last executing test programs:

14.018688856s ago: executing program 4:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")

14.017983856s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$loop(&(0x7f00000003c0), 0x9, 0x82e81)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
socket$nl_xfrm(0x10, 0x3, 0x6)
clock_gettime(0x0, &(0x7f0000000280)={<r5=>0x0, <r6=>0x0})
utimes(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={{r5, r6/1000+60000}, {0x77359400}})
socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0)
read$char_usb(r4, &(0x7f0000000080)=""/139, 0xfdef)

12.064081112s ago: executing program 4:
r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x0, r3}, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r0)

10.844616163s ago: executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x13)

10.775953214s ago: executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000400)='./file0\x00', 0x809, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRESOCT, @ANYRES64, @ANYRES16, @ANYBLOB="8dc89e7744fa9283c8fa8c347820bdca1970caa5351156b73b183e1dc9fbec51f67262d0581ba26188990a74a6c6019862883960ebdace93bbf50ef802a5cdd5b03697b62f712512c7fe60cf519a4e60ca1894b0469dde3b32722ee8a3ea588ce873083729be815cc269c3"], 0xff, 0x210, &(0x7f0000000440)="$eJzsmb9rFEEUx7+zu9lNggg2FjYpDBgxyf44lTQHKoiVIERRy8NswukmJ5cVkoBwh42NpYigpf+AhcXVdjZiY6GFPxAsvFKwEEZmdnZvbm/3PGFFJO9TzL15b968mdm5b7ELgiD2LZ8+fv/w4NzK5UUABzAPR/m/moMxhjb+/eM7Jx7Wzz95/u7Zy62Dd3v5+eoAOB/0X38eX58BHZy1S+Pzonk07LsCA8eVfRVZ7k8uSTohGK6rwE3Nbs0oIwqXb7SitfVmFHqi8UUTiKam17IA9LsMawCm5d44Z1p8e3fvViOKwnbemOJpneFQWr84q9AYc3yd1KirX7E+8byu3b/XFf1l5fdgJGcJwIcBX9k1MKwqewUO5gBkR6Lt/4g1mN+cZP//ymA/kmsgPIeWKi9h4k+ynqL4Evz/xuJbYNjDnepr4czfWDzLe8QfOvMc7vdejWZ9qaS6kLvRkFPNvljZZZPCBe15XVBj3sxG0cXJF9/JK5c9TstEYEbqB7OAY5o+WbAy/XDjzdvu9u7eUnOzsRFuhFtBUDvtnfS8U4G73nTguVKhSwXQwrTUp1lt/qmSsTazsdOI47a/A8RtP+sHSasp7uqL1jeZY0j9M7BwNJlDHLLctlNcg2nFmRy9YJYuniAIgiAIgiAIgiAIgiAI4rekLyMZgDkwJJ9A5IcqXkJwSWb8CgAA//8pOFyp")
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000b000000050000000200000401000080000000000400000003000000080000001a0000000000000000000000002e3061612e"], 0x0, 0x47}, 0x20)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000180)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3M9vFFUcAPDvTGn5TQviD34oq2hsRFtaUDl4QKMJFxMTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqCeNV70bE2K4gB5MzezOtLPtbtluf6yyn0+y2/dm3ux735l5u2/ndTaArlXJnpKIbRHxa0T017L1BSq1P7duXBn/68aV8SRmZ1/+M6mWu3njynhRtNhua54ZTCPS95PY16DeqUuXz45NTk5czPPD0+feHJ66dPmJM+fGTk+cnjg/euzY0SMjTz81+uSqxJnFdXPvOxf27znx6kcvjs/Gaz98nrV3W76+HEfNwIrrrEQlZnPzS/uqz4+s+NX/W7aX0smGDjaEZemJiOxw9Vb7f3/0xPzB648X3pvLfNuhBgJrJvts2rloaU/+N537/ALuRIk+Dl2q+MTPvv8Wj/Ucf3Ta9Wez54lq/LfyR21N7XtQMlD7xt7TZPvjK6x/W0ScnPn74+wRDa9DAACsrq+z8c/jjcZ/adxTKrcjn0MZiIhDEbErIu6KiN0RcXdEtey9EXHfMuuvLMgvHv/8vLmtwFqUjf+eyee26sd/aV4imcttr8bfm7x+ZnLicL5PBqN3Y5YfWaKOb57/5cNm6yql8V/2yOovxoJ5O/7YsLF+m1Nj02MrCLnO9Xcj9m5oFH8yNxOQ7YE9EbG3jdfP9tmZxz7bn6V3bF28/vbxL2EV5plmP414tHb8Z2JB/IWkVlOz+cnhTTE5cXi4OCsW+/Gnay+V872ldF38m1qLaVO7wTaQHf8tDc//PP6iGxTztVPLr+Pabx80/U6z+PgncXKmXCI//0vvAtn535e8Uk335cveHpuevjgS0ZcvqFs+Or9tkS/KZ/EPHmzc/3dF/PNJvt2+iMhO4vsj4oGIOJC3/cGIeCgiDi4R//fPPfzG0nuozfN/FWTxn1rq+EcMJOX5+jYSPWe/+6pZ/a29/x2tpgbzJa28/7XawJXsOwAAAPi/SKtz0Ek6VKRLF6d2x5Z08sLU9KFKvHX+VG2ueiB60+JKV3/peuhIfm24yI8uyB+JiJ3V/zTaXM0PjV+Y3N7JwIHqvTp1/T/SdGiotu73Zv/0Atw5ljWPVr478IsvV78xwLpyvyZ0L/0fupf+D91L/4fu1aj/X4241YGmAOvM5z90L/0fupf+D91L/4eutPiW+OKHFtq5038+sevEijZf88Rs/5q88szyt+pZo0ij/KMdTRNJRLRXRaRLl+lrofaOJdLbljne5m5ZRuJAntgYEa1udXXd9mpn35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWy78BAAD//8XZ3Pk=")
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3c}, [@generic={0x3f, 0x4, 0x4, 0x9, 0x1}, @alu={0x4, 0x0, 0x3, 0x2, 0x0, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7ad6, 0xb6, &(0x7f0000000c80)=""/182, 0x0, 0x1, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x0, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3, r3, r3, r3, r3, r2, r3], 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000e00)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40003}, 0x85)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x26}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r4 = socket$inet(0x2, 0x3, 0x6)
setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4)
shutdown(r4, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)

10.566744457s ago: executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xbd, &(0x7f00000002c0)=""/189, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa, 0x1}, 0x8}, 0x90)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x52000, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000002380))
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000180)=""/253, 0xfd}], 0x1, 0x101, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040)={0x77359400}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6}, 0x20)
recvmsg(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/128, 0x80}], 0x1}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000040), &(0x7f0000000080)=r6}, 0x20)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)

9.637495802s ago: executing program 1:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")

9.569432653s ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000200)="a6", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x2df)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000440), &(0x7f0000000480)=0x14)

8.299493911s ago: executing program 2:
sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xe24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = creat(&(0x7f0000000500)='./file1\x00', 0x0)
fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000680)=ANY=[@ANYRES32=r7, @ANYRES16, @ANYRESDEC, @ANYRESDEC=r6, @ANYRES64, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES64=r6, @ANYRESHEX=r7, @ANYBLOB="7c7d95e676a8292ec4b3c08049ee9037b826a9bde5403e72fea52710f6703d28f521423e0b72337c0ad6be85be9ec0feff0618d145b5ac21ebb130039db796978dc49dfdf628dc743d6ec021daa5816ff66f8c18b384d11c68c520feb650f9d06d16db0a86b071b7eec0a719922604e3abe0b54462a7d7546f1c092a3e2cd8b4f73b227a954bc5874162c4f5cc2985a9ff65e1807633c41dec778bf68f0fe74f9a19ff8d23b0259acc035743b9b5dc312cadbc9c1ad0a0729989cb73938a19f2b5d7787c004a12cfc3d5e51326c0c2a1de6d8475", @ANYRES64], 0x2, 0x1d4, &(0x7f00000008c0)="$eJzsmb/vEjEYxp/27gtIjImLg4smkogRjrtDDQsDJu4m4K9NIidBDzBwJkDiQFxcHB1MXP0HHByYHNzcXHVQExMHGZ3PtJS7yq9ADJHE95PQe9q+7du+wDMACIL4b/n29deX51dLtRyA48ggqcZ/GHEM1+I/v3x88UX52qs3n16/75x4MlncjwEIw+3zizTvKgYC1Q/DP1dn1LMGHukb4Lig9C0wWErfBcdNpT0w3FH6gaa7x5TwPete12/cb/meLRpHNK5oinp+E8B0zNAAkFLnY9p8fzh6WPd9r7cojsJ5nqWpXcWm+pmAOa1wlLX6iffr9rOnY9Gf18bW6ueAw1G6CIaq0iUkYVlWXBLt/qfNeH9jm/sfgjiZ3xSTO4ATkvgHgi2OiC90NHJqOvmwvOr7Pg92dr9XlsYFYGnqY/rvdk4oE1gZE/unsNzzmj+ZMCP/KATtR4X+cJRvtetNr+l1XLd4xb5k25fdgjSiWbvB/1LSn9La/kdrYhMsgUE9CHrOAAh6TtR3Z63muNW33Z9yDZf+x5E9N9tDfFTktZOrczD14vIpVNZYe3iCIAiCIAiCIAiCIAiCIIidOAMmfwVVf1SFa3Cvy+jfAQAA//+0A2jN")

8.18255299s ago: executing program 0:
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)

7.949078296s ago: executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22}, 0x1c)
syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0)

7.41259224s ago: executing program 0:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x280008a, &(0x7f0000000240)=ANY=[@ANYBLOB='shortname=lower,shortname=win95,rodir,iocharset=default,uni_xlate=0,nonumtail=1,utf8=0,flush,rodir,shortname=win95,shortname=winnt,shortname=win95,showexec,uni_xlate=0,utf8=0,utf8=0,uni_xlate=0,shortname=mixed,\x00'], 0x97, 0x2ad, &(0x7f0000000d40)="$eJzs3b9rO2UYAPDn0vQSdEgEJxE80MHpS9vVJUVaEDspGdRBi21BmiC0UPAHnp1cXRxdXQTBzX/Cxf9AcBXcLFg4ueSuSTSNSTWt+v18hvbte8/z3vNe39J2yJN3nh2eHmVxcvnxj9FuJ9HoRS+ukuhGI2qfxoze5wEA/JddFUX8UoytkpdERHt9ZQEAa7Ty7/9v114SALBmr7/x5qu7Bwd7r2VZO/aHn130y//sy8/j67sn8V4M4ji2ohPXEUVe3Py1UH7cL4oib2albrwwzC/6Zebw7e+r9Xd/jhjlb0cnuqOp2fxXDva2s7Gp/Lys44nq/r0yfyc68fRN8kz+zpz86Kfx4vNT9T+KTvzwbrwfgzgaFTHOj0bEJ9tZ9nLxxa8fvVWWV+Yn+UW/NYqbKDbu+VsDAAAAAAAAAAAAAAAAAAAAAMD/2KOqd04rRv17yqmq/87GdfnFZmS17mx/nnF+Ui9U9weq5EV8Wffn2cqyrKgCJ/nNeKYZzYfZNQAAAAAAAAAAAAAAAAAAAPy7nH/w4enhYHB89o8M6m4A9cv677pOb2rmuVgc3JrcqxGRlsMFK8dGFV7WurCMchNL1/xb1fbgbo/uqdtq/vqbpdf5qt7XXwZvLhHzNwf16To9TOY/w1bUM+36kHw3HZPGkvdKb7tUrHT80rmXOivvPX1yNMgXxESyqLCXfho/uWom+eMu0tFTnZu+WQ2m0mdj2suf5/In5U8S3ToAAAAAAAAAAAAAAAAAAGCtJi/6nXPxcmFqo2itrSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFeT9/9fYZBXyUsEp3F2/sBbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DHwewAAAP//M+pilA==")
r0 = open(0x0, 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
open(0x0, 0x4100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48)
unshare(0x8040480)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)
ppoll(&(0x7f00000000c0)=[{r4}], 0x1, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)

7.231460048s ago: executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002200b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup2(r3, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

7.15734819s ago: executing program 2:
r0 = open(0x0, 0x400000040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
open(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
socket$packet(0x11, 0x0, 0x300)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d020000000000000003000000000000000000000105000000080000000000000000000003000000000200000002"], 0x0, 0x56}, 0x20)

7.075849603s ago: executing program 4:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)}, 0x20)
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "7cbf"}, 0x0, 0x0, 0x0, 0x0})

7.03107391s ago: executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
timer_create(0x0, &(0x7f0000000040), 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)

6.754172713s ago: executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x13)

4.832625124s ago: executing program 2:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "ff4e4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

4.832267524s ago: executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000200)="a6", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x2df)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000440), &(0x7f0000000480)=0x14)

4.832041554s ago: executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xbd, &(0x7f00000002c0)=""/189, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa, 0x1}, 0x8}, 0x90)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x52000, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000002380))
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000180)=""/253, 0xfd}], 0x1, 0x101, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040)={0x77359400}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6}, 0x20)
recvmsg(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/128, 0x80}], 0x1}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000040), &(0x7f0000000080)=r6}, 0x20)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)

4.827931405s ago: executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x0, 0x0, 0x80000000}, 0x48)
mkdir(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, 0x0, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x90)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xf, {"a2e3ad21ed0d09f91b3d090987f70906d038e7ff7fc6e5539b0d3d0e8b089b3c310068090890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_emit_ethernet(0xfdef, 0x0, 0x0)

3.751312093s ago: executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002120702500000000000500207b1af8ff00000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup2(r0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe(0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x0, 0x7fe2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x7a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001440)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42646d25dfd73d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f40f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b74039fffd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f152fdf6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a5121e941b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41b92fe3caef70845cde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f3920001ddd312969ecc08a99f5a3be58de34149af8360a7db3f301e656c5485d5de03be99b04e3593e8e18d7b635ca24a915c82122ac7a5bf6d011ee91573d66fc9522a76fa00211d62dc123fd51d1cb2ce1d4f3a62f99e2d93b2d34324a962a3762b6e8d7d3a7f73af6eb264b44822d8847442c3df4771df9a5d79443174b191878fe586facc18035f09fd70a137809ce970e31c4e6a8e48ce2fc30316087caaa2ed0bda52e969fda35236ac9aedb241a114a8cf1c49b8bd3f73c1c67d7968db4f71202d63bb0963cf128d"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002340)=ANY=[@ANYBLOB="b702000022000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e0500009cb20d03e7564c35a8d36774d5e5003a14817ac61e4dd19699a13477bf7e060e3670ef0e789f65f105006704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a080600000002000000ff000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3957663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964ecbeba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca00010000790017b0689a173db9c24db65c1e00015c1d093dab18fd063e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacec403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39057c1f395968e23c262279f4ef00fbdb8c338615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c1c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553572548104d2ad0e10d3663488e664401030022f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f32744a8c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6970982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980ede51116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c60100f36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e6887dd7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee440b293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbc8b8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c545b28211a92000000001501aed8972af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f05e96d738989f2c8b1e6b3a9716b6130a09e2698b12d8ae4d329f305fde3e8dec42eae3c69988ad568543a715755110c8dff124a6ba9ee1dc32ea7d17a35a420133c7df262a30cbff8790d80fd4def27ff1b268014daec1b0d1d2864bf010801f092efac0b349b86631d2a7455a72c0e7f43730b78e9beb255188acb12f3770fcc2223ba034181d9c3acef5b6d9ee77883ca12cfd68a5db88cc945a5c377c4ee2da24351905240b0b1920429109032ddc3cf9bf4ba32f594d45478bca432bdeb1a21fd5b5c2c416ed8eeabade9e2002b4e714dc3d7476fa52fedc0d0e6bed973e3aa468597810c13a8c40d9845bf0080850f309ec4dc5f88ef54bc3272918944178203e706674d8402f8ccd86d33edb1894e46b793641e9bf407b7c8b2b4b555f07467c96828163ce30fd4c24b108df352bc32eae5b1e3adecf6cf8d2bc3549f49c14a553683499b707a422e98082456c0dcf3f7155db062dfad1e92af9708dca9b70a77f4b88c06f8ee7a43df5f5ac21a6ed194102abaa097097f544896db197fa4dc32c420640a48bc6e79c214c21fc2312d4f9f4f489a52f5774d8339c2e03f979c9ee9a23e8f6f7d3aec1100c9949095ed29deabeebc420cfdf909dbecf8acc871b627bb358bd5ab90db253acf496d9b6a3374c86558a38537a821aa092794333ac26edb8b06370d7b0fa2db01c24534b33431132dc386178651682b5446d519dbc4fdcc69cfb60afe6cbd4d3ea2bcfa9d10bf14cb169009d7d7cc02ff1f03941916f046dcd6fa0c0d25c2189c349481633fdd841f8cca89757c2528b8334e76f37b8c43271a2820c33a2e631e4ed3060b7f0ab4e264a022f17647d511e44c3c594bbff7f0047450d74bf891cb2452f4093d3a77c4b7316218e50bedff67f529f78e52a0ac3af2a8414078aaadfe77e14a1647fe521a947a0489ca384989f391d2b005aaa970457a4f3e0c0f488b4228b33b08ff78581bf5d07446992ad520b2e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={0xffffffffffffffff, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a5cfd55", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.738594855s ago: executing program 4:
r0 = open(&(0x7f0000000100)='./bus\x00', 0x400145042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r1, 0x81fd)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000340)="1b3b351333f3a3b13679144b0600000000000000de5829aceff19492e9ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb1da5b2411d093471a30c77ca0d06d1576a43cbd422dd9fc5aeeef4a0a53a5d93a9b5b000bba7223848aa6b97abe164077f7737311f187ffdfefdae072f6c3d59bf3a7d1565", 0x91}, {&(0x7f00000001c0)="8ec1cc54649640be1983f79c5bfe88cd6a6afd5570ab59578db363f4", 0x1c}, {&(0x7f0000000840)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f9bd5635f4888c4c60793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d0c993f5524409672b4f35409a8720dc2b78f83198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4cfffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9ba1ee447b5bfd5b9d3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffb7c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4283dc90000000000000000000000000000f676fce6502229acaace64eb2390025dd834dc9d6eea", 0x22d}], 0x3}, 0x0)
recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0)
close(r2)

3.429707263s ago: executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1}, 0x0)
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)

2.669410142s ago: executing program 4:
sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xe24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = creat(&(0x7f0000000500)='./file1\x00', 0x0)
fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000680)=ANY=[@ANYRES32=r7, @ANYRES16, @ANYRESDEC, @ANYRESDEC=r6, @ANYRES64, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES64=r6, @ANYRESHEX=r7, @ANYBLOB="7c7d95e676a8292ec4b3c08049ee9037b826a9bde5403e72fea52710f6703d28f521423e0b72337c0ad6be85be9ec0feff0618d145b5ac21ebb130039db796978dc49dfdf628dc743d6ec021daa5816ff66f8c18b384d11c68c520feb650f9d06d16db0a86b071b7eec0a719922604e3abe0b54462a7d7546f1c092a3e2cd8b4f73b227a954bc5874162c4f5cc2985a9ff65e1807633c41dec778bf68f0fe74f9a19ff8d23b0259acc035743b9b5dc312cadbc9c1ad0a0729989cb73938a19f2b5d7787c004a12cfc3d5e51326c0c2a1de6d8475", @ANYRES64], 0x2, 0x1d4, &(0x7f00000008c0)="$eJzsmb/vEjEYxp/27gtIjImLg4smkogRjrtDDQsDJu4m4K9NIidBDzBwJkDiQFxcHB1MXP0HHByYHNzcXHVQExMHGZ3PtJS7yq9ADJHE95PQe9q+7du+wDMACIL4b/n29deX51dLtRyA48ggqcZ/GHEM1+I/v3x88UX52qs3n16/75x4MlncjwEIw+3zizTvKgYC1Q/DP1dn1LMGHukb4Lig9C0wWErfBcdNpT0w3FH6gaa7x5TwPete12/cb/meLRpHNK5oinp+E8B0zNAAkFLnY9p8fzh6WPd9r7cojsJ5nqWpXcWm+pmAOa1wlLX6iffr9rOnY9Gf18bW6ueAw1G6CIaq0iUkYVlWXBLt/qfNeH9jm/sfgjiZ3xSTO4ATkvgHgi2OiC90NHJqOvmwvOr7Pg92dr9XlsYFYGnqY/rvdk4oE1gZE/unsNzzmj+ZMCP/KATtR4X+cJRvtetNr+l1XLd4xb5k25fdgjSiWbvB/1LSn9La/kdrYhMsgUE9CHrOAAh6TtR3Z63muNW33Z9yDZf+x5E9N9tDfFTktZOrczD14vIpVNZYe3iCIAiCIAiCIAiCIAiCIIidOAMmfwVVf1SFa3Cvy+jfAQAA//+0A2jN")

2.472050363s ago: executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000400)='./file0\x00', 0x809, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRESOCT, @ANYRES64, @ANYRES16, @ANYBLOB="8dc89e7744fa9283c8fa8c347820bdca1970caa5351156b73b183e1dc9fbec51f67262d0581ba26188990a74a6c6019862883960ebdace93bbf50ef802a5cdd5b03697b62f712512c7fe60cf519a4e60ca1894b0469dde3b32722ee8a3ea588ce873083729be815cc269c3"], 0xff, 0x210, &(0x7f0000000440)="$eJzsmb9rFEEUx7+zu9lNggg2FjYpDBgxyf44lTQHKoiVIERRy8NswukmJ5cVkoBwh42NpYigpf+AhcXVdjZiY6GFPxAsvFKwEEZmdnZvbm/3PGFFJO9TzL15b968mdm5b7ELgiD2LZ8+fv/w4NzK5UUABzAPR/m/moMxhjb+/eM7Jx7Wzz95/u7Zy62Dd3v5+eoAOB/0X38eX58BHZy1S+Pzonk07LsCA8eVfRVZ7k8uSTohGK6rwE3Nbs0oIwqXb7SitfVmFHqi8UUTiKam17IA9LsMawCm5d44Z1p8e3fvViOKwnbemOJpneFQWr84q9AYc3yd1KirX7E+8byu3b/XFf1l5fdgJGcJwIcBX9k1MKwqewUO5gBkR6Lt/4g1mN+cZP//ymA/kmsgPIeWKi9h4k+ynqL4Evz/xuJbYNjDnepr4czfWDzLe8QfOvMc7vdejWZ9qaS6kLvRkFPNvljZZZPCBe15XVBj3sxG0cXJF9/JK5c9TstEYEbqB7OAY5o+WbAy/XDjzdvu9u7eUnOzsRFuhFtBUDvtnfS8U4G73nTguVKhSwXQwrTUp1lt/qmSsTazsdOI47a/A8RtP+sHSasp7uqL1jeZY0j9M7BwNJlDHLLctlNcg2nFmRy9YJYuniAIgiAIgiAIgiAIgiAI4rekLyMZgDkwJJ9A5IcqXkJwSWb8CgAA//8pOFyp")
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000b000000050000000200000401000080000000000400000003000000080000001a0000000000000000000000002e3061612e"], 0x0, 0x47}, 0x20)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000180)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3M9vFFUcAPDvTGn5TQviD34oq2hsRFtaUDl4QKMJFxMTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqCeNV70bE2K4gB5MzezOtLPtbtluf6yyn0+y2/dm3ux735l5u2/ndTaArlXJnpKIbRHxa0T017L1BSq1P7duXBn/68aV8SRmZ1/+M6mWu3njynhRtNhua54ZTCPS95PY16DeqUuXz45NTk5czPPD0+feHJ66dPmJM+fGTk+cnjg/euzY0SMjTz81+uSqxJnFdXPvOxf27znx6kcvjs/Gaz98nrV3W76+HEfNwIrrrEQlZnPzS/uqz4+s+NX/W7aX0smGDjaEZemJiOxw9Vb7f3/0xPzB648X3pvLfNuhBgJrJvts2rloaU/+N537/ALuRIk+Dl2q+MTPvv8Wj/Ucf3Ta9Wez54lq/LfyR21N7XtQMlD7xt7TZPvjK6x/W0ScnPn74+wRDa9DAACsrq+z8c/jjcZ/adxTKrcjn0MZiIhDEbErIu6KiN0RcXdEtey9EXHfMuuvLMgvHv/8vLmtwFqUjf+eyee26sd/aV4imcttr8bfm7x+ZnLicL5PBqN3Y5YfWaKOb57/5cNm6yql8V/2yOovxoJ5O/7YsLF+m1Nj02MrCLnO9Xcj9m5oFH8yNxOQ7YE9EbG3jdfP9tmZxz7bn6V3bF28/vbxL2EV5plmP414tHb8Z2JB/IWkVlOz+cnhTTE5cXi4OCsW+/Gnay+V872ldF38m1qLaVO7wTaQHf8tDc//PP6iGxTztVPLr+Pabx80/U6z+PgncXKmXCI//0vvAtn535e8Uk335cveHpuevjgS0ZcvqFs+Or9tkS/KZ/EPHmzc/3dF/PNJvt2+iMhO4vsj4oGIOJC3/cGIeCgiDi4R//fPPfzG0nuozfN/FWTxn1rq+EcMJOX5+jYSPWe/+6pZ/a29/x2tpgbzJa28/7XawJXsOwAAAPi/SKtz0Ek6VKRLF6d2x5Z08sLU9KFKvHX+VG2ueiB60+JKV3/peuhIfm24yI8uyB+JiJ3V/zTaXM0PjV+Y3N7JwIHqvTp1/T/SdGiotu73Zv/0Atw5ljWPVr478IsvV78xwLpyvyZ0L/0fupf+D91L/4fu1aj/X4241YGmAOvM5z90L/0fupf+D91L/4eutPiW+OKHFtq5038+sevEijZf88Rs/5q88szyt+pZo0ij/KMdTRNJRLRXRaRLl+lrofaOJdLbljne5m5ZRuJAntgYEa1udXXd9mpn35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWy78BAAD//8XZ3Pk=")
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3c}, [@generic={0x3f, 0x4, 0x4, 0x9, 0x1}, @alu={0x4, 0x0, 0x3, 0x2, 0x0, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7ad6, 0xb6, &(0x7f0000000c80)=""/182, 0x0, 0x1, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x0, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3, r3, r3, r3, r3, r2, r3], 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000e00)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40003}, 0x85)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x26}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r4 = socket$inet(0x2, 0x3, 0x6)
setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4)
shutdown(r4, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)

2.380625398s ago: executing program 1:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")

2.340782594s ago: executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x0, &(0x7f0000000000), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000440)='sched_switch\x00', r6}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x400ad00, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)

201.651739ms ago: executing program 2:
r0 = open(0x0, 0x400000040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
open(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
socket$packet(0x11, 0x0, 0x300)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d020000000000000003000000000000000000000105000000080000000000000000000003000000000200000002"], 0x0, 0x56}, 0x20)

0s ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000002090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000300)={r3}, 0x8)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef)

kernel console output (not intermixed with test programs):

 wlan0: link becomes ready
[   72.892202][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.902911][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.904887][ T3658] ext4 filesystem being mounted at /root/syzkaller-testdir1703885873/syzkaller.WGRS8o/0/bus supports timestamps until 2038 (0x7fffffff)
[   72.929912][ T3571] device veth0_macvtap entered promiscuous mode
[   72.973462][ T3647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.983123][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.002469][ T3571] device veth1_macvtap entered promiscuous mode
[   73.014359][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.053318][ T3647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.076333][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.100766][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.117969][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.126256][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   73.146433][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.162825][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.185758][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.232380][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.239446][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.259607][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.277299][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.338582][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.390366][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.496687][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.550702][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.647939][ T3572] Bluetooth: hci1: command tx timeout
[   73.653411][ T3572] Bluetooth: hci0: command tx timeout
[   73.659535][ T3578] Bluetooth: hci3: command tx timeout
[   73.701453][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.712585][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.728401][ T3572] Bluetooth: hci4: command tx timeout
[   73.733860][ T3572] Bluetooth: hci2: command tx timeout
[   73.756966][ T3571] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.848174][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.868060][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   73.913501][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.001907][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.059040][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.141106][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.164071][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.175600][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.191761][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.201875][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.228268][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.246291][ T3571] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.287851][ T3582] EXT4-fs (loop2): unmounting filesystem.
[   74.445072][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   74.628358][ T3616] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   75.028451][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.176996][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   75.179805][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.189071][ T3571] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.216859][ T3571] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.257273][ T3616] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[   75.275328][ T3616] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.337580][ T3616] usb 1-1: config 0 descriptor??
[   75.365945][ T3571] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.381449][ T3571] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.594322][ T3744] netem: change failed
[   75.943960][ T3692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.944021][ T3692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.077751][ T3616] wacom 0003:056A:00F8.0001: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.0-1/input0
[   76.103284][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.103352][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.150985][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   76.151690][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   76.247863][ T3631] usb 1-1: USB disconnect, device number 2
[   76.287748][ T3616] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   76.667486][ T3616] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[   76.695740][ T3616] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.747212][ T3616] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.772130][ T3772] loop1: detected capacity change from 0 to 512
[   76.788810][ T3616] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   76.833483][ T3616] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[   76.867090][ T3616] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.889250][ T3616] usb 3-1: config 0 descriptor??
[   76.898937][ T3772] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   76.983303][ T3772] ext4 filesystem being mounted at /root/syzkaller-testdir1426981909/syzkaller.qi58kZ/3/bus supports timestamps until 2038 (0x7fffffff)
[   77.200176][ T3018] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   77.421307][ T3616] hid-picolcd 0003:04D8:C002.0002: unknown main item tag 0x0
[   77.457251][ T3018] usb 4-1: Using ep0 maxpacket: 16
[   77.554205][ T3616] hid-picolcd 0003:04D8:C002.0002: No report with id 0x11 found
[   77.580817][ T3018] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11
[   77.730361][ T3616] usb 3-1: USB disconnect, device number 2
[   77.737851][ T3018] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[   77.880086][ T3018] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[   78.045424][ T3018] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[   78.077584][ T3018] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[   78.098318][ T3018] usb 4-1: config 1 interface 0 has no altsetting 0
[   78.105059][ T3018] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[   78.127696][ T3018] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.195150][ T3574] EXT4-fs (loop1): unmounting filesystem.
[   78.198822][ T3018] ums-sddr09 4-1:1.0: USB Mass Storage device detected
[   78.411801][ T3018] scsi host1: usb-storage 4-1:1.0
[   79.303232][ T3018] usb 4-1: USB disconnect, device number 2
[   80.334390][ T3858] 9pnet_fd: Insufficient options for proto=fd
[   80.366410][ T3860] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   80.542077][ T3864] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   80.698372][ T3839] loop2: detected capacity change from 0 to 40427
[   80.737300][ T3839] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   80.770483][ T3839] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   80.831483][ T3839] F2FS-fs (loop2): invalid crc value
[   80.883659][ T3839] F2FS-fs (loop2): Found nat_bits in checkpoint
[   80.904982][ T3846] loop1: detected capacity change from 0 to 40427
[   80.943672][ T3846] F2FS-fs (loop1): invalid crc value
[   81.002275][ T3846] F2FS-fs (loop1): Found nat_bits in checkpoint
[   81.051766][ T3839] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   81.063536][ T3839] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   81.128664][ T3846] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   81.190929][   T26] audit: type=1800 audit(1718752287.853:2): pid=3846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0
[   81.305093][   T26] audit: type=1800 audit(1718752287.923:3): pid=3846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0
[   81.358182][ T3574] syz-executor.1: attempt to access beyond end of device
[   81.358182][ T3574] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.636408][ T1148] cfg80211: failed to load regulatory.db
[   82.055425][ T3870] loop3: detected capacity change from 0 to 40427
[   82.117182][ T3870] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   82.169823][ T3870] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   82.220584][ T3870] F2FS-fs (loop3): invalid crc value
[   82.253962][ T3883] binder: 3881:3883 ioctl c0306201 0 returned -14
[   82.280065][ T3870] F2FS-fs (loop3): Found nat_bits in checkpoint
[   82.481152][ T3870] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   82.490914][ T3870] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   83.595442][ T3618] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   83.857278][ T3618] usb 5-1: Using ep0 maxpacket: 16
[   83.976503][ T3700] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   83.986000][ T3618] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11
[   84.003474][ T3618] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[   84.035043][ T3700] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   84.062654][ T3618] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[   84.103141][ T3618] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[   84.149317][ T3618] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[   84.164440][ T3618] usb 5-1: config 1 interface 0 has no altsetting 0
[   84.172722][ T3618] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[   84.186834][ T3618] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.289242][ T3618] ums-sddr09 5-1:1.0: USB Mass Storage device detected
[   84.374912][ T3911] 9pnet_fd: Insufficient options for proto=fd
[   84.526591][ T3618] scsi host1: usb-storage 5-1:1.0
[   84.737738][ T3618] usb 5-1: USB disconnect, device number 2
[   84.846827][ T3919] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.855070][ T3919] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.565903][ T3927] binder: 3926:3927 ioctl c0306201 0 returned -14
[   85.885712][ T3916] loop1: detected capacity change from 0 to 40427
[   85.926102][ T3916] F2FS-fs (loop1): invalid crc value
[   86.005198][ T3916] F2FS-fs (loop1): Found nat_bits in checkpoint
[   86.292665][ T3916] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   86.333546][   T26] audit: type=1800 audit(1718752292.993:4): pid=3916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0
[   86.409685][ T3574] syz-executor.1: attempt to access beyond end of device
[   86.409685][ T3574] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   86.415469][   T26] audit: type=1800 audit(1718752292.993:5): pid=3916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0
[   87.022146][ T3945] 9pnet_fd: Insufficient options for proto=fd
[   87.366241][ T3955] =======================================================
[   87.366241][ T3955] WARNING: The mand mount option has been deprecated and
[   87.366241][ T3955]          and is ignored by this kernel. Remove the mand
[   87.366241][ T3955]          option from the mount to silence this warning.
[   87.366241][ T3955] =======================================================
[   88.393558][ T3966] syz-executor.1[3966] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.393676][ T3966] syz-executor.1[3966] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.654423][ T3977] 9pnet_fd: Insufficient options for proto=fd
[   88.765853][ T3978] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   88.775764][ T3978] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   89.455008][ T3978] syz-executor.4 (3978) used greatest stack depth: 19776 bytes left
[   90.166685][   T26] audit: type=1800 audit(1718752296.823:6): pid=4004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1960 res=0 errno=0
[   90.350408][   T26] audit: type=1800 audit(1718752296.823:7): pid=4004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1960 res=0 errno=0
[   92.260774][ T4016] loop1: detected capacity change from 0 to 32768
[   93.676196][   T26] audit: type=1800 audit(1718752300.333:8): pid=4047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0
[   93.791323][   T26] audit: type=1800 audit(1718752300.393:9): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="memory.events" dev="loop1" ino=7 res=0 errno=0
[   94.049420][ T4050] loop4: detected capacity change from 0 to 128
[   94.096422][ T4050] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   94.238675][ T4035] loop0: detected capacity change from 0 to 40427
[   94.303441][ T4035] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   94.331367][ T4035] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   94.385354][ T4035] F2FS-fs (loop0): invalid crc value
[   94.500683][ T4035] F2FS-fs (loop0): Found nat_bits in checkpoint
[   94.913773][ T4035] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   94.954155][ T4035] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   95.777775][ T4078] loop1: detected capacity change from 0 to 8192
[   96.082746][ T4078] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   96.570492][ T4046] loop2: detected capacity change from 0 to 40427
[   96.603498][ T4046] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   96.637981][ T4046] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   96.709101][ T4046] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-12)
[   97.128475][ T4092] loop3: detected capacity change from 0 to 128
[   97.177446][ T4092] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   97.342759][   T26] audit: type=1800 audit(1718752304.003:10): pid=4087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="memory.events" dev="loop1" ino=1048599 res=0 errno=0
[   98.278104][ T4113] tipc: Can't bind to reserved service type 0
[  100.453262][ T4122] process 'syz-executor.4' launched './file1' with NULL argv: empty string added
[  102.476294][ T4145] loop4: detected capacity change from 0 to 256
[  102.645328][ T4145] syz-executor.4: attempt to access beyond end of device
[  102.645328][ T4145] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256
[  105.190473][ T4179] loop3: detected capacity change from 0 to 1024
[  105.261235][ T4179] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  105.290353][ T4171] loop2: detected capacity change from 0 to 32768
[  105.339836][ T4157] loop0: detected capacity change from 0 to 40427
[  105.486917][ T4157] F2FS-fs (loop0): invalid crc value
[  105.568508][ T3576] EXT4-fs (loop3): unmounting filesystem.
[  105.579087][ T4157] F2FS-fs (loop0): Found nat_bits in checkpoint
[  105.994937][ T4169] loop4: detected capacity change from 0 to 40427
[  106.299802][ T4169] F2FS-fs (loop4): invalid crc value
[  106.349409][ T4169] F2FS-fs (loop4): Found nat_bits in checkpoint
[  106.449182][ T4169] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  106.465706][ T4169] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  106.668162][ T3571] syz-executor.4: attempt to access beyond end of device
[  106.668162][ T3571] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  108.049327][ T4219] loop0: detected capacity change from 0 to 256
[  109.036161][   T26] audit: type=1326 audit(1718752315.693:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4225 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0
[  109.135605][ T4229] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use)
[  109.702299][ T4211] loop2: detected capacity change from 0 to 40427
[  109.723491][ T4242] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  109.738482][ T4211] F2FS-fs (loop2): invalid crc value
[  109.795882][ T4211] F2FS-fs (loop2): Found nat_bits in checkpoint
[  110.004996][ T4211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  110.045836][   T26] audit: type=1804 audit(1718752316.703:12): pid=4211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1703885873/syzkaller.WGRS8o/35/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  110.968295][ T4255] loop0: detected capacity change from 0 to 256
[  110.983076][ T4234] loop3: detected capacity change from 0 to 40427
[  111.024138][ T4234] F2FS-fs (loop3): invalid crc value
[  111.073638][ T4255] syz-executor.0: attempt to access beyond end of device
[  111.073638][ T4255] loop0: rw=2049, sector=256, nr_sectors = 12 limit=256
[  111.074887][ T4234] F2FS-fs (loop3): Found nat_bits in checkpoint
[  111.256294][ T4234] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1
[  111.282874][ T4234] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  111.414357][ T3582] syz-executor.2: attempt to access beyond end of device
[  111.414357][ T3582] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  111.443176][ T3576] syz-executor.3: attempt to access beyond end of device
[  111.443176][ T3576] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  112.116624][ T4275] loop0: detected capacity change from 0 to 256
[  112.158935][ T4275] FAT-fs (loop0): Unrecognized mount option "uid=.›¹ŠÂ)B­ðlé¶ê€éSJ¸bù¨Ȇ¿mS�A°KÀ�´ìþ¹Þj" or missing value
[  112.266773][ T4275] loop0: detected capacity change from 0 to 256
[  114.506472][ T4295] loop2: detected capacity change from 0 to 256
[  114.674208][ T4297] syz-executor.3 (pid 4297) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  116.908821][ T4324] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  116.956343][ T4326] loop3: detected capacity change from 0 to 256
[  117.398961][ T4334] kvm: emulating exchange as write
[  117.412549][ T4342] 9pnet_fd: Insufficient options for proto=fd
[  117.421919][ T4341] tap0: tun_chr_ioctl cmd 1074025684
[  117.554884][ T4343] loop2: detected capacity change from 0 to 4096
[  117.651069][ T4343] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  118.735452][ T4359] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  118.791419][ T4361] loop3: detected capacity change from 0 to 256
[  119.155910][ T4373] 9pnet_fd: Insufficient options for proto=fd
[  120.906796][ T1148] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  122.377320][ T1148] usb 4-1: unable to read config index 0 descriptor/start: -71
[  122.407229][ T1148] usb 4-1: can't read configurations, error -71
[  122.439095][ T4401] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  124.042459][ T4428] syz-executor.0[4428] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  124.042563][ T4428] syz-executor.0[4428] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  124.380192][ T4407] loop4: detected capacity change from 0 to 40427
[  124.404249][ T4432] loop3: detected capacity change from 0 to 256
[  124.457846][ T4432] FAT-fs (loop3): Unrecognized mount option "uid=.›¹ŠÂ)B­ðlé¶ê€éSJ¸bù¨Ȇ¿mS�A°KÀ�´ìþ¹Þj" or missing value
[  124.492876][ T4407] F2FS-fs (loop4): invalid crc value
[  124.541333][ T4407] F2FS-fs (loop4): Found nat_bits in checkpoint
[  124.602495][ T4432] loop3: detected capacity change from 0 to 256
[  124.744841][ T4407] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  124.802417][ T4407] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  124.838333][ T4002] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  125.254501][ T4435] f2fs_ckpt-7:4: attempt to access beyond end of device
[  125.254501][ T4435] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  127.358954][ T4458] device pim6reg1 entered promiscuous mode
[  127.488689][ T3584] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  127.498558][ T3584] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  127.506909][ T3578] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  127.527615][ T3584] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  127.535243][ T3584] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  127.542899][ T3584] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  128.182329][ T4476] loop0: detected capacity change from 0 to 1024
[  128.238357][ T4476] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  128.301489][ T4461] chnl_net:caif_netlink_parms(): no params data found
[  128.364877][ T4476] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  128.441949][ T4476] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present
[  128.473991][ T4476] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  128.509415][ T4476] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1
[  128.668491][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  128.734173][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.761969][ T4461] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.808919][ T4461] device bridge_slave_0 entered promiscuous mode
[  128.868006][ T4461] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.875220][ T4461] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.952280][ T4461] device bridge_slave_1 entered promiscuous mode
[  129.080834][ T4461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.121245][ T4461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.220033][ T4472] loop3: detected capacity change from 0 to 40427
[  129.251127][ T4472] F2FS-fs (loop3): invalid crc value
[  129.286199][ T4461] team0: Port device team_slave_0 added
[  129.308693][ T4472] F2FS-fs (loop3): Found nat_bits in checkpoint
[  129.326438][ T4461] team0: Port device team_slave_1 added
[  129.439913][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.474274][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.508737][ T4500] loop0: detected capacity change from 0 to 256
[  129.528752][ T4472] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1
[  129.558892][ T4472] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  129.569716][ T3572] Bluetooth: hci5: command tx timeout
[  129.624271][ T4461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.710402][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.757810][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.811394][ T4500] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5b196f7a, utbl_chksum : 0xe619d30d)
[  129.889494][ T4461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.961155][ T3576] syz-executor.3: attempt to access beyond end of device
[  129.961155][ T3576] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  130.037911][ T3576] syz-executor.3: attempt to access beyond end of device
[  130.037911][ T3576] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  130.149778][ T4461] device hsr_slave_0 entered promiscuous mode
[  130.205862][ T4461] device hsr_slave_1 entered promiscuous mode
[  130.235664][ T4461] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.265901][ T4461] Cannot create hsr debugfs directory
[  130.297540][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.297650][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.342600][ T3724] kworker/u4:22: attempt to access beyond end of device
[  130.342600][ T3724] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  130.926872][ T4461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.173273][ T3018] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  131.417402][ T3018] usb 3-1: Using ep0 maxpacket: 32
[  131.538339][ T3018] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.635563][ T3018] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.648581][ T3572] Bluetooth: hci5: command tx timeout
[  131.863662][ T3018] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  131.934839][ T3018] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.985672][ T3018] usb 3-1: config 0 descriptor??
[  132.043836][ T4461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.081541][ T3018] hub 3-1:0.0: USB hub found
[  132.271974][ T4461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.287497][ T3018] hub 3-1:0.0: 1 port detected
[  132.323833][ T4524] loop4: detected capacity change from 0 to 1024
[  132.356379][ T4524] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  132.384620][ T4524] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  132.545635][ T4524] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present
[  132.576530][ T4461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.599355][ T4524] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  132.647260][ T4524] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1
[  132.683854][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.769490][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[  132.775885][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  132.793602][ T3571] EXT4-fs (loop4): unmounting filesystem.
[  132.805606][ T3018] usb 3-1: USB disconnect, device number 3
[  132.930821][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.044841][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.158848][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.296201][ T4461] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  133.307214][ T3613] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  133.367893][ T4461] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  133.396607][ T4461] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  133.624006][ T4461] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  133.807742][ T3584] Bluetooth: hci5: command tx timeout
[  134.197449][ T3613] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  134.238671][ T3572] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  134.262416][ T3613] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  134.309594][ T3572] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  134.318936][ T3572] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  134.330615][ T3572] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  134.339004][ T3572] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  134.346353][ T3572] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  134.375010][ T3613] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  134.426213][ T3613] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  134.517458][ T3613] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  134.547181][ T3613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.627563][ T3613] usb 5-1: invalid MIDI out EP 0
[  134.699119][ T4539] loop0: detected capacity change from 0 to 40427
[  134.723333][ T4552] mmap: syz-executor.2 (4552) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  134.863108][ T4539] F2FS-fs (loop0): invalid crc value
[  134.951935][ T4461] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.002882][ T4539] F2FS-fs (loop0): Found nat_bits in checkpoint
[  135.061194][ T3613] snd-usb-audio: probe of 5-1:27.0 failed with error -22
[  135.110961][ T3613] usb 5-1: USB disconnect, device number 3
[  135.142440][ T4539] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1
[  135.226973][ T4539] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  135.236805][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  135.250324][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  135.305711][ T4461] 8021q: adding VLAN 0 to HW filter on device team0
[  135.354277][ T4557] f2fs_ckpt-7:0: attempt to access beyond end of device
[  135.354277][ T4557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  135.386598][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  135.405893][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  135.497739][ T3618] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.505005][ T3618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.535084][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  135.729032][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  135.747776][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.754960][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.779197][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  135.887395][ T3584] Bluetooth: hci5: command tx timeout
[  136.677348][ T3572] Bluetooth: hci2: command tx timeout
[  136.800618][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  136.834313][ T4543] chnl_net:caif_netlink_parms(): no params data found
[  136.889903][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  136.974940][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  136.994985][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  137.034414][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  137.054678][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  137.770502][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  137.779324][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  137.993382][ T4461] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  138.048428][ T4461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  138.105014][ T4601] loop0: detected capacity change from 0 to 1024
[  138.127690][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  138.138287][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  138.155691][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  138.163750][ T4601] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  138.239716][ T4601] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  138.377910][ T4601] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present
[  138.417298][ T4601] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  138.438649][ T4543] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.445787][ T4543] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.486300][ T4601] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1
[  138.525287][ T4543] device bridge_slave_0 entered promiscuous mode
[  138.626835][ T4543] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.638876][ T4543] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.682517][ T4543] device bridge_slave_1 entered promiscuous mode
[  138.687535][ T3572] Bluetooth: hci2: command tx timeout
[  138.711999][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  138.964917][ T4543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.120160][ T4543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.285705][ T4543] team0: Port device team_slave_0 added
[  139.442627][ T4543] team0: Port device team_slave_1 added
[  139.493340][ T4461] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.555920][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  139.569674][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  139.665828][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.674577][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.759171][ T4543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.783671][ T4609] loop2: detected capacity change from 0 to 40427
[  139.790447][   T26] audit: type=1800 audit(1718752346.443:13): pid=4640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1954 res=0 errno=0
[  139.844740][ T4609] F2FS-fs (loop2): invalid crc value
[  139.852385][   T26] audit: type=1800 audit(1718752346.453:14): pid=4640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1954 res=0 errno=0
[  139.925172][ T4609] F2FS-fs (loop2): Found nat_bits in checkpoint
[  140.005483][   T11] device hsr_slave_0 left promiscuous mode
[  140.031720][   T11] device hsr_slave_1 left promiscuous mode
[  140.045857][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.071688][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.085781][ T4609] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[  140.185927][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.213468][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.226584][ T4609] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  140.289745][   T11] device bridge_slave_1 left promiscuous mode
[  140.298204][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.417052][   T11] device bridge_slave_0 left promiscuous mode
[  140.643322][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.768047][ T3572] Bluetooth: hci2: command tx timeout
[  140.977018][   T11] device veth1_macvtap left promiscuous mode
[  140.992101][   T11] device veth0_macvtap left promiscuous mode
[  141.005291][   T11] device veth1_vlan left promiscuous mode
[  141.020379][   T11] device veth0_vlan left promiscuous mode
[  141.093820][ T3582] syz-executor.2: attempt to access beyond end of device
[  141.093820][ T3582] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  141.125708][ T3582] syz-executor.2: attempt to access beyond end of device
[  141.125708][ T3582] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  141.239395][ T3685] kworker/u4:8: attempt to access beyond end of device
[  141.239395][ T3685] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  141.438401][   T11] team0 (unregistering): Port device team_slave_1 removed
[  141.454642][   T11] team0 (unregistering): Port device team_slave_0 removed
[  141.470463][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.496549][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.603520][   T11] bond0 (unregistering): Released all slaves
[  141.714197][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.721371][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.748403][ T4543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  141.760661][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  141.770135][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  142.225618][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  142.261194][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  142.304597][ T4461] device veth0_vlan entered promiscuous mode
[  142.821334][ T4461] device veth1_vlan entered promiscuous mode
[  142.847624][ T3572] Bluetooth: hci2: command tx timeout
[  142.849885][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  142.888446][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  142.912987][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  143.022533][ T4543] device hsr_slave_0 entered promiscuous mode
[  143.060146][ T4543] device hsr_slave_1 entered promiscuous mode
[  143.087666][ T4543] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  143.095291][ T4543] Cannot create hsr debugfs directory
[  143.290215][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  143.308989][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  143.328033][ T4461] device veth0_macvtap entered promiscuous mode
[  143.380741][ T4461] device veth1_macvtap entered promiscuous mode
[  143.479885][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.487541][ T3617] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  143.501315][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.522395][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.549126][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.569437][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.594776][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.615904][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.637836][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.672096][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.693431][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  143.708107][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  143.722858][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  143.742480][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  143.849589][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.877489][ T3617] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.901884][ T3617] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.911956][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.942348][ T3617] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  143.957241][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.987172][ T3617] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.995315][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.027671][ T3617] usb 5-1: config 0 descriptor??
[  144.034634][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.075527][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.116029][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.146992][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.181105][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.210814][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  144.237966][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  144.331952][ T4461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.350973][ T4461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.382308][ T4461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.402587][ T4461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.613468][ T3584] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  144.623567][ T3584] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  144.632357][ T3584] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  144.640986][ T3584] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  144.656289][ T3584] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  144.664747][ T3584] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  144.801791][ T3712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.823763][ T3712] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.870312][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  145.110437][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.149987][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.199656][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  145.636448][ T3617] uclogic 0003:256C:006D.0003: v1 frame probing failed: -71
[  145.772448][ T3617] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  145.968283][ T3617] uclogic: probe of 0003:256C:006D.0003 failed with error -71
[  146.111165][ T3617] usb 5-1: USB disconnect, device number 4
[  146.416468][ T4543] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  148.126450][ T4730] trusted_key: encrypted_key: insufficient parameters specified
[  148.200257][ T3572] Bluetooth: hci3: command tx timeout
[  148.294476][ T1148] hid-generic 0000:0020:0000.0004: unknown main item tag 0x0
[  148.461547][ T1148] hid-generic 0000:0020:0000.0004: item fetching failed at offset 7/18
[  148.521712][ T1148] hid-generic: probe of 0000:0020:0000.0004 failed with error -22
[  149.014712][ T4543] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  149.371631][ T4543] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  149.514436][ T4543] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  149.608768][ T4700] chnl_net:caif_netlink_parms(): no params data found
[  150.287296][ T3584] Bluetooth: hci3: command tx timeout
[  151.260458][ T4700] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.309482][ T4700] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.349183][ T4700] device bridge_slave_0 entered promiscuous mode
[  151.373995][ T4700] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.459504][ T4700] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.508489][ T4700] device bridge_slave_1 entered promiscuous mode
[  152.169735][ T4781] Zero length message leads to an empty skb
[  152.741767][ T4786] trusted_key: encrypted_key: insufficient parameters specified
[  153.124421][ T3617] hid-generic 0000:0020:0000.0005: unknown main item tag 0x0
[  153.177105][    C0] sched: RT throttling activated
[  153.219557][ T3617] hid-generic 0000:0020:0000.0005: item fetching failed at offset 7/18
[  153.319564][ T3617] hid-generic: probe of 0000:0020:0000.0005 failed with error -22
[  153.640476][ T3584] Bluetooth: hci3: command tx timeout
[  153.669172][ T4700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.730109][ T4700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.860024][ T4700] team0: Port device team_slave_0 added
[  153.980149][ T4700] team0: Port device team_slave_1 added
[  154.391451][ T4543] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.272176][ T4700] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.347044][ T4700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.465585][ T4700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.500650][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  155.518033][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  155.659009][ T3584] Bluetooth: hci3: command tx timeout
[  156.214144][ T4700] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.228082][ T4700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.255615][ T4700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.276754][ T4815] device ip6gre0 entered promiscuous mode
[  156.283066][ T4815] device vlan2 entered promiscuous mode
[  156.297653][ T4815] device ip6gre0 left promiscuous mode
[  156.358354][ T4543] 8021q: adding VLAN 0 to HW filter on device team0
[  156.517356][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  156.526279][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  156.736652][ T3618] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.745004][ T3618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.767665][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  156.776555][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  156.797714][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.804864][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.475713][ T4700] device hsr_slave_0 entered promiscuous mode
[  157.506736][ T4700] device hsr_slave_1 entered promiscuous mode
[  157.528185][ T4700] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.535805][ T4700] Cannot create hsr debugfs directory
[  157.578968][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  157.605494][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  157.625012][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  157.924948][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  157.951999][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  158.030631][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  158.055002][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  158.083282][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  158.155507][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.229124][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  158.244027][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  158.291530][ T4543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  158.307641][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  158.321436][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  158.333806][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  159.345113][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.583728][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.709177][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.730537][   T41] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  159.757220][ T3620] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  159.782600][ T4543] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.829429][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  159.844962][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  159.896416][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  159.915362][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  160.037001][   T26] audit: type=1326 audit(1718752366.693:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4847 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f709547cf29 code=0x0
[  160.067567][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  160.086343][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  160.105629][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  160.117812][   T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.131329][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  160.147387][   T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.159638][ T4543] device veth0_vlan entered promiscuous mode
[  160.178007][   T41] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  160.197344][   T41] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.229957][   T41] usb 5-1: config 0 descriptor??
[  160.229957][ T3620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.229988][ T3620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.260104][ T4543] device veth1_vlan entered promiscuous mode
[  160.287182][ T3620] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  160.296279][ T3620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.356208][ T3620] usb 1-1: config 0 descriptor??
[  160.584304][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  160.603216][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  160.623201][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  160.648050][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  160.742481][   T41] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor
[  160.771611][ T4543] device veth0_macvtap entered promiscuous mode
[  160.781609][   T41] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0006/input/input9
[  160.890291][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  160.941201][ T4543] device veth1_macvtap entered promiscuous mode
[  160.945711][   T41] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  161.008404][   T41] usb 5-1: USB disconnect, device number 5
[  161.148583][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.222531][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.237774][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.250471][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.267233][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.287252][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.307166][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.337238][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.377255][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.423643][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.461981][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_0
[  161.543737][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  161.564545][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  161.603410][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.628919][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.657171][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.687222][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.707306][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.737956][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.755051][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.931221][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.991089][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  162.142330][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.214404][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.458413][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  162.551785][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  162.647408][ T3620] usbhid 1-1:0.0: can't add hid device: -71
[  162.654390][ T3620] usbhid: probe of 1-1:0.0 failed with error -71
[  162.669405][ T4543] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.717163][ T4543] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.754066][ T3620] usb 1-1: USB disconnect, device number 3
[  162.877334][ T4543] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.909529][ T4543] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.977544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  162.978117][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  162.994268][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[  162.997720][    T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!!
[  163.071612][ T4956] loop4: detected capacity change from 0 to 2048
[  163.207664][ T4956] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  163.450261][ T4700] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  164.062472][ T4700] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  164.074460][ T4700] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  164.094524][ T4700] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  164.253456][ T3571] EXT4-fs (loop4): unmounting filesystem.
[  164.298979][ T3685] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.307049][ T3685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.512388][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  164.711396][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.732736][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.195577][   T26] audit: type=1326 audit(1718752372.853:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4979 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0
[  166.358712][   T11] device hsr_slave_0 left promiscuous mode
[  166.577592][   T11] device hsr_slave_1 left promiscuous mode
[  166.599660][ T4995] Driver unsupported XDP return value 0 on prog  (id 184) dev N/A, expect packet loss!
[  166.638941][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  166.646428][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  166.707220][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  166.714790][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  166.795570][   T11] device bridge_slave_1 left promiscuous mode
[  166.807379][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.845801][   T11] device bridge_slave_0 left promiscuous mode
[  166.865840][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.885074][ T5005] loop0: detected capacity change from 0 to 128
[  166.923172][   T11] device veth1_macvtap left promiscuous mode
[  167.005137][   T11] device veth0_macvtap left promiscuous mode
[  167.044324][   T11] device veth1_vlan left promiscuous mode
[  167.091178][   T11] device veth0_vlan left promiscuous mode
[  169.839424][   T11] team0 (unregistering): Port device team_slave_1 removed
[  169.846956][   T26] audit: type=1326 audit(1718752376.503:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0
[  169.891795][   T11] team0 (unregistering): Port device team_slave_0 removed
[  169.913158][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.941079][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  170.074529][   T11] bond0 (unregistering): Released all slaves
[  170.146610][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  170.257587][ T4700] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.386567][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  170.398071][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  170.415375][ T4700] 8021q: adding VLAN 0 to HW filter on device team0
[  170.453214][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  170.478749][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  170.497909][   T14] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.505071][   T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.514427][ T5040] device pim6reg1 entered promiscuous mode
[  170.652280][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  170.759479][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  170.805525][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  170.828845][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.836095][ T3664] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.867591][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  170.886881][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  171.780075][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  171.790291][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  171.819182][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  171.852754][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.007805][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.027917][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.085024][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.124026][ T4700] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.166869][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.235586][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.245242][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.305606][ T5066] loop3: detected capacity change from 0 to 4096
[  172.370402][ T5066] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  172.390509][   T26] audit: type=1326 audit(1718752379.053:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5061 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0
[  172.548245][ T5043] loop0: detected capacity change from 0 to 32768
[  173.357420][   T26] audit: type=1800 audit(1718752380.013:19): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="memory.events" dev="loop0" ino=7 res=0 errno=0
[  173.748573][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  173.757652][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  173.777143][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  173.785518][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  173.793832][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  173.802185][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  173.978150][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  173.986424][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  173.997115][ T4700] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.044758][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  174.064677][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  174.203115][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  174.236613][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  174.276189][ T4700] device veth0_vlan entered promiscuous mode
[  174.328206][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  174.336299][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  174.403443][ T4700] device veth1_vlan entered promiscuous mode
[  174.526509][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  174.550922][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  174.585640][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  174.596494][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  174.618679][ T4700] device veth0_macvtap entered promiscuous mode
[  174.637225][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  174.676935][ T4700] device veth1_macvtap entered promiscuous mode
[  174.734023][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.754905][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.775125][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.797211][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.827855][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.848268][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.867518][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.885920][ T5097] loop1: detected capacity change from 0 to 256
[  174.897333][ T3664] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  174.904976][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.925225][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.941253][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.969015][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_0
[  174.998412][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  175.019576][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  175.050931][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.064088][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.101698][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.129839][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.157370][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.183149][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.207210][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.227197][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.237065][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.257373][ T3664] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.281518][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.299192][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.317247][ T3664] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.327058][ T3664] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  175.330528][ T4700] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.357184][ T3664] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.378045][ T3664] usb 5-1: config 0 descriptor??
[  175.387194][ T4700] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.397590][ T4700] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.406332][ T4700] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.448963][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  175.468640][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  175.601816][ T3700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.626764][ T3700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.657279][ T3617] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  175.662121][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  175.708786][ T3700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.722161][ T3700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.756114][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  175.861379][ T3664] hid (null): bogus close delimiter
[  176.002906][   T26] audit: type=1326 audit(1718752382.663:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5111 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64c8a7cf29 code=0x0
[  176.037501][ T3617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.067183][ T3617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.085438][ T3617] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  176.125050][ T3617] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  176.144574][ T3617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.166599][ T3617] usb 2-1: config 0 descriptor??
[  176.317518][ T3664] usb 5-1: string descriptor 0 read error: -71
[  176.337504][ T3664] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #200: -71
[  176.352913][ T3664] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71
[  176.381545][ T3664] uclogic 0003:256C:006D.0007: failed probing pen v2 parameters: -71
[  176.414570][ T3664] uclogic 0003:256C:006D.0007: failed probing parameters: -71
[  176.432377][ T3664] uclogic: probe of 0003:256C:006D.0007 failed with error -71
[  176.456416][ T3664] usb 5-1: USB disconnect, device number 6
[  176.636780][ T5115] loop3: detected capacity change from 0 to 32768
[  176.649935][ T3617] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  177.057363][ T3617] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  178.477465][   T26] audit: type=1800 audit(1718752385.133:21): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="memory.events" dev="loop3" ino=7 res=0 errno=0
[  178.806358][ T5136] loop0: detected capacity change from 0 to 512
[  178.860712][ T5136] EXT4-fs (loop0): orphan cleanup on readonly fs
[  178.916856][ T5136] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present
[  178.943888][ T5136] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  178.987942][ T5136] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1
[  179.035979][ T5136] EXT4-fs (loop0): 1 truncate cleaned up
[  179.046220][ T5136] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  179.158562][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  179.230153][   T26] audit: type=1326 audit(1718752385.893:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5154 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51d687cf29 code=0x0
[  179.629224][ T1148] usb 2-1: USB disconnect, device number 2
[  179.676158][ T5173] loop0: detected capacity change from 0 to 4096
[  179.766702][ T5173] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  179.792995][   T11] device hsr_slave_0 left promiscuous mode
[  179.815101][   T11] device hsr_slave_1 left promiscuous mode
[  179.831412][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.847701][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.868196][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.899881][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.936268][   T11] device bridge_slave_1 left promiscuous mode
[  179.954624][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.985861][   T11] device bridge_slave_0 left promiscuous mode
[  180.013139][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.042278][ T5189] loop4: detected capacity change from 0 to 512
[  180.064625][   T11] device veth1_macvtap left promiscuous mode
[  180.075651][ T5189] EXT4-fs (loop4): orphan cleanup on readonly fs
[  180.090154][ T5189] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present
[  180.090255][   T11] device veth0_macvtap left promiscuous mode
[  180.113438][ T5189] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  180.125860][ T5189] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1
[  180.175828][   T11] device veth1_vlan left promiscuous mode
[  180.183651][ T5189] EXT4-fs (loop4): 1 truncate cleaned up
[  180.202768][   T11] device veth0_vlan left promiscuous mode
[  180.218612][ T5189] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  180.327390][ T3664] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  180.366718][ T3571] EXT4-fs (loop4): unmounting filesystem.
[  180.707429][ T3664] usb 2-1: config index 0 descriptor too short (expected 61842, got 146)
[  180.732424][ T3664] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.756459][   T11] team0 (unregistering): Port device team_slave_1 removed
[  180.757366][ T3664] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  180.812729][   T11] team0 (unregistering): Port device team_slave_0 removed
[  180.840833][ T3664] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  180.858234][ T3664] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  180.866574][ T3664] usb 2-1: SerialNumber: syz
[  180.880030][   T26] audit: type=1326 audit(1718752387.543:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5201 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0
[  180.902875][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.950690][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.064505][   T11] bond0 (unregistering): Released all slaves
[  181.199137][ T3664] usb 2-1: 0:2 : does not exist
[  181.240604][ T3664] usb 2-1: USB disconnect, device number 3
[  181.457238][ T5218] syz-executor.0[5218] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  181.457342][ T5218] syz-executor.0[5218] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  181.544157][ T5222] loop3: detected capacity change from 0 to 512
[  181.587291][   T26] audit: type=1800 audit(1718752388.153:24): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1963 res=0 errno=0
[  181.613145][ T5222] EXT4-fs (loop3): orphan cleanup on readonly fs
[  181.650016][ T1148] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  181.664896][   T26] audit: type=1800 audit(1718752388.153:25): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1963 res=0 errno=0
[  181.679238][ T5222] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present
[  181.696074][ T5222] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz-executor.3: Failed to acquire dquot type 1
[  181.761966][ T5222] EXT4-fs (loop3): 1 truncate cleaned up
[  181.802707][ T5228] loop0: detected capacity change from 0 to 16
[  181.829026][ T5228] erofs: (device loop0): mounted with root inode @ nid 36.
[  182.053828][ T5227] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  182.117853][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.182853][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.492660][ T5230] loop1: detected capacity change from 0 to 256
[  182.531923][ T5222] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  182.546916][ T1148] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  182.560756][ T1148] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  182.570000][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.579831][ T1148] usb 3-1: config 0 descriptor??
[  182.625615][ T5230] syz-executor.1: attempt to access beyond end of device
[  182.625615][ T5230] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256
[  182.709425][ T4543] EXT4-fs (loop3): unmounting filesystem.
[  183.117267][ T1148] usbhid 3-1:0.0: can't add hid device: -71
[  183.123413][ T1148] usbhid: probe of 3-1:0.0 failed with error -71
[  183.154323][ T1148] usb 3-1: USB disconnect, device number 4
[  183.532311][ T5239] loop4: detected capacity change from 0 to 40427
[  183.598507][ T5239] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  183.616529][ T5239] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  183.663704][ T5239] F2FS-fs (loop4): invalid crc value
[  184.514914][ T5239] F2FS-fs (loop4): Found nat_bits in checkpoint
[  184.604366][ T5265] syz-executor.0[5265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.604508][ T5265] syz-executor.0[5265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.710765][ T5269] loop3: detected capacity change from 0 to 512
[  184.790493][ T5239] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  184.810202][ T5239] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  184.833414][ T5267] loop2: detected capacity change from 0 to 8192
[  184.847950][ T5269] EXT4-fs (loop3): orphan cleanup on readonly fs
[  184.948871][ T5273] loop0: detected capacity change from 0 to 16
[  185.011201][ T5273] erofs: (device loop0): mounted with root inode @ nid 36.
[  185.034492][ T5269] __quota_error: 3 callbacks suppressed
[  185.034540][ T5269] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present
[  185.298812][ T5269] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  185.460452][ T5269] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz-executor.3: Failed to acquire dquot type 1
[  185.498832][ T5250] loop1: detected capacity change from 0 to 40427
[  185.539677][ T5269] EXT4-fs (loop3): 1 truncate cleaned up
[  185.593604][ T5250] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  185.601888][ T5250] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  185.617600][ T5269] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  185.689742][ T5279] loop2: detected capacity change from 0 to 256
[  185.738096][ T4543] EXT4-fs (loop3): unmounting filesystem.
[  185.744641][ T5250] F2FS-fs (loop1): Found nat_bits in checkpoint
[  185.798941][ T5279] syz-executor.2: attempt to access beyond end of device
[  185.798941][ T5279] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256
[  185.954800][ T5250] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  185.973355][ T5250] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  186.056892][   T26] audit: type=1800 audit(1718752392.713:28): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0
[  186.113873][   T26] audit: type=1800 audit(1718752392.743:29): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0
[  186.134499][    C1] vkms_vblank_simulate: vblank timer overrun
[  187.527168][ T5304] tipc: Started in network mode
[  187.586728][ T5304] tipc: Node identity 00000000000000feffffffffffffff01, cluster identity 4711
[  187.605678][ T5304] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  187.764545][ T5312] loop2: detected capacity change from 0 to 256
[  187.790915][ T5311] loop0: detected capacity change from 0 to 512
[  187.826837][ T5311] EXT4-fs (loop0): orphan cleanup on readonly fs
[  187.854549][ T5311] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present
[  187.892571][ T5312] syz-executor.2: attempt to access beyond end of device
[  187.892571][ T5312] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256
[  187.933556][ T5311] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  187.964336][ T5311] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1
[  187.998318][ T1148] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  188.013534][ T5311] EXT4-fs (loop0): 1 truncate cleaned up
[  188.040710][ T5311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  188.105988][   T26] audit: type=1800 audit(1718752394.763:30): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0
[  188.139584][   T26] audit: type=1800 audit(1718752394.763:31): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0
[  188.188061][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  188.296260][ T5337] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  188.416790][ T5340] tipc: Started in network mode
[  188.472957][ T5340] tipc: Node identity 00000000000000feffffffffffffff01, cluster identity 4711
[  188.498613][ T5340] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  188.527336][ T1148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.546699][ T1148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.556872][ T1148] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  188.570828][ T1148] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  188.580359][ T1148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.590569][ T1148] usb 2-1: config 0 descriptor??
[  188.810969][ T5358] loop2: detected capacity change from 0 to 256
[  188.898752][ T5358] syz-executor.2: attempt to access beyond end of device
[  188.898752][ T5358] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256
[  188.968896][ T5364] loop4: detected capacity change from 0 to 512
[  189.003028][ T5364] EXT4-fs (loop4): orphan cleanup on readonly fs
[  189.018922][ T5364] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present
[  189.038178][ T5364] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  189.054090][ T5364] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1
[  189.073219][ T5364] EXT4-fs (loop4): 1 truncate cleaned up
[  189.085625][ T5364] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  189.127347][ T1148] usbhid 2-1:0.0: can't add hid device: -71
[  189.148477][ T1148] usbhid: probe of 2-1:0.0 failed with error -71
[  189.196020][ T1148] usb 2-1: USB disconnect, device number 4
[  189.293216][ T5344] loop3: detected capacity change from 0 to 40427
[  189.302942][ T3571] EXT4-fs (loop4): unmounting filesystem.
[  189.312458][ T5344] F2FS-fs (loop3): invalid crc value
[  189.343547][ T5344] F2FS-fs (loop3): Found nat_bits in checkpoint
[  189.423762][ T5375] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.667401][ T5344] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  189.675231][ T5384] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  190.370698][ T5387] loop1: detected capacity change from 0 to 256
[  190.524715][ T4543] syz-executor.3: attempt to access beyond end of device
[  190.524715][ T4543] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  190.658321][ T4543] syz-executor.3: attempt to access beyond end of device
[  190.658321][ T4543] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  191.778736][ T3578] Bluetooth: hci4: command 0x0406 tx timeout
[  191.785126][ T3578] Bluetooth: hci0: command 0x0406 tx timeout
[  191.959834][ T5403] loop0: detected capacity change from 0 to 512
[  191.993719][ T5403] EXT4-fs (loop0): orphan cleanup on readonly fs
[  192.013991][   T26] kauditd_printk_skb: 2 callbacks suppressed
[  192.014008][   T26] audit: type=1800 audit(1718752398.673:34): pid=5409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1966 res=0 errno=0
[  192.015079][   T46] kworker/u4:3: attempt to access beyond end of device
[  192.015079][   T46] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  192.023413][   T26] audit: type=1800 audit(1718752398.683:35): pid=5409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1966 res=0 errno=0
[  192.082863][ T5403] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present
[  192.123303][ T5403] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  192.153653][ T5403] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1
[  192.220461][ T5403] EXT4-fs (loop0): 1 truncate cleaned up
[  192.256936][ T5403] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  192.275432][ T5412] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[  192.335732][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  192.423427][ T5417] syz-executor.0[5417] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  192.423540][ T5417] syz-executor.0[5417] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  192.687174][ T1148] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  192.749311][ T5426] loop0: detected capacity change from 0 to 16
[  192.868845][ T5426] erofs: (device loop0): mounted with root inode @ nid 36.
[  193.137795][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.236591][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.434874][ T1148] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  193.477987][ T1148] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  193.495180][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.513187][ T1148] usb 3-1: config 0 descriptor??
[  194.014848][   T26] audit: type=1800 audit(1718752400.673:36): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0
[  194.077023][   T26] audit: type=1800 audit(1718752400.703:37): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0
[  194.107448][ T1148] usbhid 3-1:0.0: can't add hid device: -71
[  194.119443][ T1148] usbhid: probe of 3-1:0.0 failed with error -71
[  194.170407][ T1148] usb 3-1: USB disconnect, device number 5
[  194.214706][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[  194.221165][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  194.924116][ T5437] input: syz0 as /devices/virtual/input/input10
[  195.174230][ T3575] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  195.183740][ T3575] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  195.192436][ T3575] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  195.207776][ T3575] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  195.215531][ T3575] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  195.223166][ T3575] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  195.426871][ T5445] loop4: detected capacity change from 0 to 40427
[  195.465994][ T5445] F2FS-fs (loop4): Mismatch start address, segment0(0) cp_blkaddr(512)
[  195.502825][ T5445] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  195.529473][   T26] audit: type=1800 audit(1718752402.193:38): pid=5474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0
[  195.554934][ T5445] F2FS-fs (loop4): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root
[  195.599705][   T26] audit: type=1800 audit(1718752402.213:39): pid=5474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0
[  195.632237][ T5445] F2FS-fs (loop4): Found nat_bits in checkpoint
[  195.761602][ T5445] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  195.790686][ T5445] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  195.867750][ T1148] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  195.908694][ T5457] chnl_net:caif_netlink_parms(): no params data found
[  196.002572][ T5491] 9p: Unknown access argument 18446744073709551615: -34
[  196.173463][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.227548][ T1148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.260734][ T1148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.278427][ T1148] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  196.291772][ T1148] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  196.301191][ T1148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.318543][ T1148] usb 1-1: config 0 descriptor??
[  196.341275][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.361011][ T5457] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.380693][ T5457] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.402407][ T5457] device bridge_slave_0 entered promiscuous mode
[  196.435276][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.470334][ T5457] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.487950][ T5457] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.500484][ T5457] device bridge_slave_1 entered promiscuous mode
[  196.551994][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.628075][ T5457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.656061][ T5457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.736953][ T5508] loop4: detected capacity change from 0 to 2048
[  196.758285][ T5457] team0: Port device team_slave_0 added
[  196.778059][ T5457] team0: Port device team_slave_1 added
[  196.886992][ T5508]  loop4: p2 p3 p7
[  197.213848][ T5514] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  197.330362][ T3578] Bluetooth: hci1: command tx timeout
[  197.537776][ T1148] usbhid 1-1:0.0: can't add hid device: -71
[  197.769129][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  197.776113][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.931857][   T26] audit: type=1800 audit(1718752404.593:40): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1949 res=0 errno=0
[  197.961513][ T5457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.025309][   T26] audit: type=1800 audit(1718752404.633:41): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1949 res=0 errno=0
[  198.028034][ T1148] usbhid: probe of 1-1:0.0 failed with error -71
[  198.055340][ T1148] usb 1-1: USB disconnect, device number 4
[  198.159345][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.175805][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.258677][ T5457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  198.294534][   T11] tipc: Left network mode
[  198.428747][ T5457] device hsr_slave_0 entered promiscuous mode
[  198.457564][ T5457] device hsr_slave_1 entered promiscuous mode
[  198.474046][ T5457] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  198.504138][ T5457] Cannot create hsr debugfs directory
[  199.190785][   T26] audit: type=1800 audit(1718752405.853:42): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1950 res=0 errno=0
[  199.244173][   T26] audit: type=1800 audit(1718752405.853:43): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1950 res=0 errno=0
[  199.550083][ T5523] loop2: detected capacity change from 0 to 40427
[  199.567288][ T3578] Bluetooth: hci1: command tx timeout
[  199.738389][ T5523] F2FS-fs (loop2): Mismatch start address, segment0(0) cp_blkaddr(512)
[  199.795187][ T5523] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  199.943560][ T5523] F2FS-fs (loop2): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root
[  200.392620][ T5523] F2FS-fs (loop2): Found nat_bits in checkpoint
[  200.585505][ T5523] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  200.608003][ T5523] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  200.785255][ T5562] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  201.214673][ T5457] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  201.456574][   T26] audit: type=1800 audit(1718752408.113:44): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1955 res=0 errno=0
[  201.487961][   T11] device hsr_slave_0 left promiscuous mode
[  201.524023][   T11] device hsr_slave_1 left promiscuous mode
[  201.567578][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  201.579639][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  201.647220][ T3578] Bluetooth: hci1: command tx timeout
[  202.410653][ T5586] loop4: detected capacity change from 0 to 40427
[  202.428713][ T5586] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  202.436509][ T5586] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  202.668849][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.688741][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.702892][ T5586] F2FS-fs (loop4): Found nat_bits in checkpoint
[  202.799190][   T11] device bridge_slave_1 left promiscuous mode
[  202.805532][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.808339][ T5586] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  202.819781][ T5586] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  202.833172][   T11] device bridge_slave_0 left promiscuous mode
[  202.833895][ T5586] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  202.846375][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.857208][ T5586] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  202.878146][   T11] device veth1_macvtap left promiscuous mode
[  202.895043][   T11] device veth0_macvtap left promiscuous mode
[  202.911443][   T11] device veth1_vlan left promiscuous mode
[  203.037474][   T11] device veth0_vlan left promiscuous mode
[  203.375254][ T5600] loop2: detected capacity change from 0 to 4096
[  203.428655][ T5600] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  203.520149][ T5607] overlayfs: unrecognized mount option "seclabel" or missing value
[  203.727739][ T3578] Bluetooth: hci1: command tx timeout
[  203.951938][   T11] team0 (unregistering): Port device team_slave_1 removed
[  203.972862][   T11] team0 (unregistering): Port device team_slave_0 removed
[  203.985886][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.002513][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.076400][ T5617] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  204.855746][   T11] bond0 (unregistering): Released all slaves
[  204.909962][   T26] audit: type=1800 audit(1718752411.573:45): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1959 res=0 errno=0
[  204.932236][   T26] audit: type=1800 audit(1718752411.573:46): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1959 res=0 errno=0
[  204.957335][ T5457] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  204.968386][ T5457] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  204.979258][ T5457] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  205.114694][   T26] audit: type=1800 audit(1718752411.773:47): pid=5627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1959 res=0 errno=0
[  205.155703][ T5625] loop2: detected capacity change from 0 to 512
[  205.209742][ T5625] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  205.414280][ T5625] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  205.466454][ T5625] EXT4-fs (loop2): 1 truncate cleaned up
[  205.472396][ T5625] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  205.486774][ T5457] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.505576][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  205.510051][ T5625] EXT4-fs (loop2): re-mounted. Quota mode: none.
[  205.515472][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  205.559702][ T5457] 8021q: adding VLAN 0 to HW filter on device team0
[  205.575185][ T5637] EXT4-fs (loop2): re-mounted. Quota mode: none.
[  205.586884][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  205.606489][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  205.616003][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.623176][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.632124][ T4700] EXT4-fs (loop2): unmounting filesystem.
[  205.635751][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  205.646954][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  205.665396][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.672605][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.680760][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  205.693056][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  205.704740][ T3616] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  205.738050][ T3631] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  205.763934][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  205.772299][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.800814][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.818064][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  205.827017][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.858387][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  205.883766][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  205.905252][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  205.921052][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  205.948232][   T26] audit: type=1800 audit(1718752412.613:48): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1941 res=0 errno=0
[  205.958388][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  205.995405][ T5457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  206.004613][   T26] audit: type=1800 audit(1718752412.653:49): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1941 res=0 errno=0
[  206.097395][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.115535][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.136713][ T3616] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  206.165863][ T3616] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  206.177482][ T3631] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  206.185130][ T3616] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.206583][ T3631] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.211208][ T3616] usb 5-1: config 0 descriptor??
[  206.245724][ T3631] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.277372][ T3631] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  206.390135][ T5657] netlink: 'syz-executor.2': attribute type 25 has an invalid length.
[  206.410636][ T5657] netlink: 'syz-executor.2': attribute type 7 has an invalid length.
[  206.412473][ T3631] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  206.459830][ T3631] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  206.466399][ T5457] 8021q: adding VLAN 0 to HW filter on device batadv0
[  206.487438][ T3631] usb 2-1: Manufacturer: syz
[  206.504045][ T3631] usb 2-1: config 0 descriptor??
[  206.518864][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  206.546834][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  206.585652][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  206.599254][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.599360][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.612500][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  206.759017][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.759124][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.838501][ T5659] device pim6reg1 entered promiscuous mode
[  206.878570][ T3616] usbhid 5-1:0.0: can't add hid device: -71
[  206.885089][ T3616] usbhid: probe of 5-1:0.0 failed with error -71
[  206.902937][ T3616] usb 5-1: USB disconnect, device number 7
[  207.655014][ T3631] appleir 0003:05AC:8243.0009: unknown main item tag 0x0
[  207.664430][ T3631] appleir 0003:05AC:8243.0009: No inputs registered, leaving
[  207.688726][ T3631] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  207.737763][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  207.746690][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  207.750489][ T5671] loop2: detected capacity change from 0 to 2048
[  207.792919][ T5457] device veth0_vlan entered promiscuous mode
[  207.805526][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  207.827984][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  207.831410][ T5671]  loop2: p2 p3 p7
[  207.846034][ T5457] device veth1_vlan entered promiscuous mode
[  208.072947][ T5678] loop4: detected capacity change from 0 to 256
[  208.091685][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  208.111273][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  208.164652][ T5678] FAT-fs (loop4): Directory bread(block 64) failed
[  208.176262][ T5457] device veth0_macvtap entered promiscuous mode
[  208.177746][ T5678] FAT-fs (loop4): Directory bread(block 65) failed
[  208.190074][ T5678] FAT-fs (loop4): Directory bread(block 66) failed
[  208.196807][ T5678] FAT-fs (loop4): Directory bread(block 67) failed
[  208.205763][ T5678] FAT-fs (loop4): Directory bread(block 68) failed
[  208.213258][ T5678] FAT-fs (loop4): Directory bread(block 69) failed
[  208.222633][ T5678] FAT-fs (loop4): Directory bread(block 70) failed
[  208.230998][ T5678] FAT-fs (loop4): Directory bread(block 71) failed
[  208.361130][ T5678] FAT-fs (loop4): Directory bread(block 72) failed
[  208.368570][ T5678] FAT-fs (loop4): Directory bread(block 73) failed
[  208.866327][ T5457] device veth1_macvtap entered promiscuous mode
[  208.879897][ T3616] usb 2-1: USB disconnect, device number 5
[  208.919431][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  208.929177][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  208.996467][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.007655][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.017562][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.028295][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.039454][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.049974][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.060494][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.071000][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.083334][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.096226][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  209.106232][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  209.117415][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.137528][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.161572][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.176578][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.188508][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.209450][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.234511][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.255307][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.277773][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.304130][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  209.316999][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  209.343953][ T5457] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.370733][ T5457] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.395134][ T5457] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.547398][   T26] audit: type=1326 audit(1718752416.203:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5683 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f709547cf29 code=0x0
[  209.587153][ T5457] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.641187][ T5692] loop2: detected capacity change from 0 to 128
[  210.470187][ T3700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.487587][ T3700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.530421][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  210.738968][ T3700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.332671][ T3700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.411493][ T5709] loop0: detected capacity change from 0 to 16
[  211.444377][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  211.467323][ T5709] erofs: (device loop0): EXPERIMENTAL compressed inline data feature in use. Use at your own risk!
[  211.579856][ T5709] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[  211.657354][ T5709] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[  211.689187][ T5709] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 58320
[  211.793318][ T5709] loop0: detected capacity change from 0 to 512
[  211.886552][ T5709] EXT4-fs (loop0): corrupt root inode, run e2fsck
[  211.897597][ T5709] EXT4-fs (loop0): mount failed
[  212.068181][ T5728] overlayfs: failed to resolve './file2': -2
[  212.335869][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.337363][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.382532][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.422368][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  214.140012][ T5759] loop2: detected capacity change from 0 to 256
[  214.250190][ T5759] syz-executor.2: attempt to access beyond end of device
[  214.250190][ T5759] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256
[  214.417425][   T26] audit: type=1326 audit(1718752421.073:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5750 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x0
[  214.608970][ T5777] loop1: detected capacity change from 0 to 256
[  214.665633][ T5777] FAT-fs (loop1): Directory bread(block 64) failed
[  214.672561][ T5777] FAT-fs (loop1): Directory bread(block 65) failed
[  214.685189][ T5777] FAT-fs (loop1): Directory bread(block 66) failed
[  214.694352][ T5777] FAT-fs (loop1): Directory bread(block 67) failed
[  214.749948][ T5777] FAT-fs (loop1): Directory bread(block 68) failed
[  214.800480][ T5777] FAT-fs (loop1): Directory bread(block 69) failed
[  214.892214][ T5777] FAT-fs (loop1): Directory bread(block 70) failed
[  214.981765][ T5777] FAT-fs (loop1): Directory bread(block 71) failed
[  215.114960][ T5777] FAT-fs (loop1): Directory bread(block 72) failed
[  215.133533][ T5777] FAT-fs (loop1): Directory bread(block 73) failed
[  215.608229][ T3692] kworker/u4:9: attempt to access beyond end of device
[  215.608229][ T3692] loop1: rw=1, sector=1224, nr_sectors = 128 limit=256
[  216.699211][ T5810] loop4: detected capacity change from 0 to 256
[  216.768216][ T5810] syz-executor.4: attempt to access beyond end of device
[  216.768216][ T5810] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256
[  218.058527][ T5797] loop0: detected capacity change from 0 to 40427
[  218.066720][ T5797] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  218.080337][ T5797] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  218.093690][ T5797] F2FS-fs (loop0): invalid crc value
[  218.106875][ T5797] F2FS-fs (loop0): Found nat_bits in checkpoint
[  218.178708][ T5797] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  218.185555][ T5824] loop3: detected capacity change from 0 to 40427
[  218.185770][ T5797] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  218.201102][ T3631] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  218.207450][ T5824] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  218.216433][ T5824] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  218.252140][ T5824] F2FS-fs (loop3): Found nat_bits in checkpoint
[  218.266268][ T5797] syz-executor.0: attempt to access beyond end of device
[  218.266268][ T5797] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  218.299650][ T5824] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  218.306832][ T5824] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  218.341091][ T5822] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  218.352951][ T3585] syz-executor.0: attempt to access beyond end of device
[  218.352951][ T3585] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  218.372645][ T3700] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  218.389983][ T3700] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  218.571167][ T5822] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  218.954625][ T5842] loop4: detected capacity change from 0 to 16
[  219.187454][ T5842] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk!
[  219.198595][ T3631] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.237120][ T3631] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.246933][ T3631] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  219.277227][ T5842] erofs: (device loop4): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[  219.307495][ T5842] erofs: (device loop4): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[  219.369902][ T5842] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 58320
[  219.385312][ T3631] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.428104][ T3631] usb 3-1: config 0 descriptor??
[  220.565638][ T5842] loop4: detected capacity change from 0 to 512
[  220.638887][ T5860] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[  220.661484][ T5842] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  220.676041][ T5842] EXT4-fs (loop4): mount failed
[  221.073106][   T26] audit: type=1326 audit(1718752427.733:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.130367][   T26] audit: type=1326 audit(1718752427.763:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.160703][ T3631] hid-multitouch 0003:1FD2:6007.000A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  221.168651][   T26] audit: type=1326 audit(1718752427.763:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.214611][   T26] audit: type=1326 audit(1718752427.763:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.237754][ T3616] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  221.245884][   T26] audit: type=1326 audit(1718752427.763:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.361355][   T26] audit: type=1326 audit(1718752427.763:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1b747a6a7 code=0x7ffc0000
[  221.625759][   T26] audit: type=1326 audit(1718752427.763:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1b7440379 code=0x7ffc0000
[  221.651874][ T3616] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.707941][ T3616] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.870577][ T3616] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  221.890454][   T26] audit: type=1326 audit(1718752427.763:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000
[  221.955697][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.963943][ T3631] usb 3-1: USB disconnect, device number 6
[  221.977205][   T26] audit: type=1326 audit(1718752427.763:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1b747a6a7 code=0x7ffc0000
[  222.013338][ T3616] usb 2-1: config 0 descriptor??
[  222.018860][   T26] audit: type=1326 audit(1718752427.763:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1b7440379 code=0x7ffc0000
[  222.103583][ T5885] loop0: detected capacity change from 0 to 512
[  222.211022][ T5885] EXT4-fs (loop0): 1 orphan inode deleted
[  222.230198][ T5885] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  222.239705][ T5885] ext4 filesystem being mounted at /root/syzkaller-testdir2816537661/syzkaller.mRJDah/159/file0 supports timestamps until 2038 (0x7fffffff)
[  222.262284][ T5885] EXT4-fs warning (device loop0): ext4_group_add:1723: Can't resize non-sparse filesystem further
[  222.560875][ T3585] EXT4-fs (loop0): unmounting filesystem.
[  222.706287][ T3616] hid (null): bogus close delimiter
[  223.118224][ T5897] syz-executor.3[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.118338][ T5897] syz-executor.3[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.397749][ T3616] uclogic 0003:256C:006D.000B: failed retrieving Huion firmware version: -71
[  223.446298][ T5902] loop3: detected capacity change from 0 to 16
[  223.474798][ T5902] erofs: (device loop3): mounted with root inode @ nid 36.
[  223.775918][ T3616] uclogic 0003:256C:006D.000B: failed probing parameters: -71
[  223.917548][ T3616] uclogic: probe of 0003:256C:006D.000B failed with error -71
[  224.056916][ T3616] usb 2-1: USB disconnect, device number 6
[  225.425206][ T5921] loop4: detected capacity change from 0 to 16
[  225.586738][ T5921] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk!
[  225.614151][ T5924] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  225.667620][ T5921] erofs: (device loop4): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[  225.678556][ T5921] erofs: (device loop4): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[  225.746883][ T5921] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 58320
[  226.764906][ T5933] loop4: detected capacity change from 0 to 512
[  227.748363][ T5933] EXT4-fs (loop4): corrupt root inode, run e2fsck
[  227.754998][ T5933] EXT4-fs (loop4): mount failed
[  227.798953][ T5944] syz-executor.2[5944] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  227.799060][ T5944] syz-executor.2[5944] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  228.019836][ T5951] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure
[  228.125759][ T5952] loop2: detected capacity change from 0 to 16
[  228.147063][ T5952] erofs: (device loop2): mounted with root inode @ nid 36.
[  228.760222][ T5948] loop1: detected capacity change from 0 to 4096
[  228.798752][ T5956] loop0: detected capacity change from 0 to 256
[  228.826718][ T5948] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  230.477944][ T5974] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  231.137839][ T3613] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  232.027354][ T1148] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  232.307190][ T1148] usb 3-1: Using ep0 maxpacket: 16
[  232.540899][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  232.540916][   T26] audit: type=1800 audit(1718752439.203:63): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0
[  232.543963][ T3613] usb 5-1: Using ep0 maxpacket: 8
[  232.558802][   T26] audit: type=1800 audit(1718752439.223:64): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0
[  232.627906][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.845998][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.017553][ T1148] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  233.337223][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.379682][ T1148] usb 3-1: config 0 descriptor??
[  233.466998][ T6004] syz-executor.4[6004] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  233.467224][ T6004] syz-executor.4[6004] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  233.487541][ T3613] usb 5-1: device descriptor read/all, error -71
[  233.544808][ T6006] loop0: detected capacity change from 0 to 16
[  233.560291][ T6006] erofs: (device loop0): EXPERIMENTAL compressed inline data feature in use. Use at your own risk!
[  233.574575][ T6006] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[  233.617632][ T6006] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[  233.645601][ T6006] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 58320
[  233.999272][ T6014] loop4: detected capacity change from 0 to 16
[  235.625709][ T6014] erofs: (device loop4): mounted with root inode @ nid 36.
[  235.799770][ T6020] loop0: detected capacity change from 0 to 512
[  235.874355][ T6020] EXT4-fs (loop0): corrupt root inode, run e2fsck
[  235.892127][ T6020] EXT4-fs (loop0): mount failed
[  235.909359][ T6008] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  236.043751][ T6026] 
[  236.046139][ T6026] ============================================
[  236.052304][ T6026] WARNING: possible recursive locking detected
[  236.058471][ T6026] 6.1.94-syzkaller #0 Not tainted
[  236.063515][ T6026] --------------------------------------------
[  236.069677][ T6026] syz-executor.3/6026 is trying to acquire lock:
[  236.076018][ T6026] ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.086466][ T6026] 
[  236.086466][ T6026] but task is already holding lock:
[  236.093855][ T6026] ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.104268][ T6026] 
[  236.104268][ T6026] other info that might help us debug this:
[  236.110628][ T6008] loop1: detected capacity change from 0 to 4096
[  236.112324][ T6026]  Possible unsafe locking scenario:
[  236.112324][ T6026] 
[  236.112333][ T6026]        CPU0
[  236.118865][ T1148] usbhid 3-1:0.0: can't add hid device: -71
[  236.126093][ T6026]        ----
[  236.126102][ T6026]   lock(
[  236.130874][ T1148] usbhid: probe of 3-1:0.0 failed with error -71
[  236.135248][ T6026] lock#10
[  236.140388][ T1148] usb 3-1: USB disconnect, device number 7
[  236.141461][ T6026] );
[  236.141469][ T6026]   lock(lock#10);
[  236.162805][ T6026] 
[  236.162805][ T6026]  *** DEADLOCK ***
[  236.162805][ T6026] 
[  236.170955][ T6026]  May be due to missing lock nesting notation
[  236.170955][ T6026] 
[  236.179275][ T6026] 6 locks held by syz-executor.3/6026:
[  236.184730][ T6026]  #0: ffff888025954468 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x1b6/0x1af0
[  236.193977][ T6026]  #1: ffff888028e22e58 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0
[  236.203909][ T6026]  #2: ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.214716][ T6026]  #3: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: get_mm_memcg_path+0xb1/0x600
[  236.224299][ T6026]  #4: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16a/0x470
[  236.233712][ T6026]  #5: ffff888028e22e58 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x232/0x9c0
[  236.244513][ T6026] 
[  236.244513][ T6026] stack backtrace:
[  236.250412][ T6026] CPU: 0 PID: 6026 Comm: syz-executor.3 Not tainted 6.1.94-syzkaller #0
[  236.258735][ T6026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  236.268796][ T6026] Call Trace:
[  236.272075][ T6026]  <TASK>
[  236.275005][ T6026]  dump_stack_lvl+0x1e3/0x2cb
[  236.279704][ T6026]  ? nf_tcp_handle_invalid+0x642/0x642
[  236.285176][ T6026]  ? panic+0x764/0x764
[  236.289252][ T6026]  validate_chain+0x4711/0x5950
[  236.294125][ T6026]  ? check_path+0x21/0x40
[  236.298457][ T6026]  ? check_noncircular+0x1e3/0x3b0
[  236.303573][ T6026]  ? reacquire_held_locks+0x660/0x660
[  236.308961][ T6026]  ? add_chain_block+0x850/0x850
[  236.313910][ T6026]  ? lockdep_unlock+0x165/0x300
[  236.318768][ T6026]  ? lockdep_lock+0x2a0/0x2a0
[  236.323451][ T6026]  ? unwind_get_return_address+0x49/0x80
[  236.329090][ T6026]  ? arch_stack_walk+0xf3/0x140
[  236.333944][ T6026]  ? mark_lock+0x9a/0x340
[  236.338286][ T6026]  ? mark_lock+0x9a/0x340
[  236.342625][ T6026]  __lock_acquire+0x125b/0x1f80
[  236.347492][ T6026]  lock_acquire+0x1f8/0x5a0
[  236.352003][ T6026]  ? __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.358773][ T6026]  ? read_lock_is_recursive+0x10/0x10
[  236.364157][ T6026]  ? down_read_trylock+0x24a/0x3b0
[  236.369272][ T6026]  ? stack_map_get_build_id_offset+0x232/0x9c0
[  236.375435][ T6026]  ? __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.382202][ T6026]  __mmap_lock_do_trace_acquire_returned+0x9d/0x670
[  236.388796][ T6026]  ? __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.395566][ T6026]  stack_map_get_build_id_offset+0x99e/0x9c0
[  236.401557][ T6026]  ? __lock_acquire+0x125b/0x1f80
[  236.406594][ T6026]  ? __bpf_get_stackid+0x910/0x910
[  236.411718][ T6026]  __bpf_get_stack+0x495/0x570
[  236.416492][ T6026]  ? stack_map_get_build_id_offset+0x9c0/0x9c0
[  236.422656][ T6026]  ? __cant_sleep+0x270/0x270
[  236.427334][ T6026]  bpf_get_stack_raw_tp+0x1b2/0x220
[  236.432538][ T6026]  bpf_prog_e6cf5f9c69743609+0x3a/0x3e
[  236.438004][ T6026]  ? bpf_trace_run4+0x16a/0x470
[  236.442855][ T6026]  bpf_trace_run4+0x253/0x470
[  236.447552][ T6026]  ? bpf_trace_run3+0x440/0x440
[  236.452437][ T6026]  ? __bpf_trace_mmap_lock+0x30/0x30
[  236.457737][ T6026]  __traceiter_mmap_lock_acquire_returned+0x8c/0xe0
[  236.464332][ T6026]  __mmap_lock_do_trace_acquire_returned+0x5e3/0x670
[  236.471009][ T6026]  ? __mmap_lock_do_trace_acquire_returned+0x84/0x670
[  236.477776][ T6026]  lock_mm_and_find_vma+0x219/0x2e0
[  236.482982][ T6026]  exc_page_fault+0x169/0x620
[  236.487671][ T6026]  asm_exc_page_fault+0x22/0x30
[  236.492531][ T6026] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40
[  236.499130][ T6026] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 <f3> a4 31 c0 0f 01 ca c3 89 ca eb 0a 66 2e 0f 1f 84 00 00 00 00 00
[  236.518738][ T6026] RSP: 0018:ffffc90004997938 EFLAGS: 00050206
[  236.524805][ T6026] RAX: ffffffff84364901 RBX: 0000000000001000 RCX: 00000000000001c0
[  236.532775][ T6026] RDX: 0000000000001000 RSI: 0000000020001000 RDI: ffff888018b9ee40
[  236.540747][ T6026] RBP: ffffc90004997a98 R08: dffffc0000000000 R09: ffffed1003173e00
[  236.548720][ T6026] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888018b9e000
[  236.556688][ T6026] R13: 1ffff92000932fb3 R14: 0000000000001000 R15: dffffc0000000000
[  236.564666][ T6026]  ? _copy_from_iter+0x201/0xff0
[  236.569612][ T6026]  _copy_from_iter+0x2c2/0xff0
[  236.574399][ T6026]  ? mark_lock+0x9a/0x340
[  236.578738][ T6026]  ? copyout_mc+0x100/0x100
[  236.583243][ T6026]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  236.589235][ T6026]  ? print_irqtrace_events+0x210/0x210
[  236.594703][ T6026]  ? _raw_spin_lock_irq+0xdb/0x110
[  236.599822][ T6026]  ? page_copy_sane+0x46/0x390
[  236.604593][ T6026]  copy_page_from_iter+0x76/0x100
[  236.609625][ T6026]  pipe_write+0x857/0x1af0
[  236.614055][ T6026]  ? pipe_read+0x12a0/0x12a0
[  236.618648][ T6026]  ? end_current_label_crit_section+0x147/0x170
[  236.624893][ T6026]  ? common_file_perm+0x17d/0x1d0
[  236.629922][ T6026]  ? fsnotify_perm+0x67/0x590
[  236.634599][ T6026]  vfs_write+0x7ae/0xba0
[  236.638846][ T6026]  ? file_end_write+0x250/0x250
[  236.643697][ T6026]  ? __fget_files+0x28/0x4a0
[  236.648288][ T6026]  ? __fget_files+0x435/0x4a0
[  236.652970][ T6026]  ? __fdget_pos+0x1db/0x360
[  236.657560][ T6026]  ? ksys_write+0x77/0x2c0
[  236.661974][ T6026]  ksys_write+0x19c/0x2c0
[  236.666302][ T6026]  ? print_irqtrace_events+0x210/0x210
[  236.671785][ T6026]  ? __ia32_sys_read+0x80/0x80
[  236.676584][ T6026]  ? syscall_enter_from_user_mode+0x2e/0x230
[  236.682567][ T6026]  ? lockdep_hardirqs_on+0x94/0x130
[  236.687768][ T6026]  ? syscall_enter_from_user_mode+0x2e/0x230
[  236.693752][ T6026]  do_syscall_64+0x3b/0xb0
[  236.698181][ T6026]  ? clear_bhb_loop+0x45/0xa0
[  236.702864][ T6026]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  236.708762][ T6026] RIP: 0033:0x7fc1b747cf29
[  236.713178][ T6026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  236.732785][ T6026] RSP: 002b:00007fc1b82540c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
2024/06/18 23:14:03 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  236.741217][ T6026] RAX: ffffffffffffffda RBX: 00007fc1b75b3f80 RCX: 00007fc1b747cf29
[  236.749191][ T6026] RDX: 00000000fffffdef RSI: 00000000200001c0 RDI: 0000000000000000
[  236.757168][ T6026] RBP: 00007fc1b74ec074 R08: 0000000000000000 R09: 0000000000000000
[  236.765141][ T6026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  236.773111][ T6026] R13: 000000000000000b R14: 00007fc1b75b3f80 R15: 00007ffdce449928
[  236.781092][ T6026]  </TASK>
[  236.823142][ T6008] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities