs (loop4): Unrecognized mount option "smackfstransmute=" or missing value
[  229.769027][ T6835] xt_TCPMSS: Only works on TCP SYN packets
[  229.808550][ T6846] loop4: detected capacity change from 0 to 512
[  229.820513][ T6856] loop0: detected capacity change from 0 to 512
[  229.879610][ T6846] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.675: casefold flag without casefold feature
[  229.947089][ T6846] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.675: couldn't read orphan inode 15 (err -117)
[  230.009048][ T6856] EXT4-fs (loop0): Test dummy encryption mode enabled
[  230.016684][ T6846] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  230.062703][ T6856] EXT4-fs (loop0): Ignoring removed oldalloc option
[  230.070428][ T6856] EXT4-fs (loop0): Test dummy encryption mode enabled
[  230.695154][ T6856] EXT4-fs error (device loop0): __ext4_iget:4872: inode #11: block 1: comm syz.0.678: invalid block
[  230.747338][ T6856] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.678: couldn't read orphan inode 11 (err -117)
[  230.954935][ T6856] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,acl,test_dummy_encryption,resgid=0x0000000000000000,jqfmt=vfsv0,oldalloc,inode_readahead_blks=0x0000000000010000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none.
[  231.599096][ T6871] fscrypt (loop0): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))")
[  232.558628][   T21] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  232.577654][ T6886] loop0: detected capacity change from 0 to 2048
[  232.780763][ T6886] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  232.830874][ T6886] EXT4-fs (loop0): Ignoring removed orlov option
[  232.843305][ T6886] EXT4-fs (loop0): can't enable nombcache during remount
[  232.942852][   T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.965247][   T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.008436][   T21] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  233.021365][   T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.057495][   T21] usb 4-1: config 0 descriptor??
[  233.324522][ T6882] loop3: detected capacity change from 0 to 1024
[  234.754545][ T6882] udc-core: couldn't find an available UDC or it's busy
[  234.802838][ T6882] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  235.043341][   T21] hid (null): bogus close delimiter
[  235.062427][ T6921] loop4: detected capacity change from 0 to 512
[  235.498646][   T21] usb 4-1: string descriptor 0 read error: -71
[  235.543753][   T21] uclogic 0003:256C:006D.000D: failed retrieving string descriptor #200: -71
[  235.604805][ T6921] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  235.771977][ T6921] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  235.783783][   T21] uclogic 0003:256C:006D.000D: failed retrieving pen parameters: -71
[  235.802140][   T21] uclogic 0003:256C:006D.000D: failed probing pen v2 parameters: -71
[  235.820921][   T21] uclogic 0003:256C:006D.000D: failed probing parameters: -71
[  235.838788][   T21] uclogic: probe of 0003:256C:006D.000D failed with error -71
[  235.842423][ T6921] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #2: comm syz.4.695: corrupted inode contents
[  235.928907][ T6921] EXT4-fs error (device loop4): ext4_dirty_inode:6010: inode #2: comm syz.4.695: mark_inode_dirty error
[  235.965041][   T21] usb 4-1: USB disconnect, device number 6
[  236.022175][ T6921] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #2: comm syz.4.695: corrupted inode contents
[  236.039739][ T6930] loop2: detected capacity change from 0 to 512
[  236.064233][ T6921] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.695: mark_inode_dirty error
[  236.168902][ T6934] loop3: detected capacity change from 0 to 512
[  236.169211][ T6930] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  236.187911][ T6930] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.259248][ T6930] syz.2.697[6930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  236.259351][ T6930] syz.2.697[6930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  236.321655][ T6934] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  236.517376][ T6934] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002]
[  236.535839][ T6934] System zones: 1-12
[  236.565683][ T6942] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  236.591565][ T6934] EXT4-fs (loop3): 1 truncate cleaned up
[  236.614122][ T6942] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  236.627094][ T6934] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none.
[  236.793132][ T6942] EXT4-fs (loop2): This should not happen!! Data will be lost
[  236.793132][ T6942] 
[  236.870255][ T6942] EXT4-fs (loop2): Total free blocks count 0
[  236.919467][ T6942] EXT4-fs (loop2): Free/Dirty block details
[  236.967326][ T6942] EXT4-fs (loop2): free_blocks=65280
[  236.996096][ T6947] xt_TCPMSS: Only works on TCP SYN packets
[  237.004534][ T6942] EXT4-fs (loop2): dirty_blocks=23
[  237.039243][ T6942] EXT4-fs (loop2): Block reservation details
[  237.081290][ T6942] EXT4-fs (loop2): i_reserved_data_blocks=23
[  237.527471][ T6939] loop4: detected capacity change from 0 to 40427
[  237.585217][ T6949] fuse: Bad value for 'fd'
[  238.719976][ T6957] loop5: detected capacity change from 0 to 2048
[  238.860985][ T6957] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  239.436170][ T6968] IPv6: NLM_F_REPLACE set, but no existing node found!
[  240.350982][ T6972] process 'syz.2.707' launched '/dev/fd/3' with NULL argv: empty string added
[  242.739896][ T6989] fuse: Bad value for 'fd'
[  242.843082][ T5320] syz-executor (5320) used greatest stack depth: 18488 bytes left
[  242.924041][ T1165] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.218249][ T1165] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.020623][ T1165] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.088293][ T7006] futex_wake_op: syz.3.720 tries to shift op by -1; fix this program
[  244.098237][   T21] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  244.137333][ T1165] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.161196][ T7008] loop2: detected capacity change from 0 to 128
[  244.373301][ T4279] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  244.832946][   T21] usb 1-1: unable to read config index 0 descriptor/start: -61
[  244.851978][   T21] usb 1-1: can't read configurations, error -61
[  245.043623][ T4279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.067917][ T4279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.092657][ T4279] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  245.122644][ T4279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.133343][   T21] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  245.141946][ T4279] usb 5-1: config 0 descriptor??
[  245.285133][ T7009] chnl_net:caif_netlink_parms(): no params data found
[  245.477730][ T7009] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.485361][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.495753][ T7009] device bridge_slave_0 entered promiscuous mode
[  245.521572][ T7009] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.545405][ T7009] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.563136][   T21] usb 1-1: unable to read config index 0 descriptor/start: -61
[  245.570740][   T21] usb 1-1: can't read configurations, error -61
[  245.584165][   T21] usb usb1-port1: attempt power cycle
[  245.591865][ T7009] device bridge_slave_1 entered promiscuous mode
[  245.646205][ T4279] hid-led 0003:27B8:01ED.000E: unknown main item tag 0x0
[  245.670669][ T4279] hid-led 0003:27B8:01ED.000E: item fetching failed at offset 3/5
[  245.693575][ T4279] hid-led: probe of 0003:27B8:01ED.000E failed with error -22
[  245.748785][ T7009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.804754][ T7009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.847137][ T4206] usb 5-1: USB disconnect, device number 8
[  245.929715][ T7009] team0: Port device team_slave_0 added
[  245.992874][   T21] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  246.017283][ T7009] team0: Port device team_slave_1 added
[  246.207777][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  246.223620][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  246.251639][   T21] usb 1-1: device not accepting address 10, error -71
[  246.314071][ T7009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  246.332668][ T4279] Bluetooth: hci0: command 0x0409 tx timeout
[  247.112949][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.119935][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.269890][ T7009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  247.325422][ T7052] fuse: Bad value for 'fd'
[  248.154725][ T7058] loop0: detected capacity change from 0 to 128
[  248.164889][ T7058] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  249.632757][   T21] Bluetooth: hci0: command 0x041b tx timeout
[  250.352111][ T7054] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.360858][ T7054] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.502664][ T4206] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  251.692786][ T2018] Bluetooth: hci0: command 0x040f tx timeout
[  251.814963][ T7054] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.870189][ T7054] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.932900][ T4206] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  251.941055][ T4206] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  251.958587][ T4206] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  251.969943][ T4206] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  251.983691][ T4206] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  251.993168][ T4206] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.011942][ T4206] usb 1-1: config 0 descriptor??
[  252.043106][ T7084] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  252.401079][ T7054] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.410072][ T7054] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.419300][ T7054] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.428254][ T7054] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.494766][ T4206] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd
[  252.510598][ T4206] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  252.559995][ T4206] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  252.696114][ T7009] device hsr_slave_0 entered promiscuous mode
[  252.733727][ T7009] device hsr_slave_1 entered promiscuous mode
[  252.752431][ T7009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.762000][ T7009] Cannot create hsr debugfs directory
[  252.778153][ T7063] IPv6: NLM_F_REPLACE set, but no existing node found!
[  252.853569][ T1165] device hsr_slave_0 left promiscuous mode
[  252.872890][ T1165] device hsr_slave_1 left promiscuous mode
[  252.934187][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  252.941645][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_0
[  252.971348][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  252.979433][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_1
[  252.988243][ T1165] device bridge_slave_1 left promiscuous mode
[  252.995589][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.007561][ T1165] device bridge_slave_0 left promiscuous mode
[  253.043722][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.081335][ T1165] device veth1_macvtap left promiscuous mode
[  253.098880][ T1165] device veth0_macvtap left promiscuous mode
[  253.109557][ T1165] device veth1_vlan left promiscuous mode
[  253.120708][ T1165] device veth0_vlan left promiscuous mode
[  253.139996][ T7096] loop2: detected capacity change from 0 to 1024
[  253.211420][ T7096] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[  253.431983][ T4206] usb 1-1: USB disconnect, device number 12
[  253.584170][ T1165] team0 (unregistering): Port device team_slave_1 removed
[  253.600843][ T1165] team0 (unregistering): Port device team_slave_0 removed
[  253.630887][ T1165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  253.663410][ T1165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  253.772856][ T2018] Bluetooth: hci0: command 0x0419 tx timeout
[  254.623470][ T1165] bond0 (unregistering): Released all slaves
[  255.683419][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  255.690266][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  256.021371][ T7009] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  256.190958][ T7009] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  256.228962][ T7128] loop4: detected capacity change from 0 to 2048
[  256.741997][ T7128] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  257.174960][ T7009] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  257.263168][ T7009] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  257.795136][ T7144] loop0: detected capacity change from 0 to 128
[  258.124958][ T7009] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.320688][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  258.913326][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  258.969980][ T7009] 8021q: adding VLAN 0 to HW filter on device team0
[  259.056313][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  259.081599][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  259.118456][ T7150] loop4: detected capacity change from 0 to 1024
[  259.149402][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.156586][ T4294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  259.199744][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  259.227738][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  259.254291][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  259.267718][ T7150] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1)
[  259.329366][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.336600][ T4295] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.433343][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  259.506340][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  259.565044][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  259.751957][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  259.844726][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  259.900960][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  259.981545][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  260.029065][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  260.099595][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  260.193461][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  260.202007][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  260.269558][ T7009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  260.591659][ T7178] loop4: detected capacity change from 0 to 256
[  260.661282][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  260.695950][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  260.704516][ T7178] exFAT-fs (loop4): Invalid exboot-signature(sector = 7): 0xaa00006c
[  260.726659][ T7178] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2119ad3c)
[  260.742758][ T4212] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  260.747135][ T7009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  260.798349][ T7178] exFAT-fs (loop4): invalid boot region
[  260.821092][ T7186] loop0: detected capacity change from 0 to 512
[  260.822645][ T7178] exFAT-fs (loop4): failed to recognize exfat type
[  260.921059][ T7186] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  261.042566][ T4212] usb 3-1: Using ep0 maxpacket: 32
[  261.133836][ T7186] EXT4-fs (loop0): 1 truncate cleaned up
[  261.139753][ T7186] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none.
[  261.182824][ T4212] usb 3-1: config index 0 descriptor too short (expected 48676, got 36)
[  261.211737][ T4212] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.281130][ T4212] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.316832][ T4212] usb 3-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  261.402613][ T4212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.476931][ T4212] usb 3-1: config 0 descriptor??
[  261.552798][   T26] audit: type=1326 audit(1730636980.978:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7185 comm="syz.0.755" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3fbdd9719 code=0x0
[  261.677254][   T26] audit: type=1326 audit(1730636981.048:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7202 comm="syz.4.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e076f7719 code=0x7ffc0000
[  261.814706][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  261.848172][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  261.955569][   T26] audit: type=1326 audit(1730636981.058:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7202 comm="syz.4.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f0e076f7719 code=0x7ffc0000
[  261.999649][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  262.065722][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  262.108715][ T7009] device veth0_vlan entered promiscuous mode
[  262.129927][   T26] audit: type=1326 audit(1730636981.058:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7202 comm="syz.4.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e076f7719 code=0x7ffc0000
[  262.155851][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  262.625704][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  262.858317][ T7009] device veth1_vlan entered promiscuous mode
[  262.902775][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  262.930770][   T26] audit: type=1326 audit(1730636981.058:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7202 comm="syz.4.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e076f7719 code=0x7ffc0000
[  263.014484][ T4212] greenasia 0003:0E8F:0012.0010: item fetching failed at offset 0/3
[  263.023041][ T4212] greenasia 0003:0E8F:0012.0010: parse failed
[  263.029573][ T4212] greenasia: probe of 0003:0E8F:0012.0010 failed with error -22
[  263.040862][ T4212] usb 3-1: USB disconnect, device number 7
[  263.070249][ T7217] loop0: detected capacity change from 0 to 512
[  263.133484][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  263.143999][ T4245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  263.198792][ T7009] device veth0_macvtap entered promiscuous mode
[  263.237041][ T7009] device veth1_macvtap entered promiscuous mode
[  263.275847][ T7217] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  263.364134][ T7217] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.420801][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  263.640182][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  263.712574][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  263.972221][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.027096][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.088858][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.166876][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.242960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  264.251298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  264.296273][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  264.354114][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  264.383900][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.402833][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.422508][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.452617][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.472494][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.492839][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.528254][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  264.588811][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  264.604228][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  264.615645][ T7246] loop2: detected capacity change from 0 to 1024
[  264.655605][ T7009] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.677485][ T7009] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.712531][ T7009] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.721274][ T7009] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.762197][ T7251] loop0: detected capacity change from 0 to 512
[  264.774926][ T7246] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[  264.892879][ T7251] EXT4-fs (loop0): inline encryption not supported
[  264.899912][ T7251] EXT4-fs (loop0): Test dummy encryption mode enabled
[  264.970302][ T7251] EXT4-fs error (device loop0): __ext4_iget:4872: inode #11: block 1: comm syz.0.765: invalid block
[  265.023711][ T4245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.031924][ T4245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.044181][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  265.060852][ T7251] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.765: couldn't read orphan inode 11 (err -117)
[  265.102536][ T7251] EXT4-fs (loop0): mounted filesystem without journal. Opts: inlinecrypt,user_xattr,quota,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: writeback.
[  265.179451][ T5638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.210448][ T5638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.290053][ T5638] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  265.937975][ T7270] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #2: comm syz.0.765: Directory hole found for htree leaf block 0
[  266.403232][ T7268] loop6: detected capacity change from 0 to 512
[  266.549861][ T7268] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  266.619685][ T7268] EXT4-fs (loop6): 1 truncate cleaned up
[  266.668889][ T7268] EXT4-fs (loop6): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none.
[  266.772273][ T7279] usb usb8: usbfs: process 7279 (syz.4.768) did not claim interface 0 before use
[  267.163021][   T26] audit: type=1326 audit(1730636986.568:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7267 comm="syz.6.717" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f376891a719 code=0x0
[  267.653622][ T7287] loop3: detected capacity change from 0 to 128
[  267.698348][ T7287] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  267.916164][ T7293] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  268.247052][ T7302] loop6: detected capacity change from 0 to 1024
[  268.357266][ T7302] EXT4-fs (loop6): first meta block group too large: 50331648 (group descriptor block count 1)
[  270.018541][ T7330] usb usb8: usbfs: process 7330 (syz.4.779) did not claim interface 0 before use
[  270.076327][ T7334] loop6: detected capacity change from 0 to 256
[  270.130211][ T7336] loop0: detected capacity change from 0 to 512
[  270.196193][ T7336] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  270.263967][ T7339] loop4: detected capacity change from 0 to 1024
[  270.339793][ T7336] EXT4-fs (loop0): 1 truncate cleaned up
[  270.365390][ T7339] EXT4-fs (loop4): Ignoring removed orlov option
[  270.397550][ T7339] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  270.405828][ T7336] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none.
[  270.565258][ T7344] netlink: 60 bytes leftover after parsing attributes in process `syz.6.781'.
[  270.575084][ T7344] unsupported nlmsg_type 40
[  270.994756][ T7339] EXT4-fs (loop4): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  274.077998][ T7389] usb usb8: usbfs: process 7389 (syz.6.793) did not claim interface 0 before use
[  274.122739][ T4210] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  274.542895][ T4210] usb 3-1: Using ep0 maxpacket: 8
[  274.743068][ T4210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.949818][ T4210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.192230][ T4210] usb 3-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00
[  275.243306][ T4210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.339655][ T4210] usb 3-1: config 0 descriptor??
[  275.884287][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.056869][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.225399][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.266575][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.303857][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.321990][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.332140][ T4210] playstation 0003:054C:0CE6.0011: unknown main item tag 0x0
[  276.362768][ T4210] playstation 0003:054C:0CE6.0011: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.2-1/input0
[  276.405685][ T7429] device pim6reg1 entered promiscuous mode
[  276.645765][ T4210] playstation 0003:054C:0CE6.0011: Invalid byte count transferred, expected 20 got 0
[  276.655995][ T4210] playstation 0003:054C:0CE6.0011: Failed to retrieve DualSense pairing info: -22
[  276.666172][ T4210] playstation 0003:054C:0CE6.0011: Failed to get MAC address from DualSense
[  276.675246][ T4210] playstation 0003:054C:0CE6.0011: Failed to create dualsense.
[  276.684430][ T4210] playstation: probe of 0003:054C:0CE6.0011 failed with error -22
[  277.363496][   T21] usb 3-1: USB disconnect, device number 8
[  277.623309][ T7448] fuse: Bad value for 'fd'
[  277.630372][ T7446] usb usb8: usbfs: process 7446 (syz.0.805) did not claim interface 0 before use
[  277.832607][    C0] ------------[ cut here ]------------
[  277.834475][    C0] 
[  277.834483][    C0] ======================================================
[  277.834491][    C0] WARNING: possible circular locking dependency detected
[  277.834498][    C0] 5.15.170-syzkaller #0 Not tainted
[  277.834508][    C0] ------------------------------------------------------
[  277.834514][    C0] swapper/0/0 is trying to acquire lock:
[  277.834523][    C0] ffffffff8c9147e0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x2c/0x60
[  277.834579][    C0] 
[  277.834579][    C0] but task is already holding lock:
[  277.834584][    C0] ffff8880b9028098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260
[  277.834630][    C0] 
[  277.834630][    C0] which lock already depends on the new lock.
[  277.834630][    C0] 
[  277.834636][    C0] 
[  277.834636][    C0] the existing dependency chain (in reverse order) is:
[  277.834641][    C0] 
[  277.834641][    C0] -> #5 (&base->lock){-.-.}-{2:2}:
[  277.834663][    C0]        lock_acquire+0x1db/0x4f0
[  277.834681][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  277.834703][    C0]        lock_timer_base+0x120/0x260
[  277.834723][    C0]        __mod_timer+0x1d6/0xeb0
[  277.834741][    C0]        queue_delayed_work_on+0x156/0x250
[  277.834761][    C0]        enqueue_task+0x2fe/0x3a0
[  277.834780][    C0]        wake_up_new_task+0x515/0xb60
[  277.834800][    C0]        kernel_clone+0x44e/0x960
[  277.834817][    C0]        kernel_thread+0x168/0x1e0
[  277.834834][    C0]        rest_init+0x21/0x330
[  277.834853][    C0]        start_kernel+0x48c/0x540
[  277.834869][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  277.834891][    C0] 
[  277.834891][    C0] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  277.834916][    C0]        lock_acquire+0x1db/0x4f0
[  277.834932][    C0]        _raw_spin_lock_nested+0x2d/0x40
[  277.834953][    C0]        raw_spin_rq_lock_nested+0x26/0x140
[  277.834973][    C0]        task_fork_fair+0x5d/0x350
[  277.834989][    C0]        sched_cgroup_fork+0x2d3/0x330
[  277.835019][    C0]        copy_process+0x224a/0x3ef0
[  277.835036][    C0]        kernel_clone+0x210/0x960
[  277.835051][    C0]        kernel_thread+0x168/0x1e0
[  277.835067][    C0]        rest_init+0x21/0x330
[  277.835086][    C0]        start_kernel+0x48c/0x540
[  277.835101][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  277.835121][    C0] 
[  277.835121][    C0] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  277.835146][    C0]        lock_acquire+0x1db/0x4f0
[  277.835162][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  277.835181][    C0]        try_to_wake_up+0xae/0x1300
[  277.835201][    C0]        __wake_up_common+0x2a0/0x4e0
[  277.835222][    C0]        __wake_up+0x112/0x1c0
[  277.835240][    C0]        tty_port_default_wakeup+0xa8/0x100
[  277.835260][    C0]        serial8250_tx_chars+0x60d/0x800
[  277.835281][    C0]        serial8250_handle_irq+0x505/0x600
[  277.835302][    C0]        serial8250_default_handle_irq+0xc8/0x1e0
[  277.835319][    C0]        serial8250_interrupt+0xa1/0x1e0
[  277.835338][    C0]        __handle_irq_event_percpu+0x292/0xa70
[  277.835359][    C0]        handle_irq_event+0xff/0x2b0
[  277.835377][    C0]        handle_edge_irq+0x245/0xbf0
[  277.835393][    C0]        __common_interrupt+0xd7/0x1f0
[  277.835410][    C0]        common_interrupt+0x59/0xd0
[  277.835428][    C0]        asm_common_interrupt+0x22/0x40
[  277.835448][    C0]        handle_softirqs+0x1d6/0x930
[  277.835466][    C0]        __irq_exit_rcu+0x157/0x240
[  277.835481][    C0]        irq_exit_rcu+0x5/0x20
[  277.835497][    C0]        sysvec_apic_timer_interrupt+0xa0/0xc0
[  277.835517][    C0]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  277.835539][    C0]        acpi_idle_do_entry+0x10f/0x340
[  277.835558][    C0]        acpi_idle_enter+0x352/0x4f0
[  277.835576][    C0]        cpuidle_enter_state+0x521/0xef0
[  277.835593][    C0]        cpuidle_enter+0x59/0x90
[  277.835608][    C0]        do_idle+0x3e4/0x670
[  277.835628][    C0]        cpu_startup_entry+0x14/0x20
[  277.835647][    C0]        start_kernel+0x48c/0x540
[  277.835663][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  277.835683][    C0] 
[  277.835683][    C0] -> #2 (&tty->write_wait){-.-.}-{2:2}:
[  277.835708][    C0]        lock_acquire+0x1db/0x4f0
[  277.835722][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  277.835742][    C0]        __wake_up+0xf5/0x1c0
[  277.835761][    C0]        tty_port_default_wakeup+0xa8/0x100
[  277.835781][    C0]        serial8250_tx_chars+0x60d/0x800
[  277.835799][    C0]        serial8250_handle_irq+0x505/0x600
[  277.835819][    C0]        serial8250_default_handle_irq+0xc8/0x1e0
[  277.835837][    C0]        serial8250_interrupt+0xa1/0x1e0
[  277.835856][    C0]        __handle_irq_event_percpu+0x292/0xa70
[  277.835876][    C0]        handle_irq_event+0xff/0x2b0
[  277.835895][    C0]        handle_edge_irq+0x245/0xbf0
[  277.835912][    C0]        __common_interrupt+0xd7/0x1f0
[  277.835928][    C0]        common_interrupt+0xae/0xd0
[  277.835945][    C0]        asm_common_interrupt+0x22/0x40
[  277.835965][    C0]        _raw_spin_unlock_irqrestore+0xd4/0x130
[  277.835985][    C0]        uart_write+0x6af/0x930
[  277.836008][    C0]        n_tty_write+0xd7e/0x1280
[  277.836025][    C0]        file_tty_write+0x561/0x920
[  277.836041][    C0]        vfs_write+0xacd/0xe50
[  277.836060][    C0]        ksys_write+0x1a2/0x2c0
[  277.836078][    C0]        do_syscall_64+0x3b/0xb0
[  277.836095][    C0]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  277.836116][    C0] 
[  277.836116][    C0] -> #1 (&port_lock_key){-.-.}-{2:2}:
[  277.836142][    C0]        lock_acquire+0x1db/0x4f0
[  277.836158][    C0]        _raw_spin_lock_irqsave+0xd1/0x120
[  277.836177][    C0]        serial8250_console_write+0x19d/0x1180
[  277.836199][    C0]        console_unlock+0xced/0x12b0
[  277.836216][    C0]        vprintk_emit+0xbf/0x150
[  277.836232][    C0]        _printk+0xd1/0x120
[  277.836251][    C0]        register_console+0x65a/0x940
[  277.836269][    C0]        univ8250_console_init+0x41/0x50
[  277.836288][    C0]        console_init+0x18c/0x660
[  277.836307][    C0]        start_kernel+0x301/0x540
[  277.836322][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  277.836342][    C0] 
[  277.836342][    C0] -> #0 (console_owner){-.-.}-{0:0}:
[  277.836366][    C0]        validate_chain+0x1649/0x5930
[  277.836382][    C0]        __lock_acquire+0x1295/0x1ff0
[  277.836398][    C0]        lock_acquire+0x1db/0x4f0
[  277.836413][    C0]        console_lock_spinning_enable+0x51/0x60
[  277.836432][    C0]        console_unlock+0xa47/0x12b0
[  277.836448][    C0]        vprintk_emit+0xbf/0x150
[  277.836464][    C0]        _printk+0xd1/0x120
[  277.836483][    C0]        report_bug+0x1e5/0x2e0
[  277.836503][    C0]        handle_bug+0x3d/0x70
[  277.836520][    C0]        exc_invalid_op+0x16/0x40
[  277.836537][    C0]        asm_exc_invalid_op+0x16/0x20
[  277.836556][    C0]        copy_from_user_nofault+0x15c/0x1c0
[  277.836575][    C0]        bpf_probe_read_user+0x26/0x70
[  277.836593][    C0]        bpf_prog_1e8b16acb1dbd232+0x42/0x850
[  277.836608][    C0]        bpf_trace_run3+0x1d1/0x380
[  277.836625][    C0]        __traceiter_timer_start+0x79/0xd0
[  277.836643][    C0]        enqueue_timer+0x3ae/0x540
[  277.836657][    C0]        __mod_timer+0xa60/0xeb0
[  277.836676][    C0]        call_timer_fn+0x16d/0x560
[  277.836690][    C0]        __run_timers+0x67c/0x890
[  277.836706][    C0]        run_timer_softirq+0x63/0xf0
[  277.836726][    C0]        handle_softirqs+0x3a7/0x930
[  277.836742][    C0]        __irq_exit_rcu+0x157/0x240
[  277.836757][    C0]        irq_exit_rcu+0x5/0x20
[  277.836773][    C0]        sysvec_apic_timer_interrupt+0xa0/0xc0
[  277.836793][    C0]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  277.836815][    C0]        kasan_check_range+0x71/0x290
[  277.836832][    C0]        memset+0x1f/0x40
[  277.836848][    C0]        __schedule+0x98/0x45b0
[  277.836864][    C0]        schedule_idle+0x4a/0x90
[  277.836880][    C0]        do_idle+0x61e/0x670
[  277.836897][    C0]        cpu_startup_entry+0x14/0x20
[  277.836916][    C0]        start_kernel+0x48c/0x540
[  277.836931][    C0]        secondary_startup_64_no_verify+0xb1/0xbb
[  277.836951][    C0] 
[  277.836951][    C0] other info that might help us debug this:
[  277.836951][    C0] 
[  277.836957][    C0] Chain exists of:
[  277.836957][    C0]   console_owner --> &rq->__lock --> &base->lock
[  277.836957][    C0] 
[  277.836992][    C0]  Possible unsafe locking scenario:
[  277.836992][    C0] 
[  277.836997][    C0]        CPU0                    CPU1
[  277.837008][    C0]        ----                    ----
[  277.837012][    C0]   lock(&base->lock);
[  277.837023][    C0]                                lock(&rq->__lock);
[  277.837035][    C0]                                lock(&base->lock);
[  277.837047][    C0]   lock(console_owner);
[  277.837058][    C0] 
[  277.837058][    C0]  *** DEADLOCK ***
[  277.837058][    C0] 
[  277.837062][    C0] 4 locks held by swapper/0/0:
[  277.837072][    C0]  #0: ffffc90000007be0 ((&app->join_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x560
[  277.837116][    C0]  #1: ffff8880b9028098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260
[  277.837162][    C0]  #2: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  277.837205][    C0]  #3: ffffffff8c7fc520 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0xa6/0x150
[  277.837249][    C0] 
[  277.837249][    C0] stack backtrace:
[  277.837254][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.170-syzkaller #0
[  277.837273][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  277.837293][    C0] Call Trace:
[  277.837299][    C0]  <IRQ>
[  277.837306][    C0]  dump_stack_lvl+0x1e3/0x2d0
[  277.837328][    C0]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  277.837354][    C0]  ? print_circular_bug+0x12b/0x1a0
[  277.837376][    C0]  check_noncircular+0x2f8/0x3b0
[  277.837396][    C0]  ? add_chain_block+0x850/0x850
[  277.837414][    C0]  ? lockdep_lock+0x11f/0x2a0
[  277.837439][    C0]  validate_chain+0x1649/0x5930
[  277.837471][    C0]  ? reacquire_held_locks+0x660/0x660
[  277.837490][    C0]  ? memset+0x1f/0x40
[  277.837509][    C0]  ? format_decode+0x72f/0x1f10
[  277.837533][    C0]  ? vsnprintf+0x1c70/0x1c70
[  277.837552][    C0]  ? memcpy+0x3c/0x60
[  277.837572][    C0]  ? mark_lock+0x98/0x340
[  277.837592][    C0]  __lock_acquire+0x1295/0x1ff0
[  277.837617][    C0]  lock_acquire+0x1db/0x4f0
[  277.837635][    C0]  ? console_lock_spinning_enable+0x2c/0x60
[  277.837659][    C0]  ? read_lock_is_recursive+0x10/0x10
[  277.837677][    C0]  ? console_lock_spinning_enable+0x2c/0x60
[  277.837697][    C0]  ? __lock_acquire+0x1ff0/0x1ff0
[  277.837713][    C0]  ? do_raw_spin_lock+0x14a/0x370
[  277.837741][    C0]  console_lock_spinning_enable+0x51/0x60
[  277.837760][    C0]  ? console_lock_spinning_enable+0x2c/0x60
[  277.837778][    C0]  console_unlock+0xa47/0x12b0
[  277.837801][    C0]  ? console_trylock_spinning+0x3f0/0x3f0
[  277.837821][    C0]  ? __down_trylock_console_sem+0x1f2/0x250
[  277.837840][    C0]  ? vprintk_emit+0xa6/0x150
[  277.837857][    C0]  ? printk_parse_prefix+0x2c0/0x2c0
[  277.837875][    C0]  ? vprintk_emit+0xa6/0x150
[  277.837891][    C0]  ? console_trylock+0x70/0x70
[  277.837908][    C0]  ? validate_chain+0x112/0x5930
[  277.837933][    C0]  ? vprintk_emit+0x150/0x150
[  277.837949][    C0]  ? validate_chain+0x112/0x5930
[  277.837967][    C0]  ? start_kernel+0x48c/0x540
[  277.837985][    C0]  ? validate_chain+0x112/0x5930
[  277.838013][    C0]  ? reacquire_held_locks+0x660/0x660
[  277.838031][    C0]  ? validate_chain+0x112/0x5930
[  277.838053][    C0]  vprintk_emit+0xbf/0x150
[  277.838073][    C0]  _printk+0xd1/0x120
[  277.838096][    C0]  ? report_bug+0x16e/0x2e0
[  277.838117][    C0]  ? panic+0x860/0x860
[  277.838140][    C0]  ? find_bug+0x9c/0x350
[  277.838162][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  277.838182][    C0]  report_bug+0x1e5/0x2e0
[  277.838206][    C0]  handle_bug+0x3d/0x70
[  277.838224][    C0]  exc_invalid_op+0x16/0x40
[  277.838243][    C0]  asm_exc_invalid_op+0x16/0x20
[  277.838265][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  277.838286][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  277.838303][    C0] RSP: 0018:ffffc90000007868 EFLAGS: 00010046
[  277.838320][    C0] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffffffff8c6bd5c0
[  277.838335][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  277.838347][    C0] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621
[  277.838362][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  277.838375][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900000078c8
[  277.838391][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  277.838410][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  277.838432][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  277.838453][    C0]  bpf_probe_read_user+0x26/0x70
[  277.838474][    C0]  bpf_prog_1e8b16acb1dbd232+0x42/0x850
[  277.838491][    C0]  bpf_trace_run3+0x1d1/0x380
[  277.838513][    C0]  ? bpf_trace_run2+0x340/0x340
[  277.838534][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  277.838557][    C0]  ? _raw_spin_unlock+0x40/0x40
[  277.838576][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  277.838597][    C0]  ? _raw_spin_lock+0x40/0x40
[  277.838617][    C0]  ? __bpf_trace_timer_class+0x20/0x20
[  277.838639][    C0]  __traceiter_timer_start+0x79/0xd0
[  277.838663][    C0]  enqueue_timer+0x3ae/0x540
[  277.838684][    C0]  __mod_timer+0xa60/0xeb0
[  277.838705][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  277.838731][    C0]  ? mod_timer_pending+0x20/0x20
[  277.838752][    C0]  ? prandom_u32+0x218/0x260
[  277.838777][    C0]  call_timer_fn+0x16d/0x560
[  277.838794][    C0]  ? garp_init_applicant+0x470/0x470
[  277.838811][    C0]  ? __run_timers+0x890/0x890
[  277.838830][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  277.838849][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  277.838866][    C0]  ? garp_init_applicant+0x470/0x470
[  277.838882][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  277.838902][    C0]  ? garp_init_applicant+0x470/0x470
[  277.838918][    C0]  __run_timers+0x67c/0x890
[  277.838940][    C0]  ? detach_timer+0x2f0/0x2f0
[  277.838956][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  277.838977][    C0]  ? ktime_get_real_ts64+0x460/0x460
[  277.838999][    C0]  run_timer_softirq+0x63/0xf0
[  277.839029][    C0]  handle_softirqs+0x3a7/0x930
[  277.839049][    C0]  ? __irq_exit_rcu+0x157/0x240
[  277.839068][    C0]  ? do_softirq+0x240/0x240
[  277.839086][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  277.839108][    C0]  __irq_exit_rcu+0x157/0x240
[  277.839125][    C0]  ? irq_exit_rcu+0x20/0x20
[  277.839146][    C0]  irq_exit_rcu+0x5/0x20
[  277.839160][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  277.839180][    C0]  </IRQ>
[  277.839186][    C0]  <TASK>
[  277.839191][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  277.839212][    C0] RIP: 0010:kasan_check_range+0x71/0x290
[  277.839231][    C0] Code: 54 37 ff 49 c1 ea 03 49 bb 01 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 <49> f7 d2 49 01 da 41 80 39 00 0f 85 c4 01 00 00 49 ff c1 49 ff c2
[  277.839245][    C0] RSP: 0018:ffffffff8c607b78 EFLAGS: 00000202
[  277.839261][    C0] RAX: f2f2f200f1f1f101 RBX: 1ffffffff18c0fa4 RCX: ffffffff8a3c33e8
[  277.839276][    C0] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffffff8c607d20
[  277.839288][    C0] RBP: 0000000000000002 R08: dffffc0000000000 R09: fffffbfff18c0fa4
[  277.839301][    C0] R10: 1ffffffff18c0fa5 R11: dffffc0000000001 R12: 1ffffffff18c0fce
[  277.839313][    C0] R13: dffffc0000000000 R14: fffffbfff18c0fa6 R15: 0000000000000000
[  277.839330][    C0]  ? __schedule+0x98/0x45b0
[  277.839351][    C0]  memset+0x1f/0x40
[  277.839369][    C0]  __schedule+0x98/0x45b0
[  277.839388][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  277.839409][    C0]  ? print_irqtrace_events+0x210/0x210
[  277.839427][    C0]  ? cpuidle_enter_state+0xa83/0xef0
[  277.839448][    C0]  ? tick_nohz_idle_exit+0x429/0x550
[  277.839470][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  277.839493][    C0]  ? release_firmware_map_entry+0x190/0x190
[  277.839510][    C0]  ? flush_smp_call_function_from_idle+0x13e/0x280
[  277.839529][    C0]  ? generic_smp_call_function_single_interrupt+0x10/0x10
[  277.839551][    C0]  ? tick_nohz_restart_sched_tick+0x200/0x200
[  277.839574][    C0]  ? tick_nohz_idle_got_tick+0x96/0x100
[  277.839596][    C0]  schedule_idle+0x4a/0x90
[  277.839613][    C0]  do_idle+0x61e/0x670
[  277.839637][    C0]  ? idle_inject_timer_fn+0x60/0x60
[  277.839658][    C0]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  277.839684][    C0]  ? schedule_idle+0x57/0x90
[  277.839704][    C0]  cpu_startup_entry+0x14/0x20
[  277.839726][    C0]  ? time_init+0x40/0x40
[  277.839747][    C0]  start_kernel+0x48c/0x540
[  277.839768][    C0]  secondary_startup_64_no_verify+0xb1/0xbb
[  277.839796][    C0]  </TASK>
[  279.443036][    C0] WARNING: CPU: 0 PID: 0 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0
[  279.452127][    C0] Modules linked in:
[  279.456038][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.170-syzkaller #0
[  279.463948][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  279.474034][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  279.480208][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  279.499851][    C0] RSP: 0018:ffffc90000007868 EFLAGS: 00010046
[  279.506100][    C0] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffffffff8c6bd5c0
[  279.514159][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  279.522134][    C0] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621
[  279.530107][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  279.538070][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900000078c8
[  279.546029][    C0] FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  279.554944][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  279.561512][    C0] CR2: 000000110c388ab6 CR3: 000000007b85c000 CR4: 00000000003506f0
[  279.569472][    C0] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  279.577518][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  279.585475][    C0] Call Trace:
[  279.588748][    C0]  <IRQ>
[  279.591652][    C0]  ? __warn+0x15b/0x300
[  279.595826][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  279.601374][    C0]  ? report_bug+0x1b7/0x2e0
[  279.605991][    C0]  ? handle_bug+0x3d/0x70
[  279.610325][    C0]  ? exc_invalid_op+0x16/0x40
[  279.614998][    C0]  ? asm_exc_invalid_op+0x16/0x20
[  279.620034][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  279.625480][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  279.631014][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  279.636548][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  279.642095][    C0]  bpf_probe_read_user+0x26/0x70
[  279.647040][    C0]  bpf_prog_1e8b16acb1dbd232+0x42/0x850
[  279.652595][    C0]  bpf_trace_run3+0x1d1/0x380
[  279.657419][    C0]  ? bpf_trace_run2+0x340/0x340
[  279.662280][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  279.668441][    C0]  ? _raw_spin_unlock+0x40/0x40
[  279.673327][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  279.678796][    C0]  ? _raw_spin_lock+0x40/0x40
[  279.683471][    C0]  ? __bpf_trace_timer_class+0x20/0x20
[  279.688930][    C0]  __traceiter_timer_start+0x79/0xd0
[  279.694239][    C0]  enqueue_timer+0x3ae/0x540
[  279.698831][    C0]  __mod_timer+0xa60/0xeb0
[  279.703240][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  279.709122][    C0]  ? mod_timer_pending+0x20/0x20
[  279.714048][    C0]  ? prandom_u32+0x218/0x260
[  279.718643][    C0]  call_timer_fn+0x16d/0x560
[  279.723288][    C0]  ? garp_init_applicant+0x470/0x470
[  279.728569][    C0]  ? __run_timers+0x890/0x890
[  279.733240][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  279.738436][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  279.743730][    C0]  ? garp_init_applicant+0x470/0x470
[  279.749052][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  279.754259][    C0]  ? garp_init_applicant+0x470/0x470
[  279.759539][    C0]  __run_timers+0x67c/0x890
[  279.764044][    C0]  ? detach_timer+0x2f0/0x2f0
[  279.768707][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  279.774674][    C0]  ? ktime_get_real_ts64+0x460/0x460
[  279.779949][    C0]  run_timer_softirq+0x63/0xf0
[  279.784725][    C0]  handle_softirqs+0x3a7/0x930
[  279.789602][    C0]  ? __irq_exit_rcu+0x157/0x240
[  279.794730][    C0]  ? do_softirq+0x240/0x240
[  279.799237][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  279.804454][    C0]  __irq_exit_rcu+0x157/0x240
[  279.809142][    C0]  ? irq_exit_rcu+0x20/0x20
[  279.813641][    C0]  irq_exit_rcu+0x5/0x20
[  279.817867][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  279.823490][    C0]  </IRQ>
[  279.826407][    C0]  <TASK>
[  279.829322][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  279.835299][    C0] RIP: 0010:kasan_check_range+0x71/0x290
[  279.841031][    C0] Code: 54 37 ff 49 c1 ea 03 49 bb 01 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 <49> f7 d2 49 01 da 41 80 39 00 0f 85 c4 01 00 00 49 ff c1 49 ff c2
[  279.860632][    C0] RSP: 0018:ffffffff8c607b78 EFLAGS: 00000202
[  279.866700][    C0] RAX: f2f2f200f1f1f101 RBX: 1ffffffff18c0fa4 RCX: ffffffff8a3c33e8
[  279.874675][    C0] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffffff8c607d20
[  279.882658][    C0] RBP: 0000000000000002 R08: dffffc0000000000 R09: fffffbfff18c0fa4
[  279.890617][    C0] R10: 1ffffffff18c0fa5 R11: dffffc0000000001 R12: 1ffffffff18c0fce
[  279.898587][    C0] R13: dffffc0000000000 R14: fffffbfff18c0fa6 R15: 0000000000000000
[  279.906577][    C0]  ? __schedule+0x98/0x45b0
[  279.911087][    C0]  memset+0x1f/0x40
[  279.914890][    C0]  __schedule+0x98/0x45b0
[  279.919224][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  279.925251][    C0]  ? print_irqtrace_events+0x210/0x210
[  279.930701][    C0]  ? cpuidle_enter_state+0xa83/0xef0
[  279.936062][    C0]  ? tick_nohz_idle_exit+0x429/0x550
[  279.941336][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  279.946523][    C0]  ? release_firmware_map_entry+0x190/0x190
[  279.952509][    C0]  ? flush_smp_call_function_from_idle+0x13e/0x280
[  279.959017][    C0]  ? generic_smp_call_function_single_interrupt+0x10/0x10
[  279.966223][    C0]  ? tick_nohz_restart_sched_tick+0x200/0x200
[  279.972285][    C0]  ? tick_nohz_idle_got_tick+0x96/0x100
[  279.977937][    C0]  schedule_idle+0x4a/0x90
[  279.982344][    C0]  do_idle+0x61e/0x670
[  279.986416][    C0]  ? idle_inject_timer_fn+0x60/0x60
[  279.991601][    C0]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  279.997225][    C0]  ? schedule_idle+0x57/0x90
[  280.001804][    C0]  cpu_startup_entry+0x14/0x20
[  280.006559][    C0]  ? time_init+0x40/0x40
[  280.010820][    C0]  start_kernel+0x48c/0x540
[  280.015311][    C0]  secondary_startup_64_no_verify+0xb1/0xbb
[  280.021220][    C0]  </TASK>
[  280.024238][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  280.031519][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.170-syzkaller #0
[  280.039434][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  280.049471][    C0] Call Trace:
[  280.052740][    C0]  <IRQ>
[  280.055573][    C0]  dump_stack_lvl+0x1e3/0x2d0
[  280.060240][    C0]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  280.065857][    C0]  ? panic+0x860/0x860
[  280.069939][    C0]  ? panic+0x860/0x860
[  280.073999][    C0]  ? copy_from_user_nofault+0x90/0x1c0
[  280.079441][    C0]  ? copy_from_user_nofault+0x90/0x1c0
[  280.084885][    C0]  panic+0x318/0x860
[  280.088787][    C0]  ? __warn+0x16a/0x300
[  280.092961][    C0]  ? fb_is_primary_device+0xd0/0xd0
[  280.098153][    C0]  ? secondary_startup_64_no_verify+0xb1/0xbb
[  280.104209][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  280.109748][    C0]  __warn+0x2b2/0x300
[  280.113719][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  280.119246][    C0]  report_bug+0x1b7/0x2e0
[  280.123572][    C0]  handle_bug+0x3d/0x70
[  280.127714][    C0]  exc_invalid_op+0x16/0x40
[  280.132211][    C0]  asm_exc_invalid_op+0x16/0x20
[  280.137051][    C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0
[  280.143210][    C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
[  280.162814][    C0] RSP: 0018:ffffc90000007868 EFLAGS: 00010046
[  280.168870][    C0] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffffffff8c6bd5c0
[  280.176933][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  280.184891][    C0] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621
[  280.192847][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  280.200808][    C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900000078c8
[  280.208770][    C0]  ? copy_from_user_nofault+0x6d/0x1c0
[  280.214242][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  280.219797][    C0]  ? copy_from_user_nofault+0x15c/0x1c0
[  280.225439][    C0]  bpf_probe_read_user+0x26/0x70
[  280.230365][    C0]  bpf_prog_1e8b16acb1dbd232+0x42/0x850
[  280.235897][    C0]  bpf_trace_run3+0x1d1/0x380
[  280.240561][    C0]  ? bpf_trace_run2+0x340/0x340
[  280.245419][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  280.251301][    C0]  ? _raw_spin_unlock+0x40/0x40
[  280.256139][    C0]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  280.261583][    C0]  ? _raw_spin_lock+0x40/0x40
[  280.266243][    C0]  ? __bpf_trace_timer_class+0x20/0x20
[  280.271683][    C0]  __traceiter_timer_start+0x79/0xd0
[  280.276957][    C0]  enqueue_timer+0x3ae/0x540
[  280.281534][    C0]  __mod_timer+0xa60/0xeb0
[  280.285935][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  280.291825][    C0]  ? mod_timer_pending+0x20/0x20
[  280.296753][    C0]  ? prandom_u32+0x218/0x260
[  280.301341][    C0]  call_timer_fn+0x16d/0x560
[  280.305914][    C0]  ? garp_init_applicant+0x470/0x470
[  280.311187][    C0]  ? __run_timers+0x890/0x890
[  280.315853][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  280.321058][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  280.326327][    C0]  ? garp_init_applicant+0x470/0x470
[  280.331599][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  280.336785][    C0]  ? garp_init_applicant+0x470/0x470
[  280.342058][    C0]  __run_timers+0x67c/0x890
[  280.346560][    C0]  ? detach_timer+0x2f0/0x2f0
[  280.351224][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  280.357207][    C0]  ? ktime_get_real_ts64+0x460/0x460
[  280.362482][    C0]  run_timer_softirq+0x63/0xf0
[  280.367242][    C0]  handle_softirqs+0x3a7/0x930
[  280.372082][    C0]  ? __irq_exit_rcu+0x157/0x240
[  280.376920][    C0]  ? do_softirq+0x240/0x240
[  280.381430][    C0]  ? irqtime_account_irq+0xd0/0x1e0
[  280.386618][    C0]  __irq_exit_rcu+0x157/0x240
[  280.391280][    C0]  ? irq_exit_rcu+0x20/0x20
[  280.395771][    C0]  irq_exit_rcu+0x5/0x20
[  280.400001][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  280.405623][    C0]  </IRQ>
[  280.408540][    C0]  <TASK>
[  280.411528][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  280.417516][    C0] RIP: 0010:kasan_check_range+0x71/0x290
[  280.423136][    C0] Code: 54 37 ff 49 c1 ea 03 49 bb 01 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 <49> f7 d2 49 01 da 41 80 39 00 0f 85 c4 01 00 00 49 ff c1 49 ff c2
[  280.442759][    C0] RSP: 0018:ffffffff8c607b78 EFLAGS: 00000202
[  280.449083][    C0] RAX: f2f2f200f1f1f101 RBX: 1ffffffff18c0fa4 RCX: ffffffff8a3c33e8
[  280.457041][    C0] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffffff8c607d20
[  280.465003][    C0] RBP: 0000000000000002 R08: dffffc0000000000 R09: fffffbfff18c0fa4
[  280.472980][    C0] R10: 1ffffffff18c0fa5 R11: dffffc0000000001 R12: 1ffffffff18c0fce
[  280.480958][    C0] R13: dffffc0000000000 R14: fffffbfff18c0fa6 R15: 0000000000000000
[  280.488919][    C0]  ? __schedule+0x98/0x45b0
[  280.493435][    C0]  memset+0x1f/0x40
[  280.497249][    C0]  __schedule+0x98/0x45b0
[  280.501570][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  280.507916][    C0]  ? print_irqtrace_events+0x210/0x210
[  280.513361][    C0]  ? cpuidle_enter_state+0xa83/0xef0
[  280.518633][    C0]  ? tick_nohz_idle_exit+0x429/0x550
[  280.523914][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  280.529100][    C0]  ? release_firmware_map_entry+0x190/0x190
[  280.534977][    C0]  ? flush_smp_call_function_from_idle+0x13e/0x280
[  280.541465][    C0]  ? generic_smp_call_function_single_interrupt+0x10/0x10
[  280.548560][    C0]  ? tick_nohz_restart_sched_tick+0x200/0x200
[  280.554617][    C0]  ? tick_nohz_idle_got_tick+0x96/0x100
[  280.560350][    C0]  schedule_idle+0x4a/0x90
[  280.564751][    C0]  do_idle+0x61e/0x670
[  280.568831][    C0]  ? idle_inject_timer_fn+0x60/0x60
[  280.574016][    C0]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  280.579641][    C0]  ? schedule_idle+0x57/0x90
[  280.584222][    C0]  cpu_startup_entry+0x14/0x20
[  280.588998][    C0]  ? time_init+0x40/0x40
[  280.593230][    C0]  start_kernel+0x48c/0x540
[  280.597743][    C0]  secondary_startup_64_no_verify+0xb1/0xbb
[  280.603633][    C0]  </TASK>
[  281.706372][    C0] Shutting down cpus with NMI
[  281.711315][    C0] Kernel Offset: disabled
[  281.715645][    C0] Rebooting in 86400 seconds..