last executing test programs:

4m48.399172703s ago: executing program 1 (id=2):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001240), 0x80000, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r0, 0x40043311, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

4m48.320276123s ago: executing program 1 (id=6):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
symlink(0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000d1430df285133dc06d3585984aa2bd8fea921f6b14855c68a56a673c"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

4m45.558272789s ago: executing program 1 (id=9):
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0x700, 0x12)

4m44.403202074s ago: executing program 1 (id=12):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000080))
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
socket(0xa, 0x3, 0x3a)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_emit_ethernet(0x5e, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa3986dd60122d9200283aff00010000000000000000000000000002ff0200000000000000000000000000018900907800000000fe80"], 0x0)

4m28.870475673s ago: executing program 32 (id=12):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000080))
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
socket(0xa, 0x3, 0x3a)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_emit_ethernet(0x5e, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa3986dd60122d9200283aff00010000000000000000000000000002ff0200000000000000000000000000018900907800000000fe80"], 0x0)

4m25.24325085s ago: executing program 4 (id=53):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x14b94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r0, 0x0, 0x0)
alarm(0x8)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r5, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendfile(r5, r4, 0x0, 0x40001)

4m23.900872038s ago: executing program 4 (id=55):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x2008a1f, &(0x7f0000000300), 0x1, 0x4c7, &(0x7f0000000f00)="$eJzs3d9rW20dAPDvOW3mfvS1edULfcHXFzZphy5pV7cVL+YE0auBOu9rbdNSmjalSbe1DO3wDxBEVPDKK28E/wBB9ieIMNB7UVFEN73wQnckycncumSNLO0Z7ecDz/I85yT5fp+seZLnnIeTAE6tDyLiVkSMRcTliJjMt6d5WWg39rv3e/rkwVK7JJFld/6WRJJv6z1Xuz0eERe6D4mzEfH1r0R8K3k1bnN3b32xXq9t5+1qa2Or2tzdu7K2sbhaW61tzs3NXp+/MX9tfibLvVE/yxFx80t/+uH3fvblm7/67L3fL/xl+tvttCby/S/2Y5S6XS91Xoue9mu0fRTBCjCW96dUdCIAAAxlOiI+kpfLMfnS91QAAADgZMi+MBH/TiIyAAAA4MRKO2tgk7SSr/ediDStVLpreD8W59N6o9n6zEpjZ3O5u1a2HKV0Za1em8nXCpejlLTbs/ka21776oH2XES8GxE/mDzXaVeWGvXlog9+AAAAwClx4cD8/5+TaacOAAAAnDDlohMAAAAAjpz5PwAAAJx85v8AAABwon319u12yXq/f718d3dnvXH3ynKtuV7Z2FmqLDW2tyqrjcZq55p9G4c9XzkaW5+LzZ371Vat2ao2d/cWNho7m62FNT8tCAAAAEV591OPfpdExP7nz3VKW1J0UsDb549FJwCM0ljRCQCFGS86AaAwpaITAAp32DG/gYt3fj36XAAAgKMx9YlXz/+fyfc5NgAnW1p0AgDAsXP+H06vkhWAcOp9+JD9b37+P8v+r4QAAICRm+iUJK3k5wInIk0rlYh3OtfyKyUra/XaTD4/+O1k6UPt9mznkYnrBAAAAAAAAAAAAAAAAAAAAAAAAADAkLIsiQwAAAA40SLSPyedq/lHTE1emjh4fOBM8q/Jzm1E3PvJnR/dX2y1tmfb2//+fHvrx/n2q0UcwQAAAAAO6s3Te/N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABilp08eLPXKccb96xcjotwv/nic7dyejVJEnP9HEuMvPC6JiLERxN9/2AnVJ34Sz7IsK+dZ9It/blTxP94/frnz0vSPn0bEhRHEh9PsUXv8udXv/ZfGB53b/u+/8by8qcHjX/p8/BsbMP68M2SM9x7/ojow/sOI9waMf734yYD4F4eM/81v7O0N2pf9NGKq7+dP8lKsamtjq9rc3buytrG4Wlutbc7NzV6fvzF/bX6murJWr+X/9o3x/U/+8tnr+n9+QPzyIf2/NGT///P4/pOPdqulfvGnL/b9/M0/3l6Nn+Y7P53X2/unevX9bv1F7//8N++/rv/LA/p/2P//9JD9v/y17/5hyLsCAMegubu3vliv17ZVVAqsZN/p/j2+Lfl0K9nbkUYhlaGGjzNHOzoBAACj9L8v/UVnAgAAAAAAAAAAAAAAAAAAAKfXcVxO7GDM/WK6CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwWv8NAAD//zQM3oc=")
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xc041)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r4, &(0x7f0000001800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)

4m21.724452565s ago: executing program 4 (id=61):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61120c00000000006113500000000000bf200000000000001500000008ffffffbd0301000000000095000000000000006916320000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c61449347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e00"/773], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

4m20.721426828s ago: executing program 4 (id=63):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x1000801, &(0x7f0000000080)=ANY=[@ANYRES16=0x0], 0x0, 0x1ca, &(0x7f00000004c0)="$eJzsmb+uEkEUxr+Z3QvcG2NiY2GjiTfxmlyW3UUNjQU+gQn4r5PIStAFDGwBJBbExsbH8BUsqCzs7Gy1UBMTCymt18xw2B35J8QQSTy/hNlvZs7MnDnAVwAYhvlv+frl5+dXt0rVUwBncIwsjX+30hhpxH/Kkfj4+l377PPx/H4CQBxvfr4N4G3ZQkT9OP599TE9q5CJvgOJq6TvQcAh/RASd0kHEHhA+omhO4ckwsB51Anrj5th4KrGU42vmuJ8fpORQB1AjvITxnxvMHxaC8OgOy8O4tk5C1Pbij/Uz56UJW4a9VPv1/2XL0aqP6uNa9TPg4RHugiBCukSsnAcJy2Jcf8Ldrq/tcn990Gcy6+LOd2DDFn8AyGMkUMl1Bc6GTk/Gb9fXPVtl4ld2u2VQZ69MPXh6O92zpAJLI1J/VNZ7hXDn2zYiX8UotazQm8wzDdbtUbQCNq+X7zhXnPd635BG9G0XeN/Oe1PR8b+BytiMyKDfi2Kul4fiLpe0venreG4lTedH3qN1P4ncXJ5uof6qOhrZ5efIegl9VOpE2tl8gzDMAzDMAzDMAzDMAzDMFtxEUL/Ckp/VMUr8G/r6F8BAAD///ckZMc=")
creat(0x0, 0x0)
io_setup(0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0xb, 0x200000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000024000000040000000100000000000000", @ANYRES32], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r6, &(0x7f0000000d40), 0x0}, 0x20)

4m19.603192573s ago: executing program 4 (id=64):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x7ffff000)

4m17.642437198s ago: executing program 4 (id=68):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x1208000, 0x0, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r8=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',privport', @ANYRESDEC=r8])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0xc300)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r10, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r10, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r10, 0x0)
ppoll(&(0x7f0000000040)=[{r10}], 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

4m2.170655577s ago: executing program 33 (id=68):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x1208000, 0x0, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r8=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',privport', @ANYRESDEC=r8])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0xc300)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r10, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r10, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r10, 0x0)
ppoll(&(0x7f0000000040)=[{r10}], 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

4.403556163s ago: executing program 2 (id=831):
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000001140)={0x84, &(0x7f0000000200)={0x40, 0xb, 0xf, "7c5d7966870069c190da839c29db6b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.414238066s ago: executing program 2 (id=834):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$random(0xffffffffffffff9c, 0x0, 0x4200, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0)
ptrace$getregset(0x4204, 0x0, 0x202, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

3.311747007s ago: executing program 2 (id=835):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x894a, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'})
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty, 0xa0000000}, 0x22)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e')
r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0x8, 0x400800)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000400)=""/159, 0x9f}], 0x1, 0x105, 0x97e)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={<r3=>0x0, @initdev, @broadcast}, &(0x7f0000000100)=0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x1b4, 0x24, 0x1, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xfff3, 0x3}, {0xfff3, 0xffff}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x1, 0xa}}, @TCA_RATE={0x6, 0x5, {0x7, 0x72}}, @qdisc_kind_options=@q_htb={{0x8}, {0x64, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x6}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xff}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x3f}}, @TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x8}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x2}}]}}, @TCA_STAB={0xf8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x5, 0xbd4, 0x3, 0x1, 0x1, 0xfff, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x4, 0x7, 0x1000, 0x1ff, 0x2, 0x3, 0x6a3, 0x5}}, {0xe, 0x2, [0x1, 0x1, 0x9c, 0x8, 0x0]}}, {{0x1c, 0x1, {0x9, 0x2, 0x10, 0x1, 0x1, 0xff, 0x8, 0x4}}, {0xc, 0x2, [0xd, 0x1000, 0x5, 0x4000]}}, {{0x1c, 0x1, {0x6, 0x5e, 0xd8, 0x800, 0x1, 0xfc4, 0x10001, 0x7}}, {0x12, 0x2, [0x4d37, 0x2a, 0x5, 0x8, 0x9, 0x8, 0x3]}}, {{0x1c, 0x1, {0x6a, 0x1, 0x9, 0x1, 0x2, 0x7ff, 0x4, 0x4}}, {0xc, 0x2, [0x3, 0x8, 0x8, 0x3]}}, {{0x1c, 0x1, {0x2, 0x5, 0x5, 0x5, 0x0, 0x0, 0x5, 0x2}}, {0x8, 0x2, [0x1, 0x1000]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x40}, @qdisc_kind_options=@q_htb={{0x8}, {0xc, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x879b}]}}]}, 0x1b4}, 0x1, 0x0, 0x0, 0xfa60a6b31e403345}, 0x20000000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSBRK(r4, 0x5427)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040))

3.249493439s ago: executing program 2 (id=837):
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
getpid()
openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r1, &(0x7f0000000040)=ANY=[], 0xffffff6a)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x181900, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0xe)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
close_range(r0, 0xffffffffffffffff, 0x0)

3.12355195s ago: executing program 3 (id=840):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff28"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.06100247s ago: executing program 2 (id=841):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000700)='d\x9f\xcc\'K\x97s\xd6\x1b\x94\xc5\xc8\xee\xedS\x9a\x9a\xec\xf6W-\x0e\xfa\xd48`_\'\x00\x80\xb4\xb2\xe1\x9a\\!\x86\x10R\xf3oz\\\xb3+m\xb47\x14\x99\x0f\xd6\x9cYn*~\xdf~\x99x\x98\x9f\x89\x8c\x86\x13\xf7\xc6\xa4\xa9\xfe\x06d+\xd57\x1a\x8e\xc3GM\x11\x8c4w\x1e\xc5\xea\xf2\xc7#\xffuq\x82\xebr\xc6\x16\x99\xc35_\xbe29K\xad\xc2\xb5+2\xfe\x88\xb0\x9e\xc6P\xc5\xd9\xb5M^\x81\xdf\x00\x00\xf8\xb3@p\xa3y\xbd\'\xd5\xea\xed\xdc\xc2\x12Zu\f\x98=\xc3\n\x93\xf3Y\xc0\x02\x98\xe4Y\x91t\xf4\xf2\xae|\xb7\xb8\x81o\xd5\xb2^\xdf+m\xddJ\xc8\xac\xbe\xd6\x02\xb7|]\x9a\\ \xa0a=\x92X\a\x99\xc0l\x17I\x02i\xa4A\x8a\x1d\xb5Xt\xbck\xc1nU\x9f\xd3\\_\x80\xa7\xc7\xa2\xae\xe3\x95l]\x91\n}\x12\x93k\xf8DN\x0fGeN\x00\xb8\xc9\xabO\xd7\xfc\xa5u\xcf\x1c\x87\x06\x03\xc2\x9a2\x83\xaf\xd5\xee\xc8_\xbe\xfb\xb6\xa2\xe6\xad;\xfbC\x11\xb9\x84{\x9fr\x9b\x14\xf9\x00\x10\x1e\xcd\'%\x1d\x06\xdbe\xcd\xb8\xb1\x7f\xd2r\x1b\x84\xd6\'\x13\x9e>\x938\x0ef7\x8btv\bO\xe0$C\x95\x02\xb0\x91\xfewY\x1b\x05^\x85L\v\xd7]\xc8\xb3\x9d2g\xfc\x1b*\x02\x8d\xde\xeb\x06H\x1f/\xd2,\rR\x83L\xf3\x99\xc0\x11\x00\xd4\xbf*\xe6q\xa8\x9c\xf7\x1dh\x88\xf9\xb7\xf8x\x1bG\x90\x91rPK\xdeOX\x87', 0x0, 0x0)
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r3)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r6, 0x800, 0x70bd2c, 0x25dfdbfd}, 0x14}}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)

2.863995233s ago: executing program 3 (id=845):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a002800002001003e0f21"], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.547810847s ago: executing program 3 (id=850):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0)

2.509371538s ago: executing program 3 (id=851):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x6})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x2c}}, 0x0)
syz_usb_connect(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ab11f410aa071700f56c010203010902240001000000000904a000020d70930009050402100000fa0009058202403e0f14ac0ff202d6158315350c344f186885fd974af80dfef648924b338644c09d10a5ffb04a3873f124bbd80b8e179e7b70771dbdd0990c7b53e4acbde1019532540841d9b031bdae82c821fcf60c963259e418f18c7dfb09460ddda080b183dec7950c908ac330dd6b3d9240cfe96ea9dc79f2db53fddcffa23ba53a8c29039056127aaa6002d64f2891c9cc0d8524b57a02543b420c21a079f15797d3d2dc578dfe231a34b27c1b6ec0487106534d73cf379fab993cba68364ec75da75e9fdfec8ef3b4ff5ddda2e9e19a4376876c9e54e1f42e2a8d4f304fba0f85df3fef2e0ab2aac58252d4bea6d9a4d0e7aa8186f4b16515"], 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'syz_tun\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.36079086s ago: executing program 5 (id=854):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000440)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

2.281922031s ago: executing program 5 (id=856):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000001c0)={'wg1\x00'})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, &(0x7f0000000540))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpu.stat\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x40801, 0x0)
syz_emit_ethernet(0x2e, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r4, &(0x7f0000001240)=[{0x0}], 0x1)

2.151968883s ago: executing program 5 (id=858):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)=@generic={0x0, r0}, 0x18)

2.123952963s ago: executing program 5 (id=860):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x14b94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r0, 0x0, 0x0)
alarm(0x8)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendfile(r4, r3, 0x0, 0x40001)

1.077762506s ago: executing program 6 (id=870):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff28"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.030158417s ago: executing program 6 (id=871):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value}}, 0x40)
syz_emit_ethernet(0xd81, &(0x7f0000000a40)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @broadcast, @void, {@llc_tr={0x11, {@snap={0xaa, 0xaa, "cc", '1^A', 0x5241, "0723c21e015caae3549633413c144794fb5a3fe5d452b3205778bebc6f37395ffbd9b708df61f127b4280df6950d37e5e103b4077511d996c089674ce8248f881de2b21feaad333ed0cd8290c201cc9c49483db09530bab995c9ff44795b5f3511457ec4cc223e5e335b13f6725d8918d581d5ae90d76e01213ee5dfdf6aa7f05095a8db9a167dce5b1e9933b8cf9495acb72da3e64e7e1713a4b4af1f7c8953b5056fbf9f41375b7b37278f5ce3ad7e7fd145d879a5ae3a16075d5a60ea00de5aa28c3f201726193264851469cdfe7b8bbedd5d7d520e45143c8a45fe879716d2965c3b3b75565f746f3ae28cff367e735b566949e0e76814ea7ec238e2f8f4ce9d7fca25166870f08eeae13724956e9039e2f52e0a65809d7be14147351e1dd7266179417246898d9271008839d7ac1760b13b83352d23a5b643292bb7cdd57bf4b1a7defc29b1d0e09a527830dc5d6758db8589974e58f8b36e0e49794c27f126ae2174c57d67b8c5aa1d221065848dd32007887e088e98ce51756095e9e68e779480e457559516d3e518f544f64177b99da074c528eb33e454c27fb4f85762e217bf7fc7c1a658115cc824e77a97e3f525114396b9615af235b46884fa31692276443c73d1744198634ff77ccd9b4c9748b1df35249973dd2e3a192179162b522ff0a48e0c5af24497a806e77f1c75a6b0c5df62c792b7b8144698155d93b08080586bc470439bcbd0344db0325e89988faa215ebe73da5440a1235b05a0b1028588a79c431ea85755c3e61c4d8a4564d36967622504048df284c3b5169d83fe1b4f2a729cbcc1c2db61d08b84873a47d2060bfd2e88f2b0444a064466e4802a76dce1347ba3ef2cf5aa23910e4881300c837328e5d4df76811a555b70605e44dbff6879a5bdb6a6c4e782987bcae9437f0992bdee161e7e20cd3d85cc142429d8884da704f9b8b67517c34c5041a0a093adef3981576f5756d523831d8cdc61baf23382f4ecbc6ee8a812f19dcfb23ed0071bab75f3b2267843ba9e6c1e31f473e3c85d0380b80d10e60aaeb725ce58f5153f22a520ffa7f4b6258f3a3522e5664f0716be42c9df47712a4693dc65f658fafe19fe874bf925311e4d8e8d0116d8afc14877f0d86069aa6e22d7905f8f5f03dab5e2585b329d544a7e331f20a1a00fdebdc29a743f6f7e83fa338af9da67652f11dbb0a63f841344c87f5324b911f71c746e1f16dc917c6e9bb3f61d631fa5e746b5181ed06d3ddf42aee66ee2aa4ef5bab1726650770a532d0887c10f7f5e35969d4b74fad0ef9e4f6df7bf9bea5d06bc6ebef6b9d198fd1ae2336c00ae621f9c00fcac26c5bf91107341684ec107726ca1391c1a7578e68808ab60fd6842703c108dba0ee3493efbd82c4746bfb55e71418bc6983f6e87b1e0e3d8ce95e7a9f04836650cd0909b02051a08e51775dd00c8fd325b70199ea0261d2b48f6a9e5c0771835ff94b0f62477fdfedc3a956ecf8d4020af481dadece8da254ac8b7e5e6e1ebcd069b83cce83803e28f7f0392e710d59cf2dba33cca9ba8c5d1678071a6507a5289860794e18de40b7a32d329a055767c7774d1c3762709ebb4643255dae84874567eb5d8743c65f8a3ebc6422b655d70749454592cccf34b424c11b11abeb60059d53abf6aca8b85dc5faad1d2535f0d4f5ca07a23d6a83e91a1f65b3544616e3b04d7dd64fe635de3dd90969a3ff028a1d1e8509f58f57274d1352f584180af9e34cbd456e967ef3cfdd1bc16fac7347ff565e2bac6c16fc65052724c87600ae7667df353c5050db156e28fadea00edda2493dceb44a5ba9b9207ae5f5838558831939cbc2c037fe53b2a2bdaac34861ea8a6a293f32a3ccfe35641e3c2406798f203bc1a0b1acf982d9014e86699f8deeda531830d065cd8a5bf2538070f7d91a9013377ffbe8e2b206e972fe919599afab04d28bdf3da647530ec2728a06fa2a9921f5204281fc364267bcccac1a8de00edd7b0049bf458a7c67c2583c0900dc9ded28d4ced95ec512bcf73b533f56fd85935f3f4c465ed418fbbac83fa9f9262a069f976fb624f89be6ac9555a3e00b87372905a1cc67d89c4d64bb35ec096deb02bfe85c7d71dc3c6efe1caa8d027a888f8dcdeaa776f9a32685a616ec1046e94b450b1855d5a24570fe10b7e1adb806497d6873206bc13767f8faa9627b299b5a3502dadf47ba3057450987552cb01171ca5678d01e828ab673c6767426967e6a17abf3a70fc8441c7836f88d8a60779b49dfde3e8647fd6815d1fcba6c86e88a8379d15ec734d83c0ee36396aedaa48a15a952a0684d5062e0f481e19ed4af0d4c426bccf14fae3ff7968484fb8c0567f082c2972e77b490c5cb898c74361ccd510b3e72a745b39ad8cfa20b26bb106a86e3611befc6cc3d11fed07bc7b776c3ac2d7003e97c06a2f1023007213642617910362afc782de985312c9b1bcb590e7aef653bfb244cbef3ba923d354eb38ddf8f2d009242e74e1ae97cb01a66268f2c2676486d6196c05bbb96ebd1ea5e9b78bf8ef17fe50808c53437aba1eb35dc89539e516e34ca910bf7fd238f89be954fb45a021c6b1d35db6d048138796d56e050c57c9feb9e5c161039ce637ce49a0683c2f01c14ff78e4fe37a703e23facd7aa30b943f470e846b5d0ca6ca5c4b74ecdd58b17f7bfce218268cc19b814704ce5e140f41af01e0db43ce3cc294ec83c7ef628bb26a3bc7c1bacfe141bc7d718b22fbc1a078903173f6b176b5e89350e3160fc0cf338171b49b78b15b6ce47da82cc43cdf6b03f3ba3947a1b62bc495f8b6b164b3c8ad9257b093a21ba683781bb9222513edfeab6314baa7b2aa8d41ec4aeaab6678c0f173fc39319c33bec529e687bd5b4ffee796e18d3adaff975be786cd52c765d51888b5580120be0ee32d865b3fa0bcbb4ae1ae817a729125ee22b100629fa823f5c41d406916a9c6e8dac31dbde58ca0b4285ea16fbc0f8eb14cb084c76331213f23cfc5a055cc839a51ed998926185ed89acdfd56f0a2bad054aca9c7a8b5c69e2e0285be3f7f009ca299d1d45584f04c7a8d7957c3b39dec6c5b5ffc38ed163d48428638a3a836664302605f10f432bf374a9275e8bb701b6f6e0b604177f9ed503e9c79e53d91cbeef903830d52f36fa7ee06655ca30e3f12d2324912e59a133bd85335eba70089bbb485c65e97c827faa0004b6372258ca5452c0aa15cfa5a63fbdcfe097f7f9df4d4745e07a0264cec93aea5e3a2dc2cfb3ba484291f211dd59e9d08b1463a5a33e7c565133295e53c88276c6547d59fe6903522c27e550e5cab5f3e300279d4e47671b3a66b975f9ee8f195544e87bedaabcc41ec596e4f4cf36047d124025119b1365ae1d036ddf9928de3453e830e93410498daa7a5b21c14881c094d6a500a3ac38d1451c6851d013a7d5929d4fce142bb978529e1a61dc2a001ed9821a3f9c4245db61daf7741e429be07ed489ea2720421ae078381a2b1bad199e289ebbe7a034aa750fb654b5de466d630b27da846aa82ff0a340b9633b0a2e6a3a8dc9d26e274f813c675570a1515c9d82bc8781e4038309a5e89e1c9814107e0e3b0afa106cc82318e6d50147291e79dcf63b3049444928911dae864450912c7208458c07884ef2d12db561c40543476dc3210e54b792dc0c4ed96cf2b4212e9bff15908b64910c02ab922175311e8bd43651ecf22d82b665c0b5bd8198ec81214b0a462682891ea400530d92d3a476880e9d8e603fec0b6e9be925193aea25421b195ee80a55595f187609e8efaae2e3c8d010a9c623537478aa35e6a50272011aebfff00a02426de0905be315d117c496e537d8c888ed85cd24707857e8a8a879a8c3cfc2b3a0de01d4fa008ab7354b3dd976842ab006eee2967d01c24e6d6cd5417791a0006ef57af980f8a735584901538fc231a610e510fb8dd43b8bdff3e6ecbd87e502c625996d4743f69fd78fb521fba0148447c1fdfabed8e57ce7868bd5cb788a29785f8b8c9eec9a1ad200632568b098a6a89414db4a9512cfb35ff98e695abaa10f5e7bf8d961b8eb538756436851257a50a1b8eb5fe165c91685a3839922d297851b3489f097dfd31a43f10eb49e69247b20716a4cee2df8181c2b4d09d4b1731559c2547babef9f577f30741ca114223aaa44e32c0dcbefc2703200473bd43cecd96e67294f3bf9faedfec598c41ecfa93752afc6506028213ce62208ad86d58c5b65564d4ebcbbc0d991adb91d4d6d2e0bffd31d7bc11f9dea4bd175af556fdc6f40c2ba24e764dbad3af97d3119f29e89574713910780b77278ada5c5ada37108692f4e19b4aa6069de1e1cffa2c58b0e4fc488f45d84b8663bacc2305a9983fe16a3c9054658881f61004073987accc918eec7990b04556fda4593900019d30ff9858c9be1a0427fd78b627cedc456f7fc9880ed8236f98e924053c52948834776ca32790fdfa60cc0e3dced7c0b2892c9bade4138fc4512998d064ced6bf598e5e32e42317565eb3d3991c1778d7f54332f572fdd0e2b5684c10f71422024e64c76685d2c57c408d21ef264be9aa2bd8f1be8c22bcd2b45e844ec1b4d2d73b98a6032aa04e6b02fca64924899824418348a7f7838d1fdebe2e095b36296cc4671f9bc0d16a40356ca6c8b4bd2a8d4451976a95f375965f6892ae987435c507f29a33a39721f555e67b0866e5e8b394e2cd99795f25d52ea02a1dddfb343939cd339c503bb92dff64fb220ece05178769493b59b43a3c55d50e8a1e074077047b2a9e77ede634d66b35a07d536110ee40b7759b827c1a4295c8513577fa3e9e05543dc878d59c6b"}}}}}, 0x0)

931.940928ms ago: executing program 6 (id=872):
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x5}, 0x8)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x2000c004}, 0x8040)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r0=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a0000", @ANYRES32=r0, @ANYBLOB="00000132ae57f60014001a80100004800c"], 0x34}, 0x1, 0x0, 0x0, 0x815}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000002c0)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

907.941878ms ago: executing program 6 (id=873):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
r1 = openat$fb0(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
ioctl$FBIOGET_FSCREENINFO(r1, 0x4602, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a44000000120a09000000000000000000020000000900020073797a310000000008000440000000000900"], 0x6c}}, 0x0)
ioctl$TIOCSTI(r0, 0x5412, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d"])
unlink(&(0x7f0000000000)='./file0\x00')
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x9, 0x0, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x8, 0x800, 0x80}, {0x6, 0x24, 0x1a, 0x7c2a, 0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0xad, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0x2, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x9, 0xf8, 0x1}}}}}}}]}}, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
openat$cgroup_subtree(r5, 0x0, 0x2, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r2, 0x4068aea3, &(0x7f0000000180)={0xbc, 0x0, 0x1})

683.850951ms ago: executing program 0 (id=876):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x3, 0x5, 0x8, 0x3, 0x1, {0x1, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)

573.274513ms ago: executing program 0 (id=877):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = io_uring_setup(0x3ca6, &(0x7f00000000c0)={0x0, 0xc63b, 0x10000, 0x0, 0x7})
mkdir(&(0x7f0000000600)='./file0\x00', 0xe8)
mount(&(0x7f0000000000)=@nullb, 0x0, &(0x7f00000000c0)='hpfs\x00', 0x11, 0x0)
io_uring_enter(r2, 0x4, 0x2, 0xf, &(0x7f0000000000), 0x8)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000001f00))
r4 = socket$pppoe(0x18, 0x1, 0x0)
open(&(0x7f0000000280)='./bus\x00', 0x3a1f00, 0xa7)
connect$pppoe(r4, &(0x7f00000002c0)={0x18, 0x0, {0xd, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth1\x00'}}, 0x1e)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000040)=0x2)
connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x0, @multicast, 'pim6reg1\x00'}}, 0x1e)
ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000200)=0x1)
sendmmsg(r3, &(0x7f0000000140)=[{{0x0, 0xffffff07, 0x0}}], 0x1, 0x0)

496.986214ms ago: executing program 5 (id=878):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20142, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000140)={[0x7, 0x124d58da, 0x2, 0xb394, 0xd235, 0x2db, 0x0, 0x744, 0xfffffffffffffffd, 0x10010000000007, 0x300, 0x9, 0x10004, 0x10000000003ffffe, 0x362, 0x8], 0x0, 0x90f43})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

411.861555ms ago: executing program 2 (id=879):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/62, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a98", 0x3, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffffffffff280012800b00010065"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

411.375075ms ago: executing program 0 (id=880):
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240048f6}, 0x20004894)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0), 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000840)={0xffffffffffffffff, &(0x7f0000000780)="72a9aa0490741f008e31e0e66b75411ad5aca5de7218cdd79f408a38ee76c99b0a5819d7d834863dd3b5d062c7e043624f475d1e6e474eb1b26b9d46a7878ba6a7fda03a685d315fed33dd87c8850f506ba8e2e0076b97aee2f7a6fc0106b351558c39688f2880aa54e140231c6a8dfb85835967759752d3e334828c64bc81b271fb55d53de73536cc55f079184772f3", 0x0}, 0x20)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

382.372105ms ago: executing program 3 (id=881):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff28"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

306.194246ms ago: executing program 0 (id=882):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{&(0x7f00000006c0), 0x80, 0x0}}], 0x1, 0xcb, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000009c0)=ANY=[@ANYBLOB="02c93012000e00050014070a00090001281218dc00040016d6bb62591b4f937c2c50f625123905baf6ad8d849cf4736c0d04db6135e60cef276c5acfdf5e67c83241f2191d60f5dacf811292af30d3ed4f1d0bc8f8cb38c09f44cd4f9fd793bc34ea9da2b9abb8dc09a82fe58dd1d59d852b3418b63280ec63edf4a2d11b758129975bc5d9b9a1463de861e3d515ea35e7243608343fb3e22299b8860eb5623132b59dfd03114e6404fb7b47b0bf7bd39a9548c9c788c40b562538df861d"], 0x17)

191.974508ms ago: executing program 6 (id=883):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
unlink(&(0x7f0000000080)='./file0\x00')
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')

182.112458ms ago: executing program 0 (id=884):
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})

97.749269ms ago: executing program 5 (id=885):
syz_usb_connect(0x1, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close(0x3)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$sndseq(r2, 0x0, 0x0)
write$char_usb(r0, &(0x7f0000000200)='c', 0x1)

1.11375ms ago: executing program 6 (id=886):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)

793.09µs ago: executing program 0 (id=887):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x4, 0x0, 0x100000, 0x1000, &(0x7f0000004000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0)

0s ago: executing program 3 (id=888):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140fdffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

kernel console output (not intermixed with test programs):

e loop5): ext4_fill_super:4841: inode #2: comm syz.5.109: iget: bad i_size value: -1
[  119.952538][ T4736] EXT4-fs (loop5): get root inode failed
[  119.958210][ T4736] EXT4-fs (loop5): mount failed
[  120.839012][ T4664] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.846126][ T4664] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.857497][ T4664] device bridge_slave_1 entered promiscuous mode
[  121.196156][ T4664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.217335][ T4747] netlink: 16 bytes leftover after parsing attributes in process `syz.0.111'.
[  121.343395][ T4664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.398845][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  121.398860][   T26] audit: type=1400 audit(1746347694.891:34): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=4735 comm="syz.5.109"
[  121.528357][ T4664] team0: Port device team_slave_0 added
[  121.575981][ T4664] team0: Port device team_slave_1 added
[  121.670868][ T4664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.678260][ T4664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.716945][ T4664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.755668][ T4664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.787617][ T4664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.909057][ T4282] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  121.929534][ T4252] Bluetooth: hci2: command 0x040f tx timeout
[  121.987142][ T4664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.168353][ T4664] device hsr_slave_0 entered promiscuous mode
[  122.183082][ T4664] device hsr_slave_1 entered promiscuous mode
[  122.335851][ T4282] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.377758][ T4282] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  122.396112][ T4282] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.435411][ T4282] usb 6-1: config 0 descriptor??
[  122.621234][ T4664] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  122.663838][ T4664] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  122.700278][ T4664] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  122.736898][ T4664] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  123.074411][ T4784] loop2: detected capacity change from 0 to 512
[  123.097261][ T4282] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor
[  123.110647][ T4664] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.132565][ T4282] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0002/input/input5
[  123.313885][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.354935][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.398070][ T4664] 8021q: adding VLAN 0 to HW filter on device team0
[  123.439304][ T4282] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  123.474845][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.494045][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.509390][ T4784] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  123.534714][ T4270] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.541884][ T4270] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.597137][ T4784] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  123.663771][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.687492][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.753553][ T4270] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.760778][ T4270] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.805883][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.819139][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.828514][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.835454][ T1325] usb 6-1: USB disconnect, device number 3
[  123.880880][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.934525][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.973262][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  124.000413][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  124.009071][ T4273] Bluetooth: hci2: command 0x0419 tx timeout
[  124.071204][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  124.091722][ T4801] loop3: detected capacity change from 0 to 512
[  124.093221][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  124.108406][ T4803] loop2: detected capacity change from 0 to 16
[  124.151904][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  124.171627][ T4801] EXT4-fs error (device loop3): ext4_fill_super:4841: inode #2: comm syz.3.122: iget: bad i_size value: -1
[  124.185362][ T4801] EXT4-fs (loop3): get root inode failed
[  124.191139][ T4801] EXT4-fs (loop3): mount failed
[  124.193419][ T4803] erofs: (device loop2): mounted with root inode @ nid 36.
[  124.235563][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  124.252939][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  124.334856][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.559236][ T4814] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  125.039166][ T4282] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  125.126228][ T4828] netlink: 16 bytes leftover after parsing attributes in process `syz.0.125'.
[  125.288906][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  125.317352][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  125.325463][ T4282] usb 6-1: Using ep0 maxpacket: 8
[  125.365621][ T4664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.495062][ T4282] usb 6-1: unable to get BOS descriptor or descriptor too short
[  125.589767][ T4282] usb 6-1: config 4 has an invalid interface number: 147 but max is 0
[  125.618254][ T4282] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  125.704680][ T4282] usb 6-1: config 4 has no interface number 0
[  125.859183][   T26] audit: type=1400 audit(1746347699.351:35): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=4800 comm="syz.3.122"
[  126.249645][ T4282] usb 6-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  126.519230][ T4852] loop0: detected capacity change from 0 to 512
[  126.567058][ T4282] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.584519][ T4852] =======================================================
[  126.584519][ T4852] WARNING: The mand mount option has been deprecated and
[  126.584519][ T4852]          and is ignored by this kernel. Remove the mand
[  126.584519][ T4852]          option from the mount to silence this warning.
[  126.584519][ T4852] =======================================================
[  126.726568][ T4853] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  126.736094][ T4853] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  126.748425][ T4853] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  128.006308][ T4282] usb 6-1: Product: syz
[  128.166218][ T4282] usb 6-1: Manufacturer: syz
[  128.337792][ T4282] usb 6-1: SerialNumber: syz
[  128.849295][ T4282] usb 6-1: can't set config #4, error -71
[  129.013903][ T4282] usb 6-1: USB disconnect, device number 4
[  129.037310][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  129.100155][ T4852] fscrypt: Error allocating hmac(sha512): -2
[  129.106228][ T4852] EXT4-fs (loop0): Error processing option "test_dummy_encryption" [-2]
[  129.135021][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  129.337317][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  129.710561][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  129.787636][ T4664] device veth0_vlan entered promiscuous mode
[  129.836651][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  129.866163][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  129.879712][ T4870] loop5: detected capacity change from 0 to 512
[  129.938034][ T4664] device veth1_vlan entered promiscuous mode
[  129.950757][ T4875] process 'syz.2.133' launched './file1' with NULL argv: empty string added
[  130.021883][ T4870] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  130.037868][ T4870] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  130.039247][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  130.270408][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  130.323455][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  130.351199][ T4887] loop2: detected capacity change from 0 to 16
[  130.446768][ T4888] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  131.132155][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  131.148436][ T4664] device veth0_macvtap entered promiscuous mode
[  131.198429][ T4887] erofs: (device loop2): mounted with root inode @ nid 36.
[  131.245013][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  131.318261][ T4664] device veth1_macvtap entered promiscuous mode
[  131.431553][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.442064][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.451966][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.752374][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.864209][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.001462][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.012200][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.022838][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.032761][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.043247][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.055972][ T4664] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.066937][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.090667][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.128331][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.145893][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.157521][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.448582][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.481740][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.516898][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.546017][ T4664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.581762][ T4664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.625174][ T4664] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.690618][ T4893] netlink: 16 bytes leftover after parsing attributes in process `syz.5.136'.
[  132.806698][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.813178][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.861325][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  132.873462][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  132.894320][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  132.917165][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  132.981696][ T4664] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.053842][ T4664] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.131053][ T4664] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.218620][ T4664] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.765225][ T4397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.788179][ T4397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.889970][ T4929] loop2: detected capacity change from 0 to 512
[  133.908003][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  133.945424][ T4270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  134.103934][ T4933] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  134.442702][ T4270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  134.625617][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  134.660969][ T4929] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  134.679026][ T4929] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  134.743675][ T4941] loop0: detected capacity change from 0 to 512
[  134.827774][ T4941] EXT4-fs error (device loop0): ext4_fill_super:4841: inode #2: comm syz.0.148: iget: bad i_size value: -1
[  134.841821][ T4941] EXT4-fs (loop0): get root inode failed
[  134.847477][ T4941] EXT4-fs (loop0): mount failed
[  134.899413][ T4931] loop5: detected capacity change from 0 to 1024
[  135.136350][ T4945] loop3: detected capacity change from 0 to 1024
[  135.172289][   T26] audit: type=1400 audit(1746347708.671:36): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=4940 comm="syz.0.148"
[  135.935336][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!!
[  135.945077][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[  135.958805][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  135.967826][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  135.976731][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  135.985844][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  135.994767][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  136.004082][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  136.018200][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  136.028807][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  136.606856][ T4931] EXT4-fs (loop5): inline encryption not supported
[  136.647080][ T4953] netlink: 16 bytes leftover after parsing attributes in process `syz.2.150'.
[  136.691167][ T4945] EXT4-fs (loop3): Ignoring removed bh option
[  136.819403][ T4945] EXT4-fs (loop3): inline encryption not supported
[  136.829337][ T4931] EXT4-fs: failed to create workqueue
[  136.835041][ T4931] EXT4-fs (loop5): mount failed
[  138.967984][  T154] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.977234][ T4945] EXT4-fs error (device loop3): ext4_map_blocks:739: inode #3: block 1: comm syz.3.149: lblock 1 mapped to illegal pblock 1 (length 1)
[  139.000994][ T4945] Quota error (device loop3): write_blk: dquota write failed
[  139.014872][ T4945] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  139.033014][ T4945] EXT4-fs error (device loop3): ext4_acquire_dquot:6204: comm syz.3.149: Failed to acquire dquot type 0
[  139.142860][ T4945] EXT4-fs error (device loop3): ext4_free_blocks:6223: comm syz.3.149: Freeing blocks not in datazone - block = 0, count = 4096
[  139.303384][ T4945] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.149: Invalid inode bitmap blk 0 in block_group 0
[  139.320981][  T144] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1)
[  140.856471][  T154] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.899271][ T4945] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem
[  141.220103][ T4945] EXT4-fs (loop3): 1 orphan inode deleted
[  141.873755][ T4945] EXT4-fs (loop3): mounted filesystem without journal. Opts: ��; nodioread_nolock,nodiscard,bh,max_batch_time=0x00000000000008c9,nodiscard,inlinecrypt,i_version,,errors=continue. Quota mode: writeback.
[  142.084124][  T144] Quota error (device loop3): remove_tree: Can't read quota data block 1
[  142.098182][ T4975] loop6: detected capacity change from 0 to 512
[  142.189011][  T144] EXT4-fs error (device loop3): ext4_release_dquot:6240: comm kworker/u4:1: Failed to release dquot type 0
[  142.231166][  T154] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.608326][ T4992] loop2: detected capacity change from 0 to 512
[  142.641381][  T154] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.603625][ T4996] loop5: detected capacity change from 0 to 512
[  143.671523][ T4996] EXT4-fs error (device loop5): ext4_fill_super:4841: inode #2: comm syz.5.161: iget: bad i_size value: -1
[  143.688102][ T4996] EXT4-fs (loop5): get root inode failed
[  143.693928][ T4996] EXT4-fs (loop5): mount failed
[  143.841721][ T4992] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  143.858184][ T4992] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  144.527656][   T26] audit: type=1400 audit(1746347717.931:37): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=4995 comm="syz.5.161"
[  145.019952][ T5014] netlink: 16 bytes leftover after parsing attributes in process `syz.2.164'.
[  145.184021][ T5016] loop5: detected capacity change from 0 to 1024
[  145.800438][ T5025] loop3: detected capacity change from 0 to 512
[  148.092984][ T5016] EXT4-fs: failed to create workqueue
[  148.098467][ T5016] EXT4-fs (loop5): mount failed
[  148.127848][ T5025] EXT4-fs: error -4 creating inode table initialization thread
[  148.136253][ T5025] EXT4-fs (loop3): mount failed
[  150.169180][ T5070] syz.0.175[5070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  150.169353][ T5070] syz.0.175[5070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  152.589604][ T5023] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  153.349132][ T4213] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  153.371356][ T5075] loop0: detected capacity change from 0 to 512
[  153.708976][ T4213] usb 7-1: Using ep0 maxpacket: 32
[  154.046436][ T5081] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  155.133516][ T5086] loop2: detected capacity change from 0 to 256
[  155.199668][ T5075] EXT4-fs error (device loop0): ext4_fill_super:4841: inode #2: comm syz.0.176: iget: bad i_size value: -1
[  155.213148][ T5075] EXT4-fs (loop0): get root inode failed
[  155.218887][ T5075] EXT4-fs (loop0): mount failed
[  155.237241][ T4213] usb 7-1: device descriptor read/all, error -71
[  155.323252][ T5086] FAT-fs (loop2): bogus number of FAT sectors
[  155.479573][ T5086] FAT-fs (loop2): Can't find a valid FAT filesystem
[  156.835543][ T5123] loop0: detected capacity change from 0 to 256
[  156.950569][ T5123] FAT-fs (loop0): Unrecognized mount option "sHortnamC=�" or missing value
[  157.568907][ T5134] syz.5.186[5134] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  157.569533][ T5134] syz.5.186[5134] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.401988][ T5151] loop2: detected capacity change from 0 to 512
[  159.514318][ T5151] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  159.593237][ T5151] EXT4-fs (loop2): 1 truncate cleaned up
[  159.609130][ T5151] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,jqfmt=vfsv0,bsdgroups,errors=remount-ro,grpquota,. Quota mode: writeback.
[  159.735446][   T26] audit: type=1800 audit(1746347733.231:38): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.188" name="file1" dev="loop2" ino=15 res=0 errno=0
[  159.756393][ T5151] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  159.808642][ T5151] EXT4-fs (loop2): Remounting filesystem read-only
[  159.830776][ T5151] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1760: inode #15: comm syz.2.188: unable to update i_inline_off
[  159.854813][   T26] audit: type=1800 audit(1746347733.231:39): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.188" name="file1" dev="loop2" ino=15 res=0 errno=0
[  159.885947][ T5151] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  159.941578][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.005217][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.019126][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.067226][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.079155][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.143576][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.164018][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.216423][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.239183][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.271507][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.278203][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.342707][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  160.362216][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  160.525538][ T5171] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  160.990276][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  161.039294][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  161.051713][  T154] device hsr_slave_0 left promiscuous mode
[  161.071328][  T154] device hsr_slave_1 left promiscuous mode
[  161.088876][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  161.105879][ T5150] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.188: corrupted in-inode xattr
[  161.119933][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.141506][  T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.149067][ T5150] EXT4-fs (loop2): Remounting filesystem read-only
[  161.205496][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.224989][  T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.236814][  T154] device bridge_slave_1 left promiscuous mode
[  161.243189][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.258407][  T154] device bridge_slave_0 left promiscuous mode
[  161.266658][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.292468][  T154] device veth1_macvtap left promiscuous mode
[  161.298726][  T154] device veth0_macvtap left promiscuous mode
[  161.305395][  T154] device veth1_vlan left promiscuous mode
[  161.318168][  T154] device veth0_vlan left promiscuous mode
[  162.324395][ T5187] loop2: detected capacity change from 0 to 512
[  162.466764][ T5187] EXT4-fs error (device loop2): ext4_fill_super:4841: inode #2: comm syz.2.193: iget: bad i_size value: -1
[  162.486619][ T5187] EXT4-fs (loop2): get root inode failed
[  162.492877][ T5187] EXT4-fs (loop2): mount failed
[  162.495132][ T5191] loop0: detected capacity change from 0 to 1024
[  162.564201][ T5191] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  162.829094][   T26] audit: type=1400 audit(1746347736.321:40): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=5184 comm="syz.2.193"
[  163.323870][  T154] team0 (unregistering): Port device team_slave_1 removed
[  163.375427][  T154] team0 (unregistering): Port device team_slave_0 removed
[  163.400095][  T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  163.417907][  T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  163.537149][  T154] bond0 (unregistering): Released all slaves
[  164.184165][ T5222] loop6: detected capacity change from 0 to 256
[  164.268094][ T5225] loop0: detected capacity change from 0 to 1024
[  164.295227][ T5222] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  164.341787][ T5222] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  164.394306][ T5222] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  164.397667][ T5225] EXT4-fs (loop0): Ignoring removed nobh option
[  164.459440][ T5225] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  164.683971][ T5233] loop5: detected capacity change from 0 to 512
[  164.693892][ T5225] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,grpid,barrier=0x0000000000000001,bsdgroups,nouid32,max_dir_size_kb=0x00000000004007b1,abort,nodelalloc,nobh,user_xattr,dioread_lock,dioread_nolock,,errors=continue. Quota mode: none.
[  164.713652][ T5200] loop2: detected capacity change from 0 to 40427
[  165.381876][ T5200] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  165.416854][ T5200] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  165.507492][ T5233] EXT4-fs error (device loop5): ext4_fill_super:4841: inode #2: comm syz.5.208: iget: bad i_size value: -1
[  165.519906][ T5233] EXT4-fs (loop5): get root inode failed
[  165.525588][ T5233] EXT4-fs (loop5): mount failed
[  165.574813][ T5200] F2FS-fs (loop2): invalid crc value
[  165.598688][ T5247] loop0: detected capacity change from 0 to 1024
[  165.664710][ T5200] F2FS-fs (loop2): Found nat_bits in checkpoint
[  165.669553][ T5247] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  165.752199][ T5247] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,noquota,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  166.002201][ T5200] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  166.025021][ T5200] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  166.358083][ T5263] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  167.230838][ T5267] ipt_CLUSTERIP: Please specify destination IP
[  167.598962][ T1108] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  168.242611][ T1108] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  168.314326][ T1108] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  168.323703][ T1108] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  168.334345][ T1108] usb 4-1: config 220 has no interface number 2
[  168.344865][ T1108] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  168.358460][ T1108] usb 4-1: config 220 interface 0 has no altsetting 0
[  168.365601][ T1108] usb 4-1: config 220 interface 76 has no altsetting 0
[  168.399105][ T5297] xt_hashlimit: size too large, truncated to 1048576
[  168.409155][ T1108] usb 4-1: config 220 interface 1 has no altsetting 0
[  168.454889][   T26] audit: type=1326 audit(1746347741.951:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5299 comm="syz.2.220" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c410d5969 code=0x0
[  168.591945][ T5305] netlink: 552 bytes leftover after parsing attributes in process `syz.2.220'.
[  168.651508][ T1108] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  168.673431][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.723277][ T1108] usb 4-1: Product: syz
[  168.747736][ T1108] usb 4-1: Manufacturer: syz
[  168.763249][ T5305] bridge1: the hash_elasticity option has been deprecated and is always 16
[  168.768585][ T1108] usb 4-1: SerialNumber: syz
[  169.029329][ T5305] Zero length message leads to an empty skb
[  169.230251][ T1108] usb 4-1: selecting invalid altsetting 0
[  169.237292][ T1108] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  169.309069][ T1108] usb 4-1: No valid video chain found.
[  169.450392][ T1108] usb 4-1: selecting invalid altsetting 0
[  169.466399][ T1108] usbtest: probe of 4-1:220.1 failed with error -22
[  169.534908][ T1108] usb 4-1: USB disconnect, device number 4
[  169.561604][ T5319] loop2: detected capacity change from 0 to 1024
[  171.932283][ T1108] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  171.996965][ T5357] loop6: detected capacity change from 0 to 512
[  172.089785][ T5357] EXT4-fs error (device loop6): ext4_fill_super:4841: inode #2: comm syz.6.229: iget: bad i_size value: -1
[  172.102246][ T5357] EXT4-fs (loop6): get root inode failed
[  172.107964][ T5357] EXT4-fs (loop6): mount failed
[  172.214315][ T1108] usb 3-1: Using ep0 maxpacket: 32
[  172.335061][ T5327] loop3: detected capacity change from 0 to 40427
[  172.359404][ T1108] usb 3-1: config 0 has an invalid interface number: 231 but max is 0
[  172.366772][ T5327] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  172.367604][ T1108] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.416691][ T5327] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  172.426797][ T1108] usb 3-1: config 0 has no interface number 0
[  172.436966][ T1108] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  172.457666][ T1108] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  172.471379][ T5327] F2FS-fs (loop3): invalid crc value
[  172.521778][ T5327] F2FS-fs (loop3): Found nat_bits in checkpoint
[  172.653015][ T5327] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  172.662624][ T5327] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  172.699193][ T1108] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  172.715131][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.746902][ T1108] usb 3-1: Product: syz
[  172.774404][ T1108] usb 3-1: Manufacturer: syz
[  172.781018][ T1108] usb 3-1: SerialNumber: syz
[  172.798376][ T1108] usb 3-1: config 0 descriptor??
[  172.839415][ T5345] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  172.870055][ T1108] usb-storage 3-1:0.231: USB Mass Storage device detected
[  173.085081][ T4215] usb 3-1: USB disconnect, device number 4
[  174.076415][ T5414] loop0: detected capacity change from 0 to 256
[  174.310963][ T5414] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  175.766430][ T5428] loop6: detected capacity change from 0 to 1024
[  176.000938][ T5428] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities
[  176.595371][ T5449] netlink: 32 bytes leftover after parsing attributes in process `syz.3.238'.
[  176.857299][ T5454] loop3: detected capacity change from 0 to 512
[  177.009157][ T5454] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  177.029010][ T5454] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  177.132858][ T5435] loop0: detected capacity change from 0 to 40427
[  177.204095][ T5435] F2FS-fs (loop0): invalid crc value
[  177.220997][ T5435] F2FS-fs (loop0): Found nat_bits in checkpoint
[  177.384618][ T5435] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  178.471441][ T4169] attempt to access beyond end of device
[  178.471441][ T4169] loop0: rw=2049, want=45104, limit=40427
[  178.684206][ T5484] loop2: detected capacity change from 0 to 512
[  178.944489][ T5484] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none.
[  179.071614][ T5493] loop6: detected capacity change from 0 to 256
[  179.193468][ T5493] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  180.814539][ T5455] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  181.052028][ T4214] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  181.339096][ T5455] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  181.347503][ T5455] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  181.360300][ T5455] usb 1-1: config 135 has no interface number 0
[  181.366883][ T5455] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  181.388864][ T5455] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  181.413504][ T5455] usb 1-1: config 135 interface 230 has no altsetting 0
[  181.534519][ T4214] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  181.555055][ T4214] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  181.585209][ T4214] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.589108][ T5455] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  181.618861][ T3146] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  181.625196][ T4214] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  181.648950][ T4214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.670000][ T5455] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.704549][ T5455] usb 1-1: Product: syz
[  181.711627][ T5510] loop5: detected capacity change from 0 to 128
[  181.728362][ T5455] usb 1-1: Manufacturer: syz
[  181.733325][ T5455] usb 1-1: SerialNumber: syz
[  181.761901][ T4214] usb 4-1: invalid MIDI out EP 0
[  181.763973][ T5510] EXT4-fs (loop5): Test dummy encryption mode enabled
[  181.791270][ T5455] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  181.801605][ T5455] usb 1-1: No valid video chain found.
[  181.819229][ T5510] EXT4-fs (loop5): Test dummy encryption mode enabled
[  181.853981][ T5510] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none.
[  181.890405][ T5510] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  181.989162][ T3146] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.023202][ T5500] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.249' sets config #0
[  182.088251][ T4159] usb 1-1: USB disconnect, device number 3
[  182.096744][ T4214] snd-usb-audio: probe of 4-1:27.0 failed with error -22
[  182.136433][ T4160] udevd[4160]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  182.159133][ T3146] usb 3-1: New USB device found, idVendor=1c9e, idProduct=9001, bcdDevice=25.d8
[  182.174154][ T3146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.184546][ T4214] usb 4-1: USB disconnect, device number 5
[  182.202369][ T3146] usb 3-1: Product: syz
[  182.211053][ T3146] usb 3-1: Manufacturer: syz
[  182.226096][ T3146] usb 3-1: SerialNumber: syz
[  182.241549][ T3146] usb 3-1: config 0 descriptor??
[  182.295059][ T3146] rndis_wlan 3-1:0.0: skipping garbage
[  182.300777][ T3146] usb 3-1: bad CDC descriptors
[  182.315599][ T3146] rndis_host 3-1:0.0: skipping garbage
[  182.330260][ T3146] usb 3-1: bad CDC descriptors
[  182.341756][ T5507] loop6: detected capacity change from 0 to 40427
[  182.425368][ T5507] F2FS-fs (loop6): Invalid segment/section count (31, 24 x 117440513)
[  182.469468][ T5507] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  182.499241][ T5507] F2FS-fs (loop6): build fault injection attr: rate: 5, type: 0x1ffff
[  182.511491][ T5507] F2FS-fs (loop6): Project quota feature not enabled. Cannot enable project quota enforcement.
[  182.712519][ T5529] loop0: detected capacity change from 0 to 16
[  182.795606][ T5531] loop5: detected capacity change from 0 to 512
[  182.812637][ T5529] erofs: (device loop0): mounted with root inode @ nid 36.
[  183.493718][ T5531] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  183.612746][ T5531] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  183.693665][ T5547] loop6: detected capacity change from 0 to 512
[  183.876278][ T5547] EXT4-fs (loop6): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none.
[  184.084706][ T3146] usb 3-1: USB disconnect, device number 5
[  184.431065][ T5562] syz.0.262[5562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.431171][ T5562] syz.0.262[5562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.465167][ T5561] loop2: detected capacity change from 0 to 512
[  184.712637][ T5568] loop5: detected capacity change from 0 to 256
[  184.765650][ T5561] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.263: casefold flag without casefold feature
[  184.843931][ T5561] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.263: couldn't read orphan inode 15 (err -117)
[  184.870807][ T5568] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  185.685506][ T5561] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback.
[  186.356171][ T5565] loop3: detected capacity change from 0 to 512
[  186.831448][ T4214] Bluetooth: hci4: command 0x0406 tx timeout
[  186.837736][ T4214] Bluetooth: hci0: command 0x0406 tx timeout
[  186.844032][ T4214] Bluetooth: hci3: command 0x0406 tx timeout
[  190.363777][ T5586] loop6: detected capacity change from 0 to 512
[  190.746071][ T5586] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  190.774544][ T5586] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.913733][ T5606] loop2: detected capacity change from 0 to 512
[  191.052645][ T5606] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  191.121217][ T5606] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  191.772111][ T5621] input: syz1 as /devices/virtual/input/input6
[  192.066095][ T5639] loop5: detected capacity change from 0 to 256
[  192.273508][ T5455] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  194.835600][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.841959][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  195.113328][ T5455] usb 7-1: device descriptor read/all, error -71
[  196.114576][ T5656] loop3: detected capacity change from 0 to 256
[  196.413566][ T5654] loop2: detected capacity change from 0 to 512
[  196.673883][ T5654] EXT4-fs (loop2): Unrecognized mount option "euid>00000000000000000000" or missing value
[  196.732324][ T5656] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  197.320056][ T5663] tipc: Started in network mode
[  197.548707][ T5665] loop5: detected capacity change from 0 to 256
[  197.629035][ T5663] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  197.683245][ T5663] tipc: Enabled bearer <udp:s>, priority 10
[  198.049510][   T26] audit: type=1800 audit(1746347771.541:42): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.282" name="file1" dev="loop5" ino=1048599 res=0 errno=0
[  198.790867][ T3146] tipc: Node number set to 4269801488
[  201.905974][ T5722] loop0: detected capacity change from 0 to 128
[  202.862459][ T5724] loop6: detected capacity change from 0 to 256
[  203.999529][ T5724] exfat: Deprecated parameter 'utf8'
[  204.004897][ T5724] exfat: Deprecated parameter 'utf8'
[  204.394865][ T5735] loop5: detected capacity change from 0 to 256
[  205.760952][ T5738] loop0: detected capacity change from 0 to 256
[  205.778078][ T5735] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  205.862638][ T5724] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[  205.881309][ T5738] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  206.234602][ T5756] loop6: detected capacity change from 0 to 1024
[  206.333155][ T5756] EXT4-fs (loop6): Ignoring removed orlov option
[  206.369543][ T5756] EXT4-fs (loop6): Ignoring removed nobh option
[  206.376086][ T5756] EXT4-fs (loop6): Ignoring removed bh option
[  206.419870][ T5756] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  206.527347][ T5756] EXT4-fs (loop6): can't mount with journal_checksum, fs mounted w/o journal
[  206.729064][   T13] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  206.846177][ T5771] loop5: detected capacity change from 0 to 2048
[  206.923360][ T5771]  loop5: p1 < > p3
[  206.977789][ T5771] loop5: p3 size 134217728 extends beyond EOD, truncated
[  207.046343][ T5780] netlink: 8 bytes leftover after parsing attributes in process `syz.5.301'.
[  207.139105][   T13] usb 3-1: config 0 has an invalid interface number: 242 but max is 29
[  207.157840][   T13] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 30
[  207.203032][   T13] usb 3-1: config 0 has no interface number 0
[  207.218822][   T13] usb 3-1: config 0 interface 242 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.279720][   T13] usb 3-1: config 0 interface 242 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.304943][   T13] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  207.339131][   T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.377548][   T13] usb 3-1: config 0 descriptor??
[  207.842611][ T5802] loop0: detected capacity change from 0 to 128
[  207.944471][   T13] hid (null): report_id 0 is invalid
[  208.218335][   T26] audit: type=1800 audit(1746347781.591:43): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.306" name="bus" dev="loop0" ino=1048601 res=0 errno=0
[  209.874837][ T5810] loop3: detected capacity change from 0 to 128
[  210.831185][   T13] uclogic 0003:256C:006D.0003: report_id 0 is invalid
[  210.839715][   T13] uclogic 0003:256C:006D.0003: item 0 0 1 8 parsing failed
[  210.847497][   T13] uclogic 0003:256C:006D.0003: parse failed
[  211.545080][ T5810] EXT4-fs (loop3): Test dummy encryption mode enabled
[  211.552050][ T5810] EXT4-fs (loop3): Test dummy encryption mode enabled
[  211.565137][ T5810] EXT4-fs: failed to create workqueue
[  211.570678][ T5810] EXT4-fs (loop3): mount failed
[  211.839631][   T13] uclogic: probe of 0003:256C:006D.0003 failed with error -22
[  211.852407][   T13] usb 3-1: USB disconnect, device number 6
[  212.176022][ T5824] loop5: detected capacity change from 0 to 256
[  212.220122][ T5824] FAT-fs (loop5): Unrecognized mount option "nnonumtail=1" or missing value
[  212.337291][ T4215] Bluetooth: hci5: command 0x0406 tx timeout
[  213.428152][ T5843] loop6: detected capacity change from 0 to 512
[  214.972100][ T5846] loop0: detected capacity change from 0 to 256
[  215.498929][ T5843] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  215.515884][ T5843] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  215.868801][   T13] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  216.872449][ T5867] loop2: detected capacity change from 0 to 512
[  217.496239][ T5867] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  217.606825][ T5867] EXT4-fs (loop2): 1 truncate cleaned up
[  217.665953][ T5867] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  218.718345][ T5908] loop6: detected capacity change from 0 to 512
[  219.319801][ T5908] EXT4-fs (loop6): 1 orphan inode deleted
[  219.325647][ T5908] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  219.337348][ T5908] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  220.240320][ T5919] loop5: detected capacity change from 0 to 128
[  221.367678][ T5932] loop2: detected capacity change from 0 to 512
[  221.454477][ T5932] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  221.470490][ T5932] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  221.543248][ T5919] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,nodelalloc,,errors=continue. Quota mode: none.
[  221.556213][ T5919] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  221.780519][ T4214] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  221.990355][ T5948] loop5: detected capacity change from 0 to 256
[  222.102280][ T5948] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  222.204525][ T4214] usb 1-1: config 0 has an invalid interface number: 242 but max is 29
[  222.228191][ T4214] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 30
[  222.258972][ T4214] usb 1-1: config 0 has no interface number 0
[  222.265122][ T4214] usb 1-1: config 0 interface 242 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.295779][ T4214] usb 1-1: config 0 interface 242 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.356721][ T4214] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  222.452498][ T4214] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.653205][ T4214] usb 1-1: config 0 descriptor??
[  223.750845][ T5977] loop5: detected capacity change from 0 to 16
[  223.787651][ T5977] erofs: (device loop5): mounted with root inode @ nid 36.
[  224.006710][ T4216] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  224.149933][ T4214] hid (null): report_id 0 is invalid
[  224.173543][ T4214] uclogic 0003:256C:006D.0004: report_id 0 is invalid
[  224.206060][ T4214] uclogic 0003:256C:006D.0004: item 0 0 1 8 parsing failed
[  224.235102][ T4214] uclogic 0003:256C:006D.0004: parse failed
[  224.248899][ T4216] usb 4-1: Using ep0 maxpacket: 16
[  224.261917][ T4214] uclogic: probe of 0003:256C:006D.0004 failed with error -22
[  224.372333][ T4216] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  224.384359][ T4214] usb 1-1: USB disconnect, device number 4
[  224.392814][ T4216] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  224.519174][ T4216] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  224.538502][ T4216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  224.655992][ T4216] usb 4-1: SerialNumber: syz
[  224.706067][ T4216] usb 4-1: 0:2 : does not exist
[  225.134578][ T6006] loop0: detected capacity change from 0 to 2048
[  225.248053][ T6006] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  225.327290][ T6006] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #12: block 9: comm syz.0.341: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0
[  226.649010][ T4215] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  226.977130][ T6032] loop2: detected capacity change from 0 to 128
[  227.351346][ T4214] usb 4-1: USB disconnect, device number 6
[  228.697369][ T6053] syz.2.358[6053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  228.697532][ T6053] syz.2.358[6053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  228.739013][ T4215] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  228.791376][ T6053] syz.2.358[6053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  228.791527][ T6053] syz.2.358[6053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  228.793701][ T6055] loop3: detected capacity change from 0 to 16
[  228.803641][ T4215] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  228.909440][ T4215] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.947071][ T4215] usb 7-1: config 0 descriptor??
[  228.962976][ T1108] Bluetooth: hci2: command 0x0405 tx timeout
[  229.149010][ T6055] erofs: (device loop3): mounted with root inode @ nid 36.
[  229.182186][ T6068] loop5: detected capacity change from 0 to 512
[  229.350317][ T6069] loop2: detected capacity change from 0 to 256
[  229.941684][ T6068] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  229.957686][ T6068] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  230.976418][ T6058] loop0: detected capacity change from 0 to 40427
[  231.002745][ T6058] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  231.022901][ T4215] usbhid 7-1:0.0: can't add hid device: -71
[  231.026823][ T6058] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  231.045307][ T4215] usbhid: probe of 7-1:0.0 failed with error -71
[  231.063006][ T4215] usb 7-1: USB disconnect, device number 6
[  231.079937][ T6058] F2FS-fs (loop0): invalid crc value
[  231.343623][ T6058] F2FS-fs (loop0): Found nat_bits in checkpoint
[  231.581391][ T6058] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  231.601155][ T6058] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  232.544812][ T6101] binder: BINDER_SET_CONTEXT_MGR already set
[  232.558989][ T6101] binder: 6100:6101 ioctl 4018620d 2000000001c0 returned -16
[  233.418919][ T4273] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  233.539742][ T6115] loop6: detected capacity change from 0 to 256
[  233.560695][ T6104] loop3: detected capacity change from 0 to 256
[  233.637780][ T6115] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  233.868494][ T6123] loop5: detected capacity change from 0 to 512
[  233.875073][ T4273] usb 3-1: config 135 has an invalid interface number: 230 but max is 0
[  233.890654][ T4273] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  233.907895][ T6124] loop6: detected capacity change from 0 to 16
[  233.948030][ T4273] usb 3-1: config 135 has no interface number 0
[  233.984299][ T4273] usb 3-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  234.005313][ T6124] erofs: (device loop6): mounted with root inode @ nid 36.
[  234.069248][ T4273] usb 3-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  234.101929][ T6123] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  234.148635][ T6123] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  234.165337][ T4273] usb 3-1: config 135 interface 230 has no altsetting 0
[  234.389282][ T4273] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  234.412118][ T4273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.438312][ T4273] usb 3-1: Product: syz
[  234.452620][ T4273] usb 3-1: Manufacturer: syz
[  234.471072][ T4273] usb 3-1: SerialNumber: syz
[  234.548916][ T4273] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  234.570393][ T4273] usb 3-1: No valid video chain found.
[  234.757503][   T13] usb 3-1: USB disconnect, device number 8
[  234.964373][ T6141] syz.5.370[6141] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.964504][ T6141] syz.5.370[6141] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.297761][ T6082] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  235.347650][ T6144] loop3: detected capacity change from 0 to 128
[  235.387285][ T6145] loop6: detected capacity change from 0 to 512
[  235.420907][ T6144] EXT4-fs (loop3): Test dummy encryption mode enabled
[  235.445689][ T6144] EXT4-fs (loop3): Test dummy encryption mode enabled
[  235.465277][ T6144] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none.
[  235.467012][ T6147] loop2: detected capacity change from 0 to 256
[  235.481883][ T6144] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  235.642996][ T6147] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  235.744779][ T6082] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  235.795909][ T6082] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  235.961266][ T6082] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  236.884060][ T6082] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  237.138447][ T6082] usb 6-1: SerialNumber: syz
[  237.474082][ T6082] usb 6-1: 0:2 : does not exist
[  237.542517][ T6082] usb 6-1: USB disconnect, device number 5
[  237.727606][ T6174] netlink: 'syz.2.380': attribute type 12 has an invalid length.
[  237.753605][ T6174] netlink: 'syz.2.380': attribute type 29 has an invalid length.
[  237.763508][ T6174] netlink: 148 bytes leftover after parsing attributes in process `syz.2.380'.
[  237.798634][ T6174] loop2: detected capacity change from 0 to 2048
[  237.869233][ T6174] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  237.890462][ T4162] udevd[4162]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  237.936674][ T6174] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.210223][ T6181] loop5: detected capacity change from 0 to 512
[  238.330348][ T6181] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  238.459021][ T6181] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  238.589003][ T4159] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  238.868917][ T6192] loop3: detected capacity change from 0 to 128
[  240.008952][ T4159] usb 3-1: Using ep0 maxpacket: 16
[  240.314291][   T26] audit: type=1800 audit(1746347813.651:44): pid=6192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.384" name="bus" dev="loop3" ino=1048605 res=0 errno=0
[  241.178438][ T6195] loop5: detected capacity change from 0 to 128
[  241.285863][ T6195] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  241.330080][ T4159] usb 3-1: config 0 has an invalid interface number: 160 but max is 0
[  241.338289][ T4159] usb 3-1: config 0 has no interface number 0
[  241.359502][ T4159] usb 3-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  241.368085][ T6195] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  241.378814][ T4159] usb 3-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  241.618614][ T6204] loop2: detected capacity change from 0 to 256
[  241.642558][ T4159] usb 3-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  242.389049][ T4159] usb 3-1: string descriptor 0 read error: -71
[  242.395333][ T4159] usb 3-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  242.408919][ T6082] Bluetooth: hci2: command 0x0406 tx timeout
[  242.450026][ T4159] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.666682][ T4159] usb 3-1: config 0 descriptor??
[  242.688994][ T4159] usb 3-1: can't set config #0, error -71
[  242.699426][ T4159] usb 3-1: USB disconnect, device number 9
[  243.912919][ T6221] syz.2.392 (6221) used greatest stack depth: 20416 bytes left
[  244.238892][ T5027] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  244.301902][ T6233] input: syz1 as /devices/virtual/input/input7
[  244.348889][ T4215] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  244.613440][ T5027] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.616485][ T4215] usb 1-1: Using ep0 maxpacket: 16
[  244.630138][ T5027] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  244.652335][ T5027] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  244.680078][ T5027] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  244.700299][ T5027] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.726474][ T5027] usb 4-1: config 0 descriptor??
[  244.799831][ T4215] usb 1-1: config 0 has an invalid interface number: 160 but max is 0
[  244.808604][ T4215] usb 1-1: config 0 has no interface number 0
[  244.815227][ T4215] usb 1-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  244.825736][ T4215] usb 1-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  244.837691][ T4215] usb 1-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  244.999093][ T4215] usb 1-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  245.010508][ T4215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.019186][ T4215] usb 1-1: Product: syz
[  245.023468][ T4215] usb 1-1: Manufacturer: syz
[  245.028267][ T4215] usb 1-1: SerialNumber: syz
[  245.042935][ T4215] usb 1-1: config 0 descriptor??
[  245.069297][ T6230] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  245.080421][ T6230] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  245.348934][ T4215] asix 1-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  245.370579][ T4215] asix: probe of 1-1:0.160 failed with error -71
[  245.395092][ T4215] usb 1-1: USB disconnect, device number 5
[  245.474478][ T5027] usbhid 4-1:0.0: can't add hid device: -71
[  245.482231][ T5027] usbhid: probe of 4-1:0.0 failed with error -71
[  245.505305][ T5027] usb 4-1: USB disconnect, device number 7
[  245.533214][ T6245] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  245.931902][ T4159] Bluetooth: hci1: command 0x1003 tx timeout
[  245.938111][ T4180] Bluetooth: hci1: sending frame failed (-49)
[  246.004030][ T6251] loop3: detected capacity change from 0 to 128
[  246.111004][ T6251] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  246.123606][ T6251] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  246.223627][ T6264] futex_wake_op: syz.3.406 tries to shift op by 32; fix this program
[  246.334336][ T6274] 9pnet: Insufficient options for proto=fd
[  246.380646][ T6274] binder: 6272:6274 ioctl 4018620d 0 returned -22
[  248.009066][ T4159] Bluetooth: hci1: command 0x1001 tx timeout
[  248.019625][ T4180] Bluetooth: hci1: sending frame failed (-49)
[  248.039569][ T4215] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  248.091629][ T6301] loop6: detected capacity change from 0 to 512
[  248.202105][ T6301] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.413: invalid indirect mapped block 256 (level 2)
[  248.329536][ T6301] EXT4-fs (loop6): 2 truncates cleaned up
[  248.335303][ T6301] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  248.439001][ T4215] usb 3-1: config 135 has an invalid interface number: 230 but max is 0
[  248.457647][ T4215] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  248.488576][ T4215] usb 3-1: config 135 has no interface number 0
[  248.509417][ T4215] usb 3-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  248.530133][ T4215] usb 3-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  248.545454][ T4215] usb 3-1: config 135 interface 230 has no altsetting 0
[  248.669462][ T6301] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm syz.6.413: bg 0: block 5: invalid block bitmap
[  248.744466][ T4215] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  248.768821][ T4215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.794542][ T4215] usb 3-1: Product: syz
[  248.797581][ T6306] netlink: 16 bytes leftover after parsing attributes in process `syz.3.414'.
[  248.804027][ T4215] usb 3-1: Manufacturer: syz
[  248.823309][ T4215] usb 3-1: SerialNumber: syz
[  248.840742][ T6301] syz.6.413 (6301) used greatest stack depth: 20200 bytes left
[  248.899693][ T4215] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  248.906095][ T4215] usb 3-1: No valid video chain found.
[  249.110998][ T4273] usb 3-1: USB disconnect, device number 10
[  249.689617][ T6313] netlink: 16 bytes leftover after parsing attributes in process `syz.0.426'.
[  250.048916][ T5027] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  250.079063][ T5455] Bluetooth: hci1: command 0x1009 tx timeout
[  250.116149][ T6321] loop6: detected capacity change from 0 to 256
[  250.131884][ T6321] exfat: Deprecated parameter 'namecase'
[  250.159556][ T6321] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  250.303736][ T6325] loop6: detected capacity change from 0 to 512
[  250.310776][ T5027] usb 4-1: Using ep0 maxpacket: 16
[  250.322929][ T6325] EXT4-fs (loop6): Ignoring removed bh option
[  250.333300][ T6325] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  250.357840][ T6325] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2228: inode #15: comm syz.6.421: corrupted in-inode xattr
[  250.375778][ T6325] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.421: couldn't read orphan inode 15 (err -117)
[  250.392294][ T6325] EXT4-fs (loop6): mounted filesystem without journal. Opts: resgid=0x000000000000ee01,lazytime,bh,noload,nombcache,data_err=ignore,noinit_itable,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: none.
[  250.469516][ T5027] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  250.477715][ T5027] usb 4-1: config 0 has no interface number 0
[  250.484344][ T5027] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  250.494407][ T5027] usb 4-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  250.505767][ T5027] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  250.694910][ T6331] loop6: detected capacity change from 0 to 512
[  250.773213][ T5027] usb 4-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  250.808810][ T5027] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.816848][ T5027] usb 4-1: Product: syz
[  250.840653][ T6331] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  250.842549][ T5027] usb 4-1: Manufacturer: syz
[  250.870538][ T6331] ext4 filesystem being mounted at /62/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  250.911407][ T5027] usb 4-1: SerialNumber: syz
[  250.936835][ T5027] usb 4-1: config 0 descriptor??
[  250.979368][ T6314] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  250.992112][ T6314] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  251.269034][ T5027] asix 4-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  251.286034][ T5027] asix: probe of 4-1:0.160 failed with error -71
[  251.353045][ T5027] usb 4-1: USB disconnect, device number 8
[  252.102497][ T6347] syz.2.427 uses obsolete (PF_INET,SOCK_PACKET)
[  252.698971][ T5455] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  253.069369][ T5455] usb 7-1: config 135 has an invalid interface number: 230 but max is 0
[  253.113564][ T5455] usb 7-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  253.255597][ T5455] usb 7-1: config 135 has no interface number 0
[  253.418782][ T5455] usb 7-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  253.448983][ T5455] usb 7-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  253.522844][ T5455] usb 7-1: config 135 interface 230 has no altsetting 0
[  253.562343][ T6360] netlink: 36 bytes leftover after parsing attributes in process `syz.2.433'.
[  253.572100][ T6358] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  254.021602][ T5455] usb 7-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  254.088106][ T5455] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.244066][ T5455] usb 7-1: Product: syz
[  254.330384][ T5455] usb 7-1: Manufacturer: syz
[  254.599536][ T6368] netlink: 16 bytes leftover after parsing attributes in process `syz.3.434'.
[  254.610106][ T5455] usb 7-1: SerialNumber: syz
[  254.680075][ T5455] usb 7-1: Found UVC 0.00 device syz (18ec:3288)
[  254.696939][ T5455] usb 7-1: No valid video chain found.
[  254.894158][   T13] usb 7-1: USB disconnect, device number 7
[  254.901541][ T6374] loop5: detected capacity change from 0 to 512
[  254.916822][ T6376] syz.2.438[6376] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.916952][ T6376] syz.2.438[6376] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.942550][ T6378] capability: warning: `syz.0.439' uses 32-bit capabilities (legacy support in use)
[  255.202646][ T6374] EXT4-fs (loop5): 1 orphan inode deleted
[  255.208602][ T6374] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  255.220755][ T6374] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  255.392507][ T6387] loop2: detected capacity change from 0 to 512
[  255.506364][ T6391] loop5: detected capacity change from 0 to 128
[  255.551650][ T6387] EXT4-fs (loop2): 1 orphan inode deleted
[  255.557496][ T6387] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  255.599070][ T6387] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  255.686368][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  255.692767][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  255.694173][ T6391] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,resuid=0x0000000000000000,,errors=continue. Quota mode: none.
[  255.732166][ T6391] ext4 filesystem being mounted at /60/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  255.868454][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.441'.
[  255.972184][ T6391] EXT4-fs warning (device loop5): verify_group_input:147: Cannot add at group 1803188595 (only 1 groups)
[  255.985085][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.441'.
[  257.892633][ T4215] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  257.965008][ T6421] loop6: detected capacity change from 0 to 512
[  257.985946][ T6421] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  258.056431][ T6421] EXT4-fs (loop6): mounted filesystem without journal. Opts: block_validity,jqfmt=vfsv1,commit=0x0000000000000000,mblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: none.
[  258.269150][ T4215] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  258.289166][ T4273] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  258.302693][ T4215] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.325682][ T4215] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  258.356575][ T4215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.396945][ T4215] usb 1-1: config 0 descriptor??
[  258.538834][ T4273] usb 6-1: Using ep0 maxpacket: 16
[  258.819062][ T4273] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  258.832821][ T4273] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.849958][ T4273] usb 6-1: Product: syz
[  258.858693][ T4273] usb 6-1: Manufacturer: syz
[  258.868260][ T4273] usb 6-1: SerialNumber: syz
[  258.887744][ T4273] usb 6-1: config 0 descriptor??
[  258.895347][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  258.907087][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  258.923035][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  258.937958][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  258.947036][ T4273] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  258.963054][ T4273] usb 6-1: Detected FT232H
[  258.970216][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  258.987380][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  259.002294][ T4215] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0
[  259.061155][ T4215] arvo 0003:1E7D:30D4.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.0-1/input0
[  259.098944][ T4215] arvo 0003:1E7D:30D4.0005: couldn't init struct arvo_device
[  259.118874][ T4215] arvo 0003:1E7D:30D4.0005: couldn't install keyboard
[  259.128313][ T4215] arvo: probe of 0003:1E7D:30D4.0005 failed with error -71
[  259.153491][ T4215] usb 1-1: USB disconnect, device number 6
[  259.205153][ T6433] input: syz1 as /devices/virtual/input/input8
[  259.324380][ T5027] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  259.378872][ T4273] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  259.398894][ T4273] ftdi_sio 6-1:0.0: GPIO initialisation failed: -71
[  259.419736][ T4273] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  259.438098][ T4273] usb 6-1: USB disconnect, device number 6
[  259.483075][ T4273] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  259.502071][ T4273] ftdi_sio 6-1:0.0: device disconnected
[  259.769309][ T5027] usb 4-1: config 135 has an invalid interface number: 230 but max is 0
[  259.777694][ T5027] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  259.808871][ T5027] usb 4-1: config 135 has no interface number 0
[  259.815182][ T5027] usb 4-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  259.841829][ T5027] usb 4-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  259.881574][ T5027] usb 4-1: config 135 interface 230 has no altsetting 0
[  259.939668][ T6448] loop0: detected capacity change from 0 to 512
[  259.973292][ T6450] loop5: detected capacity change from 0 to 512
[  260.064803][ T6448] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.461: invalid indirect mapped block 256 (level 2)
[  260.085270][ T6448] EXT4-fs (loop0): 2 truncates cleaned up
[  260.091677][ T5027] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  260.101265][ T6448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  260.113058][ T5027] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.121252][ T5027] usb 4-1: Product: syz
[  260.126385][ T5027] usb 4-1: Manufacturer: syz
[  260.131150][ T5027] usb 4-1: SerialNumber: syz
[  260.155523][ T6450] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  260.181186][ T5027] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  260.187831][ T5027] usb 4-1: No valid video chain found.
[  260.206912][ T6450] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  260.375997][ T6448] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.461: bg 0: block 5: invalid block bitmap
[  260.404294][ T3146] usb 4-1: USB disconnect, device number 9
[  261.939702][ T4273] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  262.983418][   T26] audit: type=1326 audit(1746347836.481:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6481 comm="syz.5.473" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb18c021969 code=0x0
[  263.888078][ T6485] loop2: detected capacity change from 0 to 131072
[  263.901737][ T4273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.913529][ T4273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.923864][ T4273] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  263.942934][ T4273] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  263.953934][ T4273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.009671][ T4273] usb 1-1: config 0 descriptor??
[  264.201724][ T6485] F2FS-fs (loop2): Test dummy encryption mode enabled
[  264.211420][ T6485] F2FS-fs (loop2): invalid crc value
[  264.394949][ T5027] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  264.412973][ T6485] F2FS-fs (loop2): Found nat_bits in checkpoint
[  264.673581][ T6485] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  264.715516][   T26] audit: type=1800 audit(1746347838.201:46): pid=6480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.469" name="file1" dev="loop2" ino=7 res=0 errno=0
[  264.949252][ T5027] usb 7-1: config 135 has an invalid interface number: 230 but max is 0
[  265.013376][ T5027] usb 7-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  265.206772][ T5027] usb 7-1: config 135 has no interface number 0
[  265.216579][ T5027] usb 7-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  265.258495][ T5027] usb 7-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  265.298272][ T5027] usb 7-1: config 135 interface 230 has no altsetting 0
[  265.308352][ T4273] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  265.341609][ T4273] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  265.514589][ T5027] usb 7-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  265.526495][ T5027] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.541256][ T5027] usb 7-1: Product: syz
[  265.545685][ T5027] usb 7-1: Manufacturer: syz
[  265.554634][ T5027] usb 7-1: SerialNumber: syz
[  265.611184][ T5027] usb 7-1: Found UVC 0.00 device syz (18ec:3288)
[  265.617579][ T5027] usb 7-1: No valid video chain found.
[  265.926070][ T4215] usb 7-1: USB disconnect, device number 8
[  266.129073][ T6532] loop3: detected capacity change from 0 to 512
[  266.313096][ T6532] EXT4-fs (loop3): Ignoring removed oldalloc option
[  266.565605][ T6532] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.483: Parent and EA inode have the same ino 15
[  266.585035][ T6532] EXT4-fs (loop3): Remounting filesystem read-only
[  266.593638][ T6532] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.483: Parent and EA inode have the same ino 15
[  266.617231][ T6532] EXT4-fs (loop3): Remounting filesystem read-only
[  266.626450][ T6532] EXT4-fs (loop3): 1 orphan inode deleted
[  266.632368][ T6532] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsdgroups,oldalloc,mb_optimize_scan=0x0000000000000001,. Quota mode: none.
[  267.029591][ T5455] usb 1-1: USB disconnect, device number 7
[  269.739639][ T6561] syz.3.490[6561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  269.739790][ T6561] syz.3.490[6561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.614861][ T6570] loop0: detected capacity change from 0 to 1024
[  270.666859][ T6570] EXT4-fs (loop0): Ignoring removed bh option
[  270.677728][ T6570] EXT4-fs (loop0): inline encryption not supported
[  270.705255][ T6570] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.493: lblock 1 mapped to illegal pblock 1 (length 1)
[  270.728177][ T6570] Quota error (device loop0): write_blk: dquota write failed
[  270.737018][ T6570] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  270.753681][ T6570] EXT4-fs error (device loop0): ext4_acquire_dquot:6204: comm syz.0.493: Failed to acquire dquot type 0
[  270.766957][ T6570] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.493: Freeing blocks not in datazone - block = 0, count = 4096
[  270.787480][ T6570] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.493: Invalid inode bitmap blk 0 in block_group 0
[  270.806063][ T6282] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:34: lblock 1 mapped to illegal pblock 1 (length 1)
[  270.825300][ T6570] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem
[  270.838018][ T6282] Quota error (device loop0): remove_tree: Can't read quota data block 1
[  270.853239][ T6570] EXT4-fs (loop0): 1 orphan inode deleted
[  270.860964][ T6570] EXT4-fs (loop0): mounted filesystem without journal. Opts: ��; nodioread_nolock,nodiscard,bh,max_batch_time=0x00000000000008c9,nodiscard,inlinecrypt,i_version,,errors=continue. Quota mode: writeback.
[  270.887310][ T6282] EXT4-fs error (device loop0): ext4_release_dquot:6240: comm kworker/u4:34: Failed to release dquot type 0
[  271.598473][ T6576] loop5: detected capacity change from 0 to 512
[  271.816715][ T6576] EXT4-fs (loop5): orphan cleanup on readonly fs
[  271.839064][ T6576] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.494: bg 0: block 248: padding at end of block bitmap is not set
[  271.937312][ T6584] netlink: 44 bytes leftover after parsing attributes in process `syz.2.497'.
[  272.669165][ T6576] Quota error (device loop5): write_blk: dquota write failed
[  272.676660][ T6576] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  272.784003][ T6576] EXT4-fs error (device loop5): ext4_acquire_dquot:6204: comm syz.5.494: Failed to acquire dquot type 1
[  272.801419][ T6576] EXT4-fs (loop5): 1 truncate cleaned up
[  272.833304][ T6576] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  272.861369][ T6593] loop3: detected capacity change from 0 to 512
[  272.962549][ T6597] loop6: detected capacity change from 0 to 512
[  272.964654][ T6596] loop0: detected capacity change from 0 to 16
[  273.071972][ T6593] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  273.119231][ T6593] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  273.210888][ T6596] erofs: (device loop0): mounted with root inode @ nid 36.
[  273.236519][ T6597] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  273.340332][ T6597] ext4 filesystem being mounted at /78/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  273.651374][ T6610] loop2: detected capacity change from 0 to 1024
[  273.791121][ T6610] EXT4-fs (loop2): Ignoring removed orlov option
[  273.821392][ T6610] EXT4-fs (loop2): Ignoring removed nobh option
[  273.827689][ T6610] EXT4-fs (loop2): Ignoring removed bh option
[  273.881703][ T6610] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  273.911522][ T6610] EXT4-fs (loop2): can't mount with journal_checksum, fs mounted w/o journal
[  274.532098][ T6629] hub 9-0:1.0: USB hub found
[  274.629046][ T6629] hub 9-0:1.0: 1 port detected
[  275.556792][ T6625] netlink: 8 bytes leftover after parsing attributes in process `syz.6.508'.
[  276.300798][ T6644] loop5: detected capacity change from 0 to 16
[  276.444703][ T6644] erofs: (device loop5): mounted with root inode @ nid 36.
[  276.617298][ T6649] netlink: 44 bytes leftover after parsing attributes in process `syz.3.512'.
[  278.000140][ T5027] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  278.027502][ T6657] loop5: detected capacity change from 0 to 16
[  278.093791][ T6657] erofs: (device loop5): mounted with root inode @ nid 36.
[  278.118040][ T6646] loop2: detected capacity change from 0 to 40427
[  278.289019][ T5027] usb 4-1: Using ep0 maxpacket: 16
[  278.329356][ T4186] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000]
[  278.340664][ T6646] F2FS-fs (loop2): invalid crc value
[  278.367417][ T6660] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192]
[  278.380894][ T6663] loop0: detected capacity change from 0 to 512
[  278.397286][   T26] audit: type=1800 audit(1746347851.891:47): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.516" name="file2" dev="loop5" ino=89 res=0 errno=0
[  278.459292][ T5027] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  278.467589][ T5027] usb 4-1: config 0 has no interface number 0
[  278.474151][ T5027] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  278.488559][ T5027] usb 4-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  278.513073][ T6646] F2FS-fs (loop2): Found nat_bits in checkpoint
[  278.585061][ T5027] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  278.627252][ T6663] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  278.675298][ T6663] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  278.881755][ T6646] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  278.959189][ T5027] usb 4-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  278.970074][ T5027] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.989073][ T5027] usb 4-1: Product: syz
[  278.993278][ T5027] usb 4-1: Manufacturer: syz
[  278.997964][ T6646] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  279.013327][ T5027] usb 4-1: SerialNumber: syz
[  279.050828][ T5027] usb 4-1: config 0 descriptor??
[  279.071923][ T6640] attempt to access beyond end of device
[  279.071923][ T6640] loop2: rw=2049, want=45104, limit=40427
[  279.099159][ T6654] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  279.115383][ T6654] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  279.458974][ T5027] asix 4-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  279.474863][ T5027] asix: probe of 4-1:0.160 failed with error -71
[  279.512166][ T5027] usb 4-1: USB disconnect, device number 10
[  279.810341][ T6675] loop5: detected capacity change from 0 to 40427
[  279.873455][ T6675] F2FS-fs (loop5): Found nat_bits in checkpoint
[  279.930783][ T6675] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  281.629689][ T6684] loop2: detected capacity change from 0 to 40427
[  282.294300][ T6684] F2FS-fs (loop2): invalid crc value
[  282.398671][ T6684] F2FS-fs (loop2): Found nat_bits in checkpoint
[  282.431652][ T6714] loop6: detected capacity change from 0 to 512
[  282.588663][ T6714] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  282.670180][ T6714] ext4 filesystem being mounted at /84/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  282.699394][ T6684] F2FS-fs (loop2): Start checkpoint disabled!
[  282.897394][ T6723] bridge0: port 3(vlan2) entered blocking state
[  282.939825][ T6723] bridge0: port 3(vlan2) entered disabled state
[  283.640569][ T4434] attempt to access beyond end of device
[  283.640569][ T4434] loop5: rw=2049, want=45104, limit=40427
[  283.919257][ T6737] loop6: detected capacity change from 0 to 2048
[  284.029589][ T6737] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  284.263814][   T26] audit: type=1326 audit(1746347857.761:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.286885][   T26] audit: type=1326 audit(1746347857.761:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.309928][   T26] audit: type=1326 audit(1746347857.781:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.335864][   T26] audit: type=1326 audit(1746347857.781:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.396263][   T26] audit: type=1326 audit(1746347857.781:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.443994][   T26] audit: type=1326 audit(1746347857.791:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.474425][   T26] audit: type=1326 audit(1746347857.791:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.524802][ T6744] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  284.541312][ T6748] binder: 6747:6748 ioctl c0306201 2000000003c0 returned -14
[  284.613896][   T26] audit: type=1326 audit(1746347857.791:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.764762][   T26] audit: type=1326 audit(1746347857.791:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  284.873236][   T26] audit: type=1326 audit(1746347857.791:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6745 comm="syz.2.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c410d5969 code=0x7ffc0000
[  286.806044][ T6770] loop3: detected capacity change from 0 to 512
[  286.866250][ T6768] loop0: detected capacity change from 0 to 512
[  286.871150][ T6770] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  286.896614][ T6774] loop5: detected capacity change from 0 to 512
[  286.951244][ T6774] EXT4-fs (loop5): Ignoring removed bh option
[  286.964316][ T6774] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  286.988560][ T6774] EXT4-fs (loop5): 1 truncate cleaned up
[  286.994471][ T6774] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  287.027810][ T6774] overlayfs: upper fs needs to support d_type.
[  287.093893][ T6768] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  287.161832][ T6768] ext4 filesystem being mounted at /117/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  287.677950][ T6783] loop6: detected capacity change from 0 to 512
[  287.750832][ T6783] EXT4-fs (loop6): Ignoring removed oldalloc option
[  287.924408][ T6783] EXT4-fs error (device loop6): ext4_xattr_inode_iget:400: comm syz.6.554: Parent and EA inode have the same ino 15
[  287.945000][ T6783] EXT4-fs (loop6): Remounting filesystem read-only
[  287.952349][ T6783] EXT4-fs error (device loop6): ext4_xattr_inode_iget:400: comm syz.6.554: Parent and EA inode have the same ino 15
[  287.971523][ T6783] EXT4-fs (loop6): Remounting filesystem read-only
[  287.979248][ T6783] EXT4-fs (loop6): 1 orphan inode deleted
[  287.985061][ T6783] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsdgroups,oldalloc,mb_optimize_scan=0x0000000000000001,. Quota mode: none.
[  289.761763][ T4282] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  290.003416][ T6794] loop0: detected capacity change from 0 to 1024
[  290.085442][ T4434] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294901760 (level 0)
[  290.101379][ T6794] EXT4-fs (loop0): Ignoring removed nobh option
[  290.107720][ T6794] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  290.150337][ T6794] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,usrjquota=,nobarrier,dioread_lock,norecovery,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,delalloc,bsdgroups,dioread_nolock,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  290.186493][ T4434] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294967295 (level 1)
[  290.241104][ T4434] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 65535 (level 2)
[  291.825096][ T6817] loop5: detected capacity change from 0 to 512
[  291.912346][ T4282] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  292.136430][ T6824] loop0: detected capacity change from 0 to 512
[  293.174591][ T6824] EXT4-fs (loop0): Ignoring removed oldalloc option
[  293.370550][ T6824] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.566: Parent and EA inode have the same ino 15
[  293.385577][ T6824] EXT4-fs (loop0): Remounting filesystem read-only
[  293.394182][ T6824] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.566: Parent and EA inode have the same ino 15
[  293.415607][ T6824] EXT4-fs (loop0): Remounting filesystem read-only
[  293.423424][ T6824] EXT4-fs (loop0): 1 orphan inode deleted
[  293.429694][ T6824] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsdgroups,oldalloc,mb_optimize_scan=0x0000000000000001,. Quota mode: none.
[  294.709557][ T6817] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  294.730113][ T6817] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  295.084294][ T6846] input: syz1 as /devices/virtual/input/input10
[  295.934710][ T6848] loop0: detected capacity change from 0 to 1024
[  296.027150][ T6853] loop5: detected capacity change from 0 to 512
[  296.073766][ T6853] EXT4-fs (loop5): Ignoring removed orlov option
[  296.102218][ T6848] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  296.123359][ T6853] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,noblock_validity,noquota,auto_da_alloc=0x0000000000000004,orlov,,errors=continue. Quota mode: writeback.
[  296.178948][ T6853] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  298.048857][ T5027] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  298.297889][ T6883] loop5: detected capacity change from 0 to 256
[  299.412695][ T5027] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  299.478825][ T5027] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  299.548176][ T6899] loop2: detected capacity change from 0 to 16
[  299.561836][ T5027] usb 1-1: config 135 has no interface number 0
[  299.607085][ T5027] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  299.637174][ T6899] erofs: (device loop2): mounted with root inode @ nid 36.
[  299.687877][ T6899] erofs: (device loop2): z_erofs_readahead: readahead error at page 2 @ nid 89
[  299.708795][ T5027] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  299.753004][ T4186] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -5 in[4096, 0] out[8192]
[  299.793167][ T5027] usb 1-1: config 135 interface 230 has no altsetting 0
[  299.794061][ T6899] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -5 in[4096, 0] out[4096]
[  299.891875][   T26] kauditd_printk_skb: 11 callbacks suppressed
[  299.891891][   T26] audit: type=1800 audit(1746347873.391:69): pid=6899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.586" name="file2" dev="loop2" ino=89 res=0 errno=0
[  299.989070][ T5027] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  300.006820][ T5027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.018305][ T6903] netlink: 'syz.5.587': attribute type 3 has an invalid length.
[  300.056999][ T5027] usb 1-1: Product: syz
[  300.068276][ T5027] usb 1-1: Manufacturer: syz
[  300.097920][ T5027] usb 1-1: SerialNumber: syz
[  300.171263][ T5027] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  300.177666][ T5027] usb 1-1: No valid video chain found.
[  300.381709][ T5027] usb 1-1: USB disconnect, device number 8
[  300.604655][ T6907] loop6: detected capacity change from 0 to 256
[  300.666945][ T6907] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  303.328853][ T6082] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  303.480773][ T6924] loop0: detected capacity change from 0 to 512
[  303.588863][ T6082] usb 3-1: Using ep0 maxpacket: 16
[  303.674397][ T6924] EXT4-fs (loop0): mounted filesystem without journal. Opts: noquota,barrier=0x0000000000001000,grpjquota=,noauto_da_alloc,dioread_lock,,errors=continue. Quota mode: writeback.
[  303.710153][ T6082] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  303.719120][ T6082] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  303.744113][ T6082] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  303.769616][ T6924] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.919432][ T6082] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  303.958757][ T6082] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.988349][ T6082] usb 3-1: Product: syz
[  304.007722][ T6082] usb 3-1: Manufacturer: syz
[  304.048395][ T6082] usb 3-1: SerialNumber: syz
[  304.510397][ T6934] loop5: detected capacity change from 0 to 1024
[  304.539142][ T6082] usb 3-1: 0:2 : does not exist
[  304.651834][ T6934] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  304.717988][   T26] audit: type=1800 audit(1746347878.211:70): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.596" name="file1" dev="loop5" ino=15 res=0 errno=0
[  305.175731][ T6918] udc-core: couldn't find an available UDC or it's busy
[  305.188596][ T6918] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  305.575201][ T6942] device bridge0 entered promiscuous mode
[  305.605081][ T6942] bridge0: port 3(macsec1) entered blocking state
[  305.625228][ T6942] bridge0: port 3(macsec1) entered disabled state
[  305.676943][ T6942] device bridge0 left promiscuous mode
[  305.726240][ T6944] loop3: detected capacity change from 0 to 2048
[  305.835554][ T4162] Alternate GPT is invalid, using primary GPT.
[  305.855665][ T4162]  loop3: p1 p2 p3
[  305.924144][ T6944] Alternate GPT is invalid, using primary GPT.
[  305.946372][ T6944]  loop3: p1 p2 p3
[  306.156057][ T6082] usb 3-1: USB disconnect, device number 11
[  306.567388][ T5517] udevd[5517]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  306.618140][ T4319] udevd[4319]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  306.920622][ T4162] udevd[4162]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  307.010309][ T6952] loop3: detected capacity change from 0 to 16
[  307.113128][ T6952] erofs: (device loop3): mounted with root inode @ nid 36.
[  307.134236][ T6952] erofs: (device loop3): z_erofs_readahead: readahead error at page 2 @ nid 89
[  307.161837][ T4186] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  307.201410][ T6952] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  307.345216][   T26] audit: type=1800 audit(1746347880.841:71): pid=6952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.603" name="file3" dev="loop3" ino=89 res=0 errno=0
[  307.384515][ T4162] udevd[4162]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  307.412456][ T4320] udevd[4320]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  307.413105][ T4825] udevd[4825]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  307.574650][ T6965] loop0: detected capacity change from 0 to 16
[  307.619172][ T6965] erofs: (device loop0): mounted with root inode @ nid 36.
[  307.669724][ T6965] erofs: (device loop0): z_erofs_readahead: readahead error at page 2 @ nid 89
[  307.697056][ T6082] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  307.702360][ T4186] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -5 in[4096, 0] out[8192]
[  307.738303][ T6965] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -5 in[4096, 0] out[4096]
[  307.819134][   T26] audit: type=1800 audit(1746347881.321:72): pid=6965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.608" name="file2" dev="loop0" ino=89 res=0 errno=0
[  307.958825][ T6082] usb 3-1: Using ep0 maxpacket: 16
[  308.085962][ T6082] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  308.113895][ T6082] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  308.168348][ T6082] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  308.190160][ T6082] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  308.206086][ T6082] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  308.299045][ T6082] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  308.318490][ T6082] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  308.328658][ T6082] usb 3-1: SerialNumber: syz
[  308.369329][ T6962] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  308.390332][ T6082] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[  308.410479][ T6082] cdc_acm: probe of 3-1:1.0 failed with error -12
[  308.424479][ T4216] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  308.592968][ T4214] usb 3-1: USB disconnect, device number 12
[  308.853122][ T6978] loop3: detected capacity change from 0 to 256
[  308.879070][ T4216] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  309.249386][ T4216] usb 1-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  309.300814][ T4216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.449591][ T4216] usb 1-1: Product: syz
[  309.502526][ T4216] usb 1-1: Manufacturer: syz
[  309.559639][ T4216] usb 1-1: SerialNumber: syz
[  309.809473][ T4216] usb 1-1: config 0 descriptor??
[  311.008023][ T4216] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[  311.269241][ T4216] usb 1-1: USB disconnect, device number 9
[  311.276301][ T4162] udevd[4162]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  312.440526][ T7000] netlink: 28 bytes leftover after parsing attributes in process `syz.3.619'.
[  312.839455][ T7011] binfmt_misc: register: failed to install interpreter file ./file2
[  316.914492][ T7034] loop2: detected capacity change from 0 to 512
[  317.021515][ T7040] loop0: detected capacity change from 0 to 512
[  317.124165][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  317.133965][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  317.429070][ T7034] EXT4-fs error (device loop2): ext4_get_journal_inode:5160: comm syz.2.630: inode #16777216: comm syz.2.630: iget: illegal inode #
[  317.486513][ T7040] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  317.504147][ T7040] ext4 filesystem being mounted at /135/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  317.921470][ T7034] EXT4-fs (loop2): Remounting filesystem read-only
[  317.979027][ T7034] EXT4-fs (loop2): no journal found
[  317.984360][ T7034] EXT4-fs (loop2): can't get journal size
[  318.016153][ T7034] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  318.085243][ T7034] EXT4-fs (loop2): failed to initialize system zone (-22)
[  318.102873][ T7034] EXT4-fs (loop2): mount failed
[  318.180270][ T7048] loop5: detected capacity change from 0 to 16
[  318.290085][ T7054] loop3: detected capacity change from 0 to 512
[  318.383109][ T7048] erofs: (device loop5): mounted with root inode @ nid 36.
[  318.451362][ T7048] erofs: (device loop5): z_erofs_readahead: readahead error at page 2 @ nid 89
[  318.490052][ T7054] EXT4-fs (loop3): 1 orphan inode deleted
[  318.500419][ T7054] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  318.562285][ T7054] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.630749][ T4186] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  318.661712][ T7048] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress 6887 in[4096, 0] out[8192]
[  318.738799][   T26] audit: type=1800 audit(1746347892.231:73): pid=7048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.634" name="file3" dev="loop5" ino=89 res=0 errno=0
[  319.398569][ T7070] loop5: detected capacity change from 0 to 256
[  320.667981][ T7074] loop0: detected capacity change from 0 to 4096
[  320.983275][ T7070] exfat: Deprecated parameter 'namecase'
[  321.011115][ T7070] exfat: Deprecated parameter 'namecase'
[  321.682872][ T7070] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d)
[  323.610757][   T26] audit: type=1800 audit(1746347897.091:74): pid=7070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.640" name="file1" dev="loop5" ino=1048609 res=0 errno=0
[  323.632287][ T7070] exFAT-fs (loop5): hint_cluster is invalid (4278190089)
[  323.663957][ T7070] exFAT-fs (loop5): error, failed to bmap (inode : ffff88805f21a1e0 iblock : 8, err : -5)
[  323.716610][ T7070] exFAT-fs (loop5): error, invalid access to FAT (entry 0xff000008)
[  323.761336][ T7070] exFAT-fs (loop5): error, invalid access to FAT (entry 0xff000008)
[  323.802273][ T7086] attempt to access beyond end of device
[  323.802273][ T7086] loop5: rw=0, want=34225520825, limit=256
[  323.852866][ T7086] Buffer I/O error on dev loop5, logical block 34225520824, async page read
[  323.862326][   T26] audit: type=1800 audit(1746347897.361:75): pid=7086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.640" name="file1" dev="loop5" ino=1048609 res=0 errno=0
[  323.897264][ T7088] loop3: detected capacity change from 0 to 256
[  323.972028][ T4229] attempt to access beyond end of device
[  323.972028][ T4229] loop5: rw=1, want=34225520826, limit=256
[  324.038840][ T4229] Buffer I/O error on dev loop5, logical block 34225520825, lost async page write
[  324.068932][ T4229] attempt to access beyond end of device
[  324.068932][ T4229] loop5: rw=1, want=34225520827, limit=256
[  324.085541][ T7088] FAT-fs (loop3): Directory bread(block 64) failed
[  324.095967][ T7091] loop0: detected capacity change from 0 to 512
[  324.108780][ T7088] FAT-fs (loop3): Directory bread(block 65) failed
[  324.115413][ T7088] FAT-fs (loop3): Directory bread(block 66) failed
[  324.149755][ T4229] Buffer I/O error on dev loop5, logical block 34225520826, lost async page write
[  324.187921][ T7088] FAT-fs (loop3): Directory bread(block 67) failed
[  324.196247][ T4229] attempt to access beyond end of device
[  324.196247][ T4229] loop5: rw=1, want=34225520828, limit=256
[  324.201997][ T7088] FAT-fs (loop3): Directory bread(block 68) failed
[  324.224153][ T4229] Buffer I/O error on dev loop5, logical block 34225520827, lost async page write
[  324.271786][ T7091] EXT4-fs (loop0): mounted filesystem without journal. Opts: noquota,barrier=0x0000000000001000,grpjquota=,noauto_da_alloc,dioread_lock,,errors=continue. Quota mode: writeback.
[  324.278578][ T4229] attempt to access beyond end of device
[  324.278578][ T4229] loop5: rw=1, want=34225520829, limit=256
[  324.319125][ T7088] FAT-fs (loop3): Directory bread(block 69) failed
[  324.325791][ T7088] FAT-fs (loop3): Directory bread(block 70) failed
[  324.332415][ T7088] FAT-fs (loop3): Directory bread(block 71) failed
[  324.339685][ T7088] FAT-fs (loop3): Directory bread(block 72) failed
[  324.346256][ T7088] FAT-fs (loop3): Directory bread(block 73) failed
[  324.357098][ T7091] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.368508][ T4229] Buffer I/O error on dev loop5, logical block 34225520828, lost async page write
[  324.378969][ T4229] attempt to access beyond end of device
[  324.378969][ T4229] loop5: rw=1, want=34225520830, limit=256
[  324.395577][ T4229] Buffer I/O error on dev loop5, logical block 34225520829, lost async page write
[  324.405366][ T4229] attempt to access beyond end of device
[  324.405366][ T4229] loop5: rw=1, want=34225520831, limit=256
[  324.417467][ T4229] Buffer I/O error on dev loop5, logical block 34225520830, lost async page write
[  324.560747][ T7091] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  324.575527][ T4229] attempt to access beyond end of device
[  324.575527][ T4229] loop5: rw=1, want=34225520832, limit=256
[  324.602361][ T4229] Buffer I/O error on dev loop5, logical block 34225520831, lost async page write
[  324.613696][ T7082] loop2: detected capacity change from 0 to 40427
[  324.865291][ T7100] device veth1_to_team entered promiscuous mode
[  325.086954][ T7085] device veth1_to_team left promiscuous mode
[  325.580111][ T7106] loop2: detected capacity change from 0 to 16
[  325.634554][ T7106] erofs: (device loop2): mounted with root inode @ nid 36.
[  329.639283][ T7138] loop0: detected capacity change from 0 to 512
[  329.916415][ T7138] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.659: inode #1: comm syz.0.659: iget: illegal inode #
[  330.021261][ T7138] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.659: error while reading EA inode 1 err=-117
[  330.109347][ T7138] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.659: inode #1: comm syz.0.659: iget: illegal inode #
[  330.196799][ T7138] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.659: error while reading EA inode 1 err=-117
[  330.245753][ T7149] loop3: detected capacity change from 0 to 16
[  330.249422][ T7138] EXT4-fs (loop0): 1 orphan inode deleted
[  330.257783][ T7138] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback.
[  330.880140][ T7156] loop2: detected capacity change from 0 to 256
[  331.097213][ T7157] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  331.214677][ T7141] loop5: detected capacity change from 0 to 40427
[  331.478870][ T7141] F2FS-fs (loop5): Found nat_bits in checkpoint
[  331.692184][ T7168] overlayfs: failed to resolve './file0': -2
[  333.661301][ T7186] 9pnet_virtio: no channels available for device syz
[  334.947767][ T7202] loop5: detected capacity change from 0 to 512
[  335.194719][ T7202] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  335.247040][ T7202] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  335.261322][ T7216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.681'.
[  335.292846][ T4214] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  335.323214][ T7216] netlink: 'syz.0.681': attribute type 7 has an invalid length.
[  335.339380][ T7216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.681'.
[  335.390040][ T7216] device ip6gretap0 entered promiscuous mode
[  335.420747][ T7216] device syz_tun entered promiscuous mode
[  335.471585][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  335.659043][ T4214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  335.694920][ T4214] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  335.770603][ T4214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  335.802977][ T4214] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  335.840585][ T7230] tipc: Enabled bearer <udp:syz2>, priority 10
[  336.019164][ T4214] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  336.045202][ T4214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.079162][ T4214] usb 3-1: Product: syz
[  336.097926][ T4214] usb 3-1: Manufacturer: syz
[  336.116871][ T4214] usb 3-1: SerialNumber: syz
[  336.140287][ T7234] tipc: Enabled bearer <eth:team0>, priority 0
[  336.201164][ T4214] usb 3-1: config 0 descriptor??
[  336.241340][ T4214] ums-isd200 3-1:0.0: USB Mass Storage device detected
[  336.294393][ T7245] xt_hashlimit: size too large, truncated to 1048576
[  336.483019][ T4214] ums-isd200: probe of 3-1:0.0 failed with error -22
[  336.702274][   T13] usb 3-1: USB disconnect, device number 13
[  338.587785][ T7285] loop0: detected capacity change from 0 to 512
[  338.668623][ T7285] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  338.688891][ T7285] ext4 filesystem being mounted at /158/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  341.223756][ T7335] 9pnet_virtio: no channels available for device syz
[  341.263264][ T7337] netlink: 28 bytes leftover after parsing attributes in process `syz.2.720'.
[  341.302704][ T7337] netlink: 'syz.2.720': attribute type 7 has an invalid length.
[  341.334836][ T7337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.720'.
[  341.393278][ T7337] device ip6gretap0 entered promiscuous mode
[  341.411450][ T7337] device syz_tun entered promiscuous mode
[  341.440612][ T7337] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  341.459492][ T7342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'.
[  341.472266][ T7337] Cannot create hsr debugfs directory
[  341.484464][ T6275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  342.000436][   T13] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  342.278926][   T13] usb 1-1: Using ep0 maxpacket: 8
[  342.439055][   T13] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  342.654167][   T13] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  342.697453][   T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.736947][   T13] usb 1-1: Product: syz
[  342.744235][   T13] usb 1-1: Manufacturer: syz
[  342.763997][   T13] usb 1-1: SerialNumber: syz
[  342.792330][   T13] usb 1-1: config 0 descriptor??
[  342.881355][   T13] streamzap 1-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  343.021189][   T26] audit: type=1326 audit(1746347916.521:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7401 comm="syz.6.740" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e5ab4c969 code=0x0
[  343.086711][   T13] usb 1-1: USB disconnect, device number 10
[  343.369761][ T7410] 9pnet_virtio: no channels available for device syz
[  343.878846][   T13] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  344.144834][   T13] usb 3-1: Using ep0 maxpacket: 16
[  344.309276][   T13] usb 3-1: config 0 has an invalid interface number: 160 but max is 0
[  344.336117][   T13] usb 3-1: config 0 has no interface number 0
[  344.352465][ T7437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.751'.
[  344.383062][   T13] usb 3-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  344.407240][   T13] usb 3-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  344.491139][   T13] usb 3-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  345.478984][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.6.760'.
[  345.509027][   T13] usb 3-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  345.559116][   T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.584186][   T13] usb 3-1: Product: syz
[  345.657624][   T13] usb 3-1: Manufacturer: syz
[  345.718506][   T13] usb 3-1: SerialNumber: syz
[  345.803268][   T13] usb 3-1: config 0 descriptor??
[  345.929140][ T7414] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  345.952348][ T7414] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  346.168614][ T7454] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  346.189156][ T7454] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  346.338928][   T13] asix 3-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  346.359581][   T13] asix: probe of 3-1:0.160 failed with error -71
[  346.417350][   T13] usb 3-1: USB disconnect, device number 14
[  346.653511][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.5.774'.
[  346.828399][    C0] Unknown status report in ack skb
[  346.881688][   T13] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  346.904178][   T13] Bluetooth: hci2: Injecting HCI hardware error event
[  346.942692][ T4186] Bluetooth: hci2: hardware error 0x00
[  347.258093][ T7530] binder: BINDER_SET_CONTEXT_MGR already set
[  347.272678][ T7530] binder: 7528:7530 ioctl 4018620d 200000000040 returned -16
[  347.449827][ T7541] netlink: 'syz.6.788': attribute type 1 has an invalid length.
[  347.551593][ T7524] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  347.596265][ T7524] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  347.978616][ T7563] 9pnet_virtio: no channels available for device syz
[  348.164670][ T7567] netlink: 4 bytes leftover after parsing attributes in process `syz.5.798'.
[  348.574698][ T7574] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  349.271482][    C0] Unknown status report in ack skb
[  351.046525][ T7627] input: syz1 as /devices/virtual/input/input11
[  351.077976][ T7629] 9pnet_virtio: no channels available for device syz
[  351.108795][ T6082] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  351.148877][ T4214] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  351.198901][ T4215] Bluetooth: hci5: command 0x0405 tx timeout
[  351.419089][ T4214] usb 4-1: Using ep0 maxpacket: 16
[  351.502202][ T6082] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  351.523018][ T6082] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  351.564760][ T6082] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  351.578573][ T4214] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  351.604257][ T4214] usb 4-1: config 0 has no interface number 0
[  351.623245][ T4214] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  351.648959][ T4214] usb 4-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  351.670938][ T4214] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  351.759451][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  351.802001][ T6082] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  351.822797][ T6082] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.862282][ T6082] usb 1-1: Product: syz
[  351.873268][ T6082] usb 1-1: Manufacturer: syz
[  351.879137][ T4214] usb 4-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  351.888208][ T4214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.905061][ T6082] usb 1-1: SerialNumber: syz
[  351.925372][ T4214] usb 4-1: Product: syz
[  351.940237][ T4214] usb 4-1: Manufacturer: syz
[  351.956856][ T4214] usb 4-1: SerialNumber: syz
[  351.986878][ T4214] usb 4-1: config 0 descriptor??
[  352.029291][ T7617] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  352.046666][ T7617] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  352.227030][ T6082] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  352.319008][ T4214] asix 4-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  352.354323][ T4214] asix: probe of 4-1:0.160 failed with error -71
[  352.370661][ T4214] usb 4-1: USB disconnect, device number 13
[  352.416975][ T6082] usb 1-1: USB disconnect, device number 11
[  352.444332][ T6082] usblp0: removed
[  353.071070][ T7682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.841'.
[  353.498849][ T5027] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  353.820822][ T4215] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  354.043217][ T5027] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.054524][ T5027] usb 1-1: config 0 has no interfaces?
[  354.130170][ T4215] usb 4-1: Using ep0 maxpacket: 16
[  354.178927][ T5027] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  354.205154][ T5027] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  354.222185][ T5027] usb 1-1: Product: syz
[  354.252867][ T5027] usb 1-1: Manufacturer: syz
[  354.272104][ T5027] usb 1-1: config 0 descriptor??
[  354.289290][ T4215] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  354.308016][ T4215] usb 4-1: config 0 has no interface number 0
[  354.339823][ T4215] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  354.368835][ T4215] usb 4-1: config 0 interface 160 altsetting 0 endpoint 0x82 has invalid maxpacket 15936, setting to 1024
[  354.398871][ T4215] usb 4-1: config 0 interface 160 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  354.545032][ T5027] usb 1-1: USB disconnect, device number 12
[  354.600929][ T4215] usb 4-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=6c.f5
[  354.648770][ T4215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.667363][ T4215] usb 4-1: Product: syz
[  354.681192][ T4215] usb 4-1: Manufacturer: syz
[  354.685944][ T4215] usb 4-1: SerialNumber: syz
[  354.717200][ T4215] usb 4-1: config 0 descriptor??
[  354.759206][ T7700] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  354.785847][ T7700] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  355.080995][ T4215] asix 4-1:0.160 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  355.137497][ T4215] asix: probe of 4-1:0.160 failed with error -71
[  355.173156][ T4215] usb 4-1: USB disconnect, device number 14
[  355.238876][ T7755] tipc: Failed to obtain node identity
[  355.244404][ T7755] tipc: Enabling of bearer <ib:veth0_virt_wifi> rejected, failed to enable media
[  355.761466][ T7769] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  355.798397][ T7769] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  355.836817][ T7780] overlayfs: conflicting lowerdir path
[  355.847890][ T7779] 9pnet_virtio: no channels available for device syz
[  356.032025][ T7783] ------------[ cut here ]------------
[  356.038244][ T7783] WARNING: CPU: 0 PID: 7783 at kernel/trace/bpf_trace.c:1411 bpf_get_stack_raw_tp+0x196/0x1d0
[  356.049156][ T7783] Modules linked in:
[  356.053134][ T7783] CPU: 0 PID: 7783 Comm: syz.6.886 Not tainted 5.15.181-syzkaller #0
[  356.061254][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  356.071369][ T7783] RIP: 0010:bpf_get_stack_raw_tp+0x196/0x1d0
[  356.077387][ T7783] Code: c8 45 31 c0 e8 cb cb 13 00 65 ff 0d bc f5 81 7e 4c 63 e0 4c 89 e0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 76 f6 ff <0f> 0b 65 ff 0d 99 f5 81 7e 49 c7 c4 f0 ff ff ff eb d7 e8 73 76 f6
[  356.097076][ T7783] RSP: 0000:ffffc900034bebf8 EFLAGS: 00010293
[  356.103232][ T7783] RAX: ffffffff81814786 RBX: ffff8880b9000000 RCX: ffff88802b5b0000
[  356.111267][ T7783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000fffffffc
[  356.119293][ T7783] RBP: ffffc900034bec30 R08: dffffc0000000000 R09: fffffbfff1ff3219
[  356.127375][ T7783] R10: fffffbfff1ff3219 R11: 1ffffffff1ff3218 R12: 0000000000000000
[  356.135399][ T7783] R13: dffffc0000000000 R14: 0000000000000003 R15: 0000000000000000
[  356.143432][ T7783] FS:  000055558fbd5500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  356.152424][ T7783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  356.159074][ T7783] CR2: 000000110c2fa616 CR3: 0000000026c83000 CR4: 00000000003526f0
[  356.167084][ T7783] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  356.175122][ T7783] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  356.183162][ T7783] Call Trace:
[  356.186475][ T7783]  <TASK>
[  356.189473][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.195051][ T7783]  bpf_trace_run4+0x188/0x330
[  356.199810][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.204708][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.209889][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.216615][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.221801][ T7783]  ? mark_lock+0x94/0x320
[  356.226202][ T7783]  ? __init_rwsem+0x160/0x160
[  356.230955][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  356.236978][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  356.242251][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  356.247403][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  356.252582][ T7783]  ? verify_lock_unused+0x140/0x140
[  356.257813][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  356.263883][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  356.268733][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  356.274929][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  356.280375][ T7783]  ? __cant_sleep+0x210/0x210
[  356.285084][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.290997][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  356.296249][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.301860][ T7783]  bpf_trace_run4+0x188/0x330
[  356.306585][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.311504][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.316644][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.323381][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.328517][ T7783]  ? mark_lock+0x94/0x320
[  356.332942][ T7783]  ? __init_rwsem+0x160/0x160
[  356.337668][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  356.343718][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  356.348993][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  356.354137][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  356.359326][ T7783]  ? verify_lock_unused+0x140/0x140
[  356.364567][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  356.370630][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  356.375432][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  356.381662][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  356.387112][ T7783]  ? __cant_sleep+0x210/0x210
[  356.391847][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.397620][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  356.402900][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.408571][ T7783]  bpf_trace_run4+0x188/0x330
[  356.413333][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.418240][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.423419][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.430161][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.435300][ T7783]  ? mark_lock+0x94/0x320
[  356.439719][ T7783]  ? __init_rwsem+0x160/0x160
[  356.444435][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  356.450480][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  356.455711][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  356.460886][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  356.466035][ T7783]  ? verify_lock_unused+0x140/0x140
[  356.471298][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  356.477325][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  356.482167][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  356.488357][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  356.493889][ T7783]  ? __cant_sleep+0x210/0x210
[  356.498604][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.504403][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  356.509677][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.515258][ T7783]  bpf_trace_run4+0x188/0x330
[  356.520032][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.524927][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.530133][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.536839][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.542117][ T7783]  ? seqcount_lockdep_reader_access+0x120/0x1c0
[  356.548415][ T7783]  ? __init_rwsem+0x160/0x160
[  356.553177][ T7783]  ? do_user_addr_fault+0x1a9/0xc80
[  356.558402][ T7783]  do_user_addr_fault+0xbbb/0xc80
[  356.563507][ T7783]  ? vtime_user_exit+0x2dc/0x400
[  356.568491][ T7783]  ? rcu_is_watching+0x11/0xa0
[  356.573348][ T7783]  exc_page_fault+0x60/0x100
[  356.577975][ T7783]  ? clear_bhb_loop+0x15/0x70
[  356.582738][ T7783]  asm_exc_page_fault+0x22/0x30
[  356.587614][ T7783] RIP: 0033:0x7f5e5aa2ccad
[  356.592106][ T7783] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 2b
[  356.611775][ T7783] RSP: 002b:00007fffd0098600 EFLAGS: 00010202
[  356.617880][ T7783] RAX: 000000110c2f8000 RBX: 00007f5e5b8a3720 RCX: 0000000000000002
[  356.626017][ T7783] RDX: 0000000000001d94 RSI: 00000000000005f6 RDI: 0000000000000004
[  356.634059][ T7783] RBP: ffffffff84017d92 R08: 00007f5e5ad74038 R09: 00007f5e5ad60000
[  356.642124][ T7783] R10: 00007f5e5a1bd008 R11: 0000000000000004 R12: 0000000000000004
[  356.650174][ T7783] R13: 0000000000000000 R14: ffffffff840171de R15: 00000000000002f8
[  356.658182][ T7783]  ? insn_decode+0x1e/0x490
[  356.662779][ T7783]  ? arch_wb_cache_pmem+0x32/0x90
[  356.667855][ T7783]  </TASK>
[  356.671034][ T7783] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  356.678329][ T7783] CPU: 0 PID: 7783 Comm: syz.6.886 Not tainted 5.15.181-syzkaller #0
[  356.686419][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  356.696498][ T7783] Call Trace:
[  356.699802][ T7783]  <TASK>
[  356.702756][ T7783]  dump_stack_lvl+0x168/0x230
[  356.707474][ T7783]  ? show_regs_print_info+0x20/0x20
[  356.712704][ T7783]  ? load_image+0x3b0/0x3b0
[  356.717254][ T7783]  panic+0x2c9/0x7f0
[  356.721188][ T7783]  ? bpf_jit_dump+0xd0/0xd0
[  356.725733][ T7783]  ? arch_wb_cache_pmem+0x32/0x90
[  356.730797][ T7783]  ? bpf_get_stack_raw_tp+0x196/0x1d0
[  356.736221][ T7783]  __warn+0x248/0x2b0
[  356.740244][ T7783]  ? bpf_get_stack_raw_tp+0x196/0x1d0
[  356.745652][ T7783]  report_bug+0x1b7/0x2e0
[  356.750024][ T7783]  handle_bug+0x3a/0x70
[  356.754292][ T7783]  exc_invalid_op+0x16/0x40
[  356.758815][ T7783]  asm_exc_invalid_op+0x16/0x20
[  356.763728][ T7783] RIP: 0010:bpf_get_stack_raw_tp+0x196/0x1d0
[  356.769745][ T7783] Code: c8 45 31 c0 e8 cb cb 13 00 65 ff 0d bc f5 81 7e 4c 63 e0 4c 89 e0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 76 f6 ff <0f> 0b 65 ff 0d 99 f5 81 7e 49 c7 c4 f0 ff ff ff eb d7 e8 73 76 f6
[  356.789381][ T7783] RSP: 0000:ffffc900034bebf8 EFLAGS: 00010293
[  356.795477][ T7783] RAX: ffffffff81814786 RBX: ffff8880b9000000 RCX: ffff88802b5b0000
[  356.803480][ T7783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000fffffffc
[  356.811503][ T7783] RBP: ffffc900034bec30 R08: dffffc0000000000 R09: fffffbfff1ff3219
[  356.819494][ T7783] R10: fffffbfff1ff3219 R11: 1ffffffff1ff3218 R12: 0000000000000000
[  356.827490][ T7783] R13: dffffc0000000000 R14: 0000000000000003 R15: 0000000000000000
[  356.835493][ T7783]  ? bpf_get_stack_raw_tp+0x196/0x1d0
[  356.840902][ T7783]  ? bpf_get_stack_raw_tp+0x196/0x1d0
[  356.846303][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.851879][ T7783]  bpf_trace_run4+0x188/0x330
[  356.856594][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.861482][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.866613][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.873331][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.878456][ T7783]  ? mark_lock+0x94/0x320
[  356.882839][ T7783]  ? __init_rwsem+0x160/0x160
[  356.887546][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  356.893547][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  356.898767][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  356.903893][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  356.909024][ T7783]  ? verify_lock_unused+0x140/0x140
[  356.914242][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  356.920270][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  356.925070][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  356.931244][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  356.936637][ T7783]  ? __cant_sleep+0x210/0x210
[  356.941340][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.947079][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  356.952309][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  356.957868][ T7783]  bpf_trace_run4+0x188/0x330
[  356.962571][ T7783]  ? bpf_trace_run3+0x320/0x320
[  356.967452][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  356.972582][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  356.979311][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  356.984434][ T7783]  ? mark_lock+0x94/0x320
[  356.988809][ T7783]  ? __init_rwsem+0x160/0x160
[  356.993519][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  356.999519][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  357.004738][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  357.009868][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  357.015027][ T7783]  ? verify_lock_unused+0x140/0x140
[  357.020246][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  357.026260][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  357.031056][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  357.037239][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  357.042723][ T7783]  ? __cant_sleep+0x210/0x210
[  357.047419][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  357.053259][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  357.058489][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  357.064056][ T7783]  bpf_trace_run4+0x188/0x330
[  357.068764][ T7783]  ? bpf_trace_run3+0x320/0x320
[  357.073652][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  357.078788][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  357.085494][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  357.090620][ T7783]  ? mark_lock+0x94/0x320
[  357.095009][ T7783]  ? __init_rwsem+0x160/0x160
[  357.099715][ T7783]  stack_map_get_build_id_offset+0x83d/0x860
[  357.105722][ T7783]  ? get_perf_callchain+0x3b1/0x480
[  357.110951][ T7783]  ? put_callchain_entry+0xb0/0xb0
[  357.116094][ T7783]  ? __bpf_get_stackid+0x920/0x920
[  357.121234][ T7783]  ? verify_lock_unused+0x140/0x140
[  357.126456][ T7783]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  357.132478][ T7783]  __bpf_get_stack+0x44a/0x4f0
[  357.137290][ T7783]  ? stack_map_get_build_id_offset+0x860/0x860
[  357.144432][ T7783]  ? read_lock_is_recursive+0x10/0x10
[  357.149837][ T7783]  ? __cant_sleep+0x210/0x210
[  357.154530][ T7783]  ? bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  357.160264][ T7783]  bpf_get_stack_raw_tp+0x175/0x1d0
[  357.165493][ T7783]  bpf_prog_ec3b2eefa702d8d3+0x3a/0xc3c
[  357.171060][ T7783]  bpf_trace_run4+0x188/0x330
[  357.175762][ T7783]  ? bpf_trace_run3+0x320/0x320
[  357.180645][ T7783]  ? get_mm_memcg_path+0x24f/0x330
[  357.185778][ T7783]  __mmap_lock_do_trace_acquire_returned+0x231/0x290
[  357.192657][ T7783]  ? get_mm_memcg_path+0x330/0x330
[  357.197778][ T7783]  ? seqcount_lockdep_reader_access+0x120/0x1c0
[  357.204066][ T7783]  ? __init_rwsem+0x160/0x160
[  357.208768][ T7783]  ? do_user_addr_fault+0x1a9/0xc80
[  357.213987][ T7783]  do_user_addr_fault+0xbbb/0xc80
[  357.219038][ T7783]  ? vtime_user_exit+0x2dc/0x400
[  357.224003][ T7783]  ? rcu_is_watching+0x11/0xa0
[  357.228791][ T7783]  exc_page_fault+0x60/0x100
[  357.233404][ T7783]  ? clear_bhb_loop+0x15/0x70
[  357.238098][ T7783]  asm_exc_page_fault+0x22/0x30
[  357.242965][ T7783] RIP: 0033:0x7f5e5aa2ccad
[  357.247398][ T7783] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 2b
[  357.267023][ T7783] RSP: 002b:00007fffd0098600 EFLAGS: 00010202
[  357.273120][ T7783] RAX: 000000110c2f8000 RBX: 00007f5e5b8a3720 RCX: 0000000000000002
[  357.281121][ T7783] RDX: 0000000000001d94 RSI: 00000000000005f6 RDI: 0000000000000004
[  357.289205][ T7783] RBP: ffffffff84017d92 R08: 00007f5e5ad74038 R09: 00007f5e5ad60000
[  357.297195][ T7783] R10: 00007f5e5a1bd008 R11: 0000000000000004 R12: 0000000000000004
[  357.305184][ T7783] R13: 0000000000000000 R14: ffffffff840171de R15: 00000000000002f8
[  357.313179][ T7783]  ? insn_decode+0x1e/0x490
[  357.317705][ T7783]  ? arch_wb_cache_pmem+0x32/0x90
[  357.322761][ T7783]  </TASK>
[  357.326131][ T7783] Kernel Offset: disabled
[  357.330829][ T7783] Rebooting in 86400 seconds..