last executing test programs:

6m22.023504297s ago: executing program 32 (id=1868):
syz_open_dev$dri(&(0x7f0000000240), 0x0, 0x0)
r0 = syz_open_dev$dri(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000001000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e)

6m21.934101244s ago: executing program 5 (id=1874):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(0xffffffffffffffff, 0x5fe2, 0x217, 0xa5, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
close_range(r0, 0xffffffffffffffff, 0x0)

6m20.947349063s ago: executing program 5 (id=1876):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000400)='./bus\x00', 0x200008, &(0x7f0000000180)={[{@grpquota}, {@inode_readahead_blks}, {@quota}, {@oldalloc}]}, 0x1, 0x504, &(0x7f0000001000)="$eJzs3c9vI1cdAPDveOPEyaZNWnoABO3SFha0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oQ9pGckTkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep07W3gSS2FH8+UijeW/erL/vbXbei7/Z+AUwtu5ExEFETEbEuxExl19P8iPe6hzpfZ8cPl49Ony8mkS7/c7fk6w9vRY9fyZ1O3/NUkR871sRP0yejNvc299cqdWqO3l9oVXfXmju7d/fqK+sV9erW5XK8tLy4hsPXq9c2lhfqk/mpS9+/LuDr/047dZsfqV3HJepM/TicZzURER85yqCjcCtfDyTo+4I/5dCRDwfES9nz/9c3Mq+mgDATdZuz0V7rrd+LDlZBQBuikKWA0sK5TwXMBuFQrncyeG9EDOFWqPZuveosbu11smVzUex8GijVl3Mc4XzUUzS+lJW/rReOVV/EBHPRcTPpqazenm1UVsb5Tc+ADDGbp9a//811Vn/AYAbrjTqDgAAQ2f9B4DxY/0HgPFj/QeA8dNZ/6dH3Q0AYIi8/weA8WP9B4Cx8t23306P9lH++ddr7+3tbjbeu79WbW6W67ur5dXGznZ5vdFYzz6zp37W69Uaje2l12L3/fmvbzdbC829/Yf1xu5W62H2ud4Pq8XsroMhjAwAGOS5lz76Y5KuyG9OZ0f07OVQHGnPgKtWGHUHgJG5NeoOACNjty8YXxd4j1+M+KkUAdwAfbboPaHU7xeE2u12++q6BFyxu5+T/4dx1ZP/97+AYczI/8P4kv+H8dVuJ+fd5D/OeyMAcL3J8QMDfv7/fH7+df7DgR+snb7jw6vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxv3f1/y/le4LNRKJTLEc9ExHwUk0cbtepiRDwbEX+YKk6l9aUR9xkAuKjCX5J8/6+7c6/Onmh68fZxcTIifvSLd37+/kqrtfP7iMnkH1Pd660P8+uV4fceADhbd53Ozj1v5D85fLzaPYbZn79+MyJKnfhHh5NxdBx/IiaycymKETHzzySvdyQ9uYuLOPggIj7bb/xJzGY5kM7Op6fjp7GfGWr8won4haytc07/Lj5zCX2BcfNROv+81e/5K8Sd7Nz/+S9lM9TF5fNf+lKrR9kc+Gn87vx3a8D8d+e8MV777bc7pekn2z6I+PxERDf2Uc/8042fDIj/6jnj/+kLL748qK39y4i70T9+b6yFVn17obm3f3+jvrJeXa9uVSrLS8uLbzx4vbKQ5agXBq8Gf3vz3rOD2tLxzwyIXzpj/F8+5/h/9Z93v/+lp8T/6iv94hfihafET9fEr5wz/srMb0qD2tL4awPGf9bX/94543/85/0ntg0HAEanube/uVKrVXcUFK5/If0new260bfwjWHFmoz+TT95pfNMn2rqfu//P8YaNGNcRtYNuA6OH/qI+PeoOwMAAAAAAAAAAAAAAPQ1jN9YGvUYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLn+GwAA//+hm8cd")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x743, 0x100000007, 0x6, 0x8, 0x2, 0x55b, 0x100000001, 0xfffffffffffffffd, 0x6ba8})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)

6m19.275877718s ago: executing program 5 (id=1881):
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0xff, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c)
recvmmsg(r0, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

6m15.801776262s ago: executing program 5 (id=1885):
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f00000000c0)='./file3\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x2, 0x238, &(0x7f0000000800)="$eJzsmL9rFEEUx78zu7feiUhsUthYGDCiucvtoaQ5NIJgJULir0oPs4aYTU4uK5iAJMHGRjsLIY2F/4BFCisLO/8BQQsVBAuvsLCxGZkfeze3w+ZySzrfpxi+M/Nm3743b1+xIAjiv+X7tz9fn1+amT8L4AgmcMis//QAxrRmW337L68enXnZvLzz9vObD6tHn7zLPk8eEWJwobyHfx/A+1kPiZpx+/RfKSbMZB68p6+D47TRN8FQNfouOG4YHYHhttEPLN2W9tXq/aU4qt5rxwtSTMuhLodQDo3s+3W3GRbMXAghmLW/tr6x3IrjqGMJ3+xZW5vI2Iwies6Wx538lRCgO8vRtN5PZvHWs6fbcp7mZtrKXx0cdRNEAwxzZn0GO2ludEqs+I/7qKQuvIH4MdaKM9FKwUwxAMOCLGvR/F0gNXuLY1PFjk/KcC66W2OFbhGDp0rob8lM5h7PK6/RSkcJP3s7rrhgLrSAr6vZKMSm8wEo8UKW0IHfsisKRZGK8S776G790ILn1rNgw12w/ddPeb/vnH6IZsUfvUQrkHH1VnzvYO4C+LSr+4d4zXDK6k++1T9qycrD2tr6xtTSSmsxWoxWw7BxngFb58KaakR6dPpevz9XVH86bNqTfH4pxzbgAR63kqRT12PAAlSQJJ1QzUPrs5nbbf+6Y44luALgpJ7Ilhb0nug5PligbbiylWrSNSIIgiAIgiAIgiAIgiAIgijECTD1F3QI4TVl/S8AAP//CkpUTQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x40040, 0x6ab858183a7ef6ba)
newfstatat(0xffffffffffffff9c, &(0x7f00000053c0)='./file3\x00', &(0x7f0000005400), 0x4000)

6m14.829007963s ago: executing program 5 (id=1889):
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000380)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='dmask=00000000000000000002621,utf8,umask=00000000000000000200000,namecase=1,discard,errors=remount-ro,umask=00000000000000000200004,umask=00000000000000000003377,namecase=1,utf8,iocharset=iso8859-4,iocharset=cp874,dmask=01777777777777777777770,errors=remount-ro,uid=', @ANYRESOCT=0x0, @ANYRES16, @ANYRESDEC=0x0, @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYRES8=0x0, @ANYRESDEC, @ANYBLOB="49440fb4005cba20653d2326292c265c2c00e79feca4a2e1053fdd2c84e7a89aa4ee02cbb47695d7ade8fd4362d0e37fbbb365b529e3d4cfa7ec78bc709784cc24ff7cfd3accb1a53fcd27bcb1794fcc15fc6eeae6dd85887fec609d9df9eb63c1eb27e9a7e7c87e551a878c1ff1548dce0557af9986d21054cc6d2e9be1e16b9e2e6e9df5b4b95e1b", @ANYRES8=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRESOCT], 0x21, 0x1508, &(0x7f0000002080)="$eJzs3AvYTdX2MPAx5pyLl6Sd5D7HHIudXkySJJckuSRJcuRIbglJkiRJ5X5LckvIPck9JLeQ3O+33JMkSZKE5JbM79Hf+XRO53yd8/+f/+P5zjt+z7Oed4691phrrD3286619n72/q7dgEp1KpevxczwP4L/9aczAKQAQG8AuA4AIgAonqV4lkvrM2js/D/bifj3enjK1a5AXE3S/7RN+p+2Sf/TNul/2ib9T9uk/2mb9D9tk/4LkZZtmZrzelnS7iLv/6dlcv7/D3Ko8Kiv1hW+sf2/kCL9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadl//71j+ezgP2G52q8/IYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBpw9lwhQGAv4yvdl1CCCGEEEIIIYT49wnpr3YFQgghhBBCCCGE+N+HoECDgQjSQXpIgQyQEa6BTHAtZIbrIAHXQxa4AbLCjZANskMOyAm5IDfkAQsEDhhiyAv5IAk3QX64GVKhABSEQuChMBSBW6Ao3ArF4DYoDrdDCbgDSkIpKA1l4E4oC3dBObgbysM9UAEqQiWoDPdCFbgPqsL9UA0egOrwINSAh6Am/AlqwcNQG/4MdeARqAuPQj2oDw2gITT6b+W/BC/DK9AROkFn6AJdoRt0hx7QE3pBb3gV+kDK5eemPwyAgTAI3oDB8CYMgaEwDN6C4TACRsIoGA1jYCy8DePgHRgP78IEmAiTYDJMgakwDd6D6TADZsL7MAs+gNkwB+bCPJgPH8ICWAiL4CNYDB/DElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW+AS2wjbYDjtgJ+yC3fAp7IHPYC98Dvvgi38x/8zf5LdHQECFCg0aTIfpMAVTMCNmxEyYCTNjZkxgArNgFsyKWTEbZrs5B+bAXJgL82AeJCQAZMyLeTGJScyP+TEVU7EgFkSPHotgESyKt2IxLIbFsTiWwBJYEkthKSyDZbAslsVyWA7LY3msgBWwElbCe/FevA+rYlWshtWwOlbHGlgDD+WuibWwFtbG2lgH62BdrIv1sB42wAbYCBthY2yMTbAJNsNm2BybYwtsgS2xJbbCVtgaW2MbbINtsS22w3bYHl/EF/ElfAlfwVewE1ZQXbArdsXu2B17Yi/sha9iH3wNX8PXsR/2xwE4EAfiGzgYT+MQHIrDcBiWVSNwJI5CVmNwLI7FcTgOx+N4nIATcSJOxik4FafhNJyOM3AGvo+z8AP8AOfgHJyH83E+LsCFAy+/wnAJLsVluBxX4EpcgatxDa7Gdbge1+FG3IibcTN+gp/gNtyGO3AH7kIDgJ/iZ/gZ9sN9uA/34348gAfwIB7EQ3gID+NhPIJH8CgexWN4DI/jCTyJJ/AUnsLTeAbP4lk8j+fxAj6f65vauwqs7QfqEqOMSqfSqRSVojKqjCqTyqQyq8wqoRIqi8qisqqsKpvKpnKoHCqXyqXyqHOKFClWscqr8qqkSqr8Kr9KVamqoCqovPKqiCqiiqqiqpgqpoqr21UJdYcqqUqppr6MKqPKqma+nLpblVflVQVVUVVSlVVlVUVVUVVVVVVNVVPVVXVVQz2kaqou2BMfVpc6U0f1x7pqANZT9VUD1VC9gY+pxmowNlFNVTP1hBqKQ7CFauxbqqdVKzUSW6tn1Sh8TrVVY7CdekG1Vy+qDipSL6smvqPqpCZgF9VVTcbuqofqqXqp6VhRXepYJfW66qf6qwFqoJqHb6jB6k01RA1Vw9RbargaoUaqUWq0GqPGqrfVOPWOGq/eVRPURDVJTVZT1FQ1Tb2npqsZaqZ6X81SH6jZao6aq+ap+epDtUAtVIvUR2qx+lgtUUvVMrVcrVAr1Sq1Wq1Ra9U6tV5tUBvVJrVZbVGfqK1qm9qudqidapfarT5Ve9Rnaq/6XO1TX6j96kt1QH2lDqqv1SH1jTqsvlVH1HfqqPpeHVM/qOPqhDqpflSn1E/qtDqjzqpz6rz6WV1Qv6iLKijQqJXW2uhIp9PpdYrOoDPqa3Qmfa3OrK/TCX29zqJv0Fn1jTqbzq5z6Jw6l86t82irSTvNOtZ5dT6d1Dfp/PpmnaoL6IK6kPa6sC6ib9FF9a26mL5NF9e36xL6Dl1Sl9KldRl9py6r79Ll9N26vL5HV9AVdSVdWd+rq+j7dFV9v66mH9DV9YO6hn5I19R/0rX0w7q2/rOuox/RdfWjup6urxvohrqRfkw31o/rJrqpbqaf0M31k7qFfkq31E/rVvoZ3Vo/q9vo53Rb/bxup1/Q7fWLuoP+RV/UQXfUnXRn3UV31d10d91D99S9dG/9qu6jX9N99eu6n+6vB+iBepB+Qw/Wb+oheqgept/Sw/UIPVKP0qP1GD1Wv63H6Xf0eP2unqAn6kl6sp6ip+qel2ea+U/kv/N38vv+uvfNeov+RG/V2/R2vUPv1Lv0br1b79F79F69V+/T+/R+vV8f0Af0QX1QH9KH9GF9WB/RR/RRfVQf08f0cX1Cn9M/6lP6J31an9Fn9Dl9Xp/XFy4/B2DQKKONMZFJZ9KbFJPBZDTXmEzmWpPZXGcS5nqTxdxgspobTTaT3eQwOU0uk9vkMdaQcYZNbPKafCZpbsLLJ01T0BQy3hQ2Rcwt/0q+yW9uNqmmwF/l/1F9jUwj09g0Nk1ME9PMNDPNTXPTwrS49VIdrUwr09q0Nm1MG9PWtDXtTDvT3rQ3HUwH87J52XQ0HU1n09l0Nd1Md9PD9DS9TG/zqulj+pi+pq/pZ/qZAWaAGWQGmcFmsBlihphhZpgZboabkWakGW1Gm7FmrBlnxpnxZryZYCaYSWaSmWKmmGlmmpluppuZZqaZZWaZ2Wa2mWvmmvlmvllgFphFZpFZbBabJWapWWqWm+VmpVlpVpvVZq1Za9ab9Waj2WiWpN9itpitZqvZbrabnWan2W12mz1mj9lr9pp9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6Om5PmpDllTpnT5rQ5a86a8+a8uWAumIvm4qXLvkhFKjKRidJF6aKUKCXKGGWMMkWZosxR5igRJaIsUZYoa3RjlC3KHuWIcka5otxRnshGFLmIozjKG+WLktFNUf7o5ig1KhAVjApFPiocFYluiYpGt0bFotui4tHtUYnojqhkVCoqHZWJ7ozKRndF5aK7o/LRPVGFqGJUKaoc3RtVie6Lqkb3R9WiB6Lq0YNRjeihqGb0p6hW9HBUO/pzVCd6JKobPRrVi+pHDaKGUaN/6/whnM7+uO9oO9nOtovtarvZ7raH7Wl72d72VdvHvmb72tdtP9vfDrAD7SD7hh1s37RD7FA7zL5lh9sRdqQdZUfbMXasfduOs+/Y8fZdO8FOtJPsZDvFTrXT7Ht2up1hZ9r37Sz7gZ1t59i5dp6dbz+0C+xCu8h+ZBfbj+0Su9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFvuJ3Wq32e12h91pd9nd9lO7x35m99rP7T77hd1vv7QH7Ff2oP3aHrLf2MP2W3vEfmeP2u/tMfuDPW5P2JP2R3vK/mRP2zP2rD1nz9uf7QX7i71ow6WL+0undzJkKB2loxRKoYyUkTJRJspMmSlBCcpCWSgrZaVslI1yUA7KRbkoD+WhS5iY8lJeSlKS8lN+SqVUKkgFyZOnIlSEilJRKkbFqDgVpxJUgkpSSSpNpelOupPuorvobrqb7qF7qCJVpMpUmapQFapKVakaVaPqVJ1qUA2qSTWpFtWi2lSb6lAdqkt1qR7VowbUgBpRI2pMjakJNaFm1IyaU3NqQS2oJbWkVtSKWlNrakNtqC21pXbUjtpTe+pAHehlepk6UkfqTJ2pK3Wl7tSdelJP6k29qQ/1ob7Ul/pRPxpAA2gQDaLBNJiG0FAaRm/RcBpBI2kUjaYxNJbG0jgaR+NpPE2gCTSJJtEUmkLTaBpNp+k0k2bSLJpFs2k2zaW5NJ/m0wJaQItoES2mxbSEltAyWkYraAWtolW0htbQOlpHG2gDbaJNtIW20FbaSttpO+2knbSbdtMe2kN7aS/to320n/bTATpAB+kgHaJDdJgO0xE6QkfpKB2jY3ScjtNJOkmn6BSdptN0ls7SefqZLtAvdJECpbgMLqO7xmVy17rM7jr3t3EOl9PlcrldHmddNpf9r2JyzqW6Aq6gK+S8K+yKuFtc6qUL3t/EJV0pV9qVcXe6su4uV+53cRV3n6vq7nfV3AOusrv3r+Lq7kFXwz3iarpHXS1X39V2DV0d94ir6x519Vx918A1dM3dk66Fe8q1dE+7Vu6Z38UL3EK3xq1169x6t8d95s66c+6I+86ddz+7jq6T6+1edX3ca66ve931c/1/Fw9zb7nhboQb6Ua50W7M7+JJbrKb4qa6ae49N93N+F08333oZrlFbrab4+a6eb/Gl2pa5D5yi93Hbolb6pa55W6FW+lWudX/t9blbqPb5Da73e5Tt9Vtc9vdDrfT7fo1vnQce93nbp/7wh1237oD7it30B11h9w3v8aXju+o+94dcz+44+6EO+l+dKfcT+60O/Pr8V869h/dL+6iCw4YWbFmwxGn4/Scwhk4I1/DmfhazszXcYKv5yx8A2flGzkbZ+ccnJNzcW7Ow5aJHTPHnJfzcZJv4vx8M6dyAS7IhdhzYS7Ct3BRvpWL8W1cnG/nEnwHl+RSXJrL8J1clu/icnw3l+d7uAJX5Epcme/lKnwfV+X7uRo/wNX5Qa7BD3FN/hPX4oe5Nv+Z6/AjXJcf5XpcnxtwQ27Ej3FjfpybcFNuxk9wc36SW/BT3JKf5lb8DLfmZ7kNP8dt+Xluxy9we36RO/BL/DK/wh25E3fmLtyVu3F37sE9uRf35le5D7/Gffl17sf9eQAP5EH8Bg/mN3kID+Vh/BYP5xE8kkfxaB7DY/ltHsfv8Hh+lyfwRJ7Ek3kKT+Vp/B5P5xk8k9/nWfwBz+Y5PJfn8Xz+kBfwQl7EH/Fi/piX8FJexst5Ba/kVbya1/BaXsfreQNv5E28mbfwJ7yVt/F23sE7eRfv5k95D3/Ge/lz3sdf8H7+kg/wV3yQv+ZD/A0f5m/5CH/HR/l7PsY/8HE+wSf5Rz7FP/FpPsNn+Ryf55/5Av/CFzkwxBirWMcmjuJ0cfo4Jc4QZ4yviTPF18aZ4+viRHx9nCW+Ic4a3xhni7PHOeKcca44d5wntjHFLuY4jvPG+eJkfFOcP745To0LxAXjQrGPC8dF4lviovGtcbH4trh4fHtcIr4jLhmXih95oEx8Z1w2visuF98dl4/viSvEFeNKceX43rhKfF9cNb4/rhY/EBeLH4xrxA/FcPn7KrXjP8d14kfiuvGjcb24ftwgbhg3ih+LG8ePx03ipnGz+Im4efxk3CJ+Km4ZPx23ip/5w/Wd4y5x17hb3C0O4X49NzkvOT/5YXJBcmFyUfKj5OLkx8klyaXJZcnlyRXJlclVydXJNcm1yXXJ9ckNyY3JTcnNyRAqpwePXnntjY98Op/ep/gMPqO/xmfy1/rM/jqf8Nf7LP4Gn9Xf6LP57D6Hz+lz+dw+j7eevPPsY5/X5/NJf5PP72/2qb6AL+gLee8L+yK+oW/kG/nG/nHfxDf1zfwT/gn/pH/SP+Wf8k/7Vv4Z39o/69v453xb/7x/3r/g2/sXfQf/kn/Zv+I7+k6+s+/su/quvrvv7nv6nr637+37+D6+r+/r+/l+foAf4Af5QX6wH+yH+CF+mB/mh/vhfqQf6Uf70X6sH+vH+XF+vB/vJ/gJfpKf5Kf4KX6an+an++l+pp/pZ6XO8rP9bD/Xz/Xz/Xy/wC/wi/wiv9gv9kv8Er/ML/Mr/Aq/yq/ya/wav86v8xv8Br/Jb/Jb/Ba/1W/12/12v9Pv9Lv9br/H7/F7/V6/z+/z+/1+f8Af8Af91/6Q/8Yf9t/6I/47f9R/74/5H/xxf8Kf9D/6U/4nf9qf8Wf9OX/e/+wv+F/8RR/82MTbiXGJdxLjE+8mJiQmJiYlJiemJKYmpiXeS0xPzEjMTLyfmJX4IDE7MScxNzEvMT/xYWJBYmFiUeKjxOLEx4kliaWJZYnliRWJlYkQcm+NQ96QLyTDTSF/uDmkhgKhYCgUfCgcioRbQtFwaygWbgvFw+2hRLgjlAylQunwaKgX6ocGoWFoFB4LjcPjoUloGpqFJ0Lz8GRoEZ4KLcPToVV4JrQOz4Y24bnQNjwf2oUXQvu/3HGFV0LH0Cl0Dl1C19AtdA89Qs/QK/QOr4Y+4bXQN7we+oX+YUAYGAaFN8Lg8GYYEoaGYeGtMDyMCCPDqDA6jAljw9thXHgnjA/vhglhYpgUJocpYWqYFt4L08OMMDO8H2aFD8LsMCfMDfPC/PBhWBAWhkXho7A4fByWhKVhWVgeVoSVYVVYHdaEtWFdWB82hI1hU9gctoRPwtawLWwPO8LOsCvsDp+GPeGzsDd8HvaFL8L+8GU4EL4KB8PX4VD4JhwO34Yj4btwNHwfjoUfwvFwIpwMP4ZT4adwOpwJZ8O5cD78HC6EX8JF+c6aEEIIIcQ/pdsfrO/ydx4zAKAuj7sCwLXbch767XoNABuy/de4h8rVPAEAT3dq9/BflgoVOnfufHnbJRqifHMAIPE3O7gcL4Vm8CS0hKZQ9O/W10O9eJ7/YP7k7QAZf5OTAlfiK/N/+Q/mf+yJYQtKxGez/D/mnwOQmu9KTga4Ei+FZl+8AgBNodg/mD974z+oP8NXYwGa/CYnE1yJr9RfBB6HZ6DlX235Nx645h+vE0IIIYQQQgjxH62HKt3mj+6fL92f5zJXctLDlfiP7s+FEEIIIYQQQghx9T33YoenHmvZsmmbf36Q/l/ZWAYykMH/j4Or/Z9JCCGEEEII8e925aL/ymMZrmZBQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFEGvSbH/3KAAD/Kz8ndrWPUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLja/k8AAAD//3BjMQc=")
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xc2d40, 0x0)

6m9.378584779s ago: executing program 5 (id=1899):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

6m5.486152772s ago: executing program 33 (id=1899):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

4m33.771805485s ago: executing program 4 (id=2216):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x1237, &(0x7f00000006c0)="$eJzs3E1rXFUYAOB3kon5qPlQ61cXeqgbV5cmC1eCBklBMgupRmgFcWonOOQ6E3KHQERtXbkV/Bfi0p0g/gE3/gWX3bjsQrjivZNk0qStlTJj6fNs7ptz3jfnXA4MnMs99/ab332+s11k2+1BTDUaMbUbke6kSDEVh17ZrK9Xr22ut1obV1K6vP7B6hsppaVXf/noyx8v/jo49+FPSz/Pxm8rH9/+cy0ibv2T/1m3SN0i9fqD1E7X+/1B+3remY5usZOl9F7eaRed1O0Vnb3R/rSd93d3D1K7d2NxYXevUxSp3TtIO52DNOin5nBKvZRlWVpcCO5p5lTLJ3c3bv1wpyzLiLKciaeiLMtyPhbiXDwdi7FULeIz8Ww8F+fj+XghXoyX4uUqa4x3AQAAAAAAAAAAAAAAAAAAAE+A+53/X44V5/8BAAAAAAAAAAAAAAAAAABgDN6/em1zvdXauJLSXET+7f7W/lZ9rfvXt6MbeXTiUizHX1Gd/q/V8eV3WxuXUmUlvslvDutv7m9Nn6xfrT4nMKxvVn2H9at1fTpZPxsLo/VrsRznzx5/7Yz6me8jXn9tpD6L5fj90+hHHjeqsY/rv15N6Z1b9ZziaPwLVd6xRjRG/2yOZ30AAADgUcjSkaP9+9sj+/csO91f74/r+od4PnDX/r4ZF+yhJ644+GKnneedvZPB3KmWBwWNiPjXyfcKGsNHLGfmxFzEf/7PYw2mHrZqerga908+/O7m5G/wcQvm/x/TeKyCif0kMUbHi36y/Y+LR+H8+GcFAAAAAAAAAADAgzyydwajcdb7v82o3yybHR3zrfgqm9wdAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpAAAAP//d+24Qg==")
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x200084c, &(0x7f0000000000)=ANY=[@ANYBLOB='time_offset=0x00000000000004f7,sys_immutable,nodots,check=strict,dots,dots,dots,nocase,dos1xfloppy,nodots,dots,dots,dos1xfloppy,nodots,\x00'], 0x1, 0x273, &(0x7f0000001900)="$eJzs3U9qE1EcB/Bf0zR/imDX4mLAjStRbxAkgjggRLLQlYHqphUh3UQ35hiewaN4BI/RVcHFSGeCSTNasU4znfbzgTA/3peZeY9AZhLem7y5+/5g/8PRu+z7l+j1kmhHzOMkYi9asR2FrcW2ldedWNGdBwDQNKPRZFB3H6jQVqmlHxGTndObtVI0/rqhXgEAAAAAAAAAAFCx/5z/H+b/A0Dz/NP8//LcchpgOh1Mdhf3b2eZ/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU5yTLbmfnvOruHwBQvT9c/zuu/wBwff39+/+tursIAFTM7/8AcPO8fPX6+SBNh6Mk6UUcz2fZ58i34yJ/+iwdPkxye8u9jmez8c6iToePijxZz3cX+z/+bd6J+/eK/DR78iJdy7uxf9mDBwAAAAAAAAAAAAAAAAAAgCviQfLL2vr+7bzKHwcQEeW8qFaeD7C2fr8dd9qbGQMAAAAAAAAAAAAAAAAAAAA03dHHTweTw8O3U0VVxY9sQ+f6VuEB40xLPy5wnF6stPQj4gq8F4oLF3V/MgEAAAAAAAAAAAAAAAAAwM2zXPRbd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD7L//+vomhFRDk65/TdDQ4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuOZ+BgAA///U2Y8a")
lsetxattr(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='b[rgs4}%.'], 0x0, 0x0, 0x3)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x80)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x121140, 0x13d)
shutdown(0xffffffffffffffff, 0x1)

4m31.342152762s ago: executing program 4 (id=2225):
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x4)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa0)

4m29.868746458s ago: executing program 4 (id=2231):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x39b3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0xffffffffffff2834)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r2, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r1}, 0x20)
recvmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000002e40)=""/70, 0x46}], 0x1}, 0x66e}], 0x1, 0x21, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x19, &(0x7f0000000740)=0x17, 0x4)

4m28.646088291s ago: executing program 4 (id=2237):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18040, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16, @ANYRESHEX, @ANYRES8, @ANYRES64=0x0, @ANYRESHEX], 0x8, 0x2fe, &(0x7f00000007c0)="$eJzs3M9PE1sUwPFDW0pbAmXx8l7eS1640Y1uJlBdK42BxNhEgtT4IzEZYKpNx5Z0GkyNEVy5Nf4RLghLdibKP8DGnW7cuGNj4kIWxjEznaGlHYpAaRG+n4TMYc49M/emAznTtLN159XjQs7ScnpFQjElfSIi2yIjEhJfn7cNuXFUGq3IxcFvH/+/dffejXQmMzmj1FR69lJKKTU8+u7Js7g37O2AbI482Pqa+rL59+a/Wz9nH+UtlbdUsVRRuporfa7oc6ahFvJWQVNq2jR0y1D5omWUa/lSLZ8zS4uLVaUXF4YSi2XDspRerKqCUVWVkqqUqyr8UM8XlaZpaigh2E92dWZGTx+yeL7Dk8ExKZfTelhE4i2Z7GpPJgQAAHqquf8Piepk/792bqMyeHt92On/YyISDer/L3+qHcvp/we84+rO6MD+3z9/YP+vH6z/b+2IzpYj9f84GUajLbv66qGTLKf1hPf363pxf23MDej/AQAAAAAAAAAAAAAAAAAAAAD4E2zbdtK27aS/9X8GRCQmIv7vAaVhEbnagymjg47w+uMUqH9xLzIsYr5cyi5la1tvwIaImGLImCTlh3s9eJzY/+aRcozIe3PZq19eyobdTDonebd+XJL90lxv21PXM5PjqmZ3fb8kGutTkpS/gutTgfVRuXC+oV6TpHyYl5KYsuDOo17/fFypazczTfVxdxwAAAAAAKeBpnYE3r9r2l75Wv3O/XXz+wPh+v31WOD9eUT+i/R27QAAAAAAnBVW9WlBN02j3CaIy/5jDh9EGvbIinTsXP4Kf7fK/yzD8a20TeCffFcq5u3s6LnEezzsEY8TksNUjTqrUQGplrW3C/y3jfYaI9MT3X8F3eCf12++d+6AV9Zj+6z0gIF/lZmmEW5/AfR3438PAAAAgO6qN/3+noneTggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDOoG09H6/UaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJPiVwAAAP//gYT6Qg==")
creat(&(0x7f0000000380)='./bus\x00', 0x4)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x40403, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x402, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4, 0x5]})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000001c0)={[], [{@pcr={'pcr', 0x3d, 0x16}}]}, 0x1, 0x57d, &(0x7f0000000d00)="$eJzs3c+PG1cdAPDvzP5yfrSbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggISHBn8ABiQNSTxy4cUTiAIhyQCoQgRIkDoNm7N11NnbixI5N1p+PNJkf742/73l35j0/b+YFMLPORsRuRCxGxFsRsdw9nnSXeK2z5Pnu3L61dvf2rbUksuzNfyRFen4ses7Jnei+Zikivv6ViG8n98dtbe9cW63Xaze7+5V240altb1zYbOxulHbqF2vVi+vXL748qWXqmOr65nGLz788ubr3/j1rz75we92v/j9vFgnu2m99RinTtUX9uPk5iPi9ScRbArmuuvFKZeDx5NGxEci4jPF9b8cc8VvJwBwlGXZcmTLvfsAwFGXFmNgSVqOiDTtdgLKnTG85+J4Wm+22uevNreur3fGyk7FQnp1s167eHrpD98tMi8k+f5KkVakF/vVQ/uXIuJ0RPxw6VixX15r1ten0+UBgJl3orf9j4h/L6VpuTzUqX2+1QMAnhqlaRcAAJg47T8AzB7tPwDMniHa/+6X/btPvCwAwGT4/A8As0f7DwCzR/sPADPla2+8kS/Z3e7zr9ff3t661nz7wnqtda3c2ForrzVv3ihvNJsbxTN7Gg97vXqzeWPlxdh6p9KutdqV1vbOlUZz63r7SvFc7yu1hYnUCgB4kNNn3v99EhG7rxwrluiZy0FbDUdbOsZcwNNlbpSTdRDgqWa2L5hdQzXhRSfht0+8LMB09H2Yd6nv5r1+/AhB/J0R/F859/Hhx//N8QxHi5F9mF2PN/7/6tjLAUzeY4///2m85QAmL8uSw3P+L+4nAQBH0gh/wpe9O65OCDBVD5vMeyzf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMARczIivhNJWi7mAk/zf9NyOeKZiDgVC8nVzXrtYkQ8G2ciYmEp31+ZdqEBgBGlf0u683+dW37h5OHUxeQ/S8U6Ir73kzd/9M5qu31zJT/+z/3jS3vTh1UPzhthXkEAYHh/GSZT0X5Xu+ueD/J3bt9a21ueYBnv8+GX9icfXbt7+1axdFLmI8uyLKJU9CWO/yuJ+e45pYh4PiLmxhB/972I+Fi/+ifF2Mip7synvfGjG/uZicZP74mfFmmddf72fXQMZYFZ835+/3nt8PU3V1xZZ4sc/a//UnGHGl1x/ytF7N37Du5/e9d7qSjN4fj5NX922Bgv/uar9x3Mljtp70U8P98vfrIfPxkQ/4WIODZE/D9+4lM/eHVAWvaziHPRP35vrEq7caPS2t65sNlY3aht1K5Xq5dXLl98+dJL1UoxRl3ZG6m+399fOf/soLLl9T8+IH7nJ3/iUP0X98/93BB1z/38v29969MHu0uH43/hs/1//s8V6/7vf94mfn7I+KvHfzlw+u48/vqA+j/s539+yPgf/HVnfcisAMAEtLZ3rq3W67WbI23kn0If/awsy97Ny/CAPHnycC+4110crTp/jmLj4G1JIonR3597N/LO2DCZF0auzj0be8Ml465On435/b7ieF/5mw/+bRm0sThK0HTstXicjTjV3bgzqaBTuR0BE3Rw0U+7JAAAAAAAAAAAAAAAwCDj+K9CP31InoHBx/EAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGba/wIAAP//7sW+dQ==")
mkdirat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x4)

4m27.386423691s ago: executing program 4 (id=2240):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x7a, &(0x7f0000001400)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "f6ff01", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0xdd86, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x10}, 0x1, {0x7b43}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x5, 0xec, 0x0, 0xd, 0x0, 0x1, 0x1, 0x1, 0x1}}}}}}}}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r1 = getpid()
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
rt_tgsigqueueinfo(r1, r1, 0x1d, &(0x7f0000000040)={0x1f, 0x4, 0xfff})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)

4m26.97407223s ago: executing program 4 (id=2245):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file1\x00', 0x2, &(0x7f0000000400)=ANY=[], 0x1, 0xf0d, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiICYHhCVEEVCnCoOVFwolQJSkUCVKtRT21Or3npCvVCpSqWgHtpIiavYb9a7L/vY9cSetXd/P+nz2zdvdr5vbMeZmZ19G4CR1Vj7evToQhHCO5+9/ejLTxWfXF12V2uNA2tfi9hrhhAm2vpFsr0v4oLLF1860a0twuG1r2U/PHah9dyZEMJKOBA+D83w4dLyVx+8+8jBj1+bvuXNs8+8sk2735LuBwAADKPzf17++33//NMD85fO7z8eplrLy+PzZuzPxOP+Q/FAuTxeboTOftEW7SaT9cZiNJL1xpL1xpM845l8E8l2JjLrTfbIN9a2rNt+AgAAwG5Untc2Q9FY7Og3GouL6+f9V30xN1ksPnd6+dSZARUKAAAAVPafc2s33QohhBBCCCGEEGKIY3Vu0FcgAAAAgFGTzhd2jZWtnamrtbVmf/kvPNzo/nzYAnX//n99/ukB5+9ixPO//6q/OAAAVDesR5PlfpXH0eU8Buk8gmPJ8zZ7/N9ItjO+yTpz8wrulvkGc3Wm39edKlf/Zn+Og5KrP50Pc6fK1Z/O07lT5eqfqrmOqnL1d7nysyPl6t9Tcx1V5erfW3MdVeXqn6m5jqpy9c/WXEdVufpvqLmOqnL176u5jqpy9e+W22pz9TdrrqOqXP3zNddRVa7+G2uuo6pc/TfVXEdVufpvrrmOQbkztuX3YX9mvZku53S75RwPAAAARt3/zP8nhBBCtMf6LRCDr0MIIYQQYkvj3KAvQAAAAAADV74voHzX+2pUjo/1GB9vH5/eWKEcn+jx/Mke41M9xgEAAIAQfvf6qdveKjbmu7ve+fDKeaP2hE+uhArzGKXzEW42//XOe3a9+XfLvGUAAACMluIHn1+5/9H3Xpi/dH7/8baz3yvxfLecB3Q8Xhv4NPbL+wJmk35RnkMf78zTyKyXXh+4Ibe9x69zRwEAAGCElefvzVA0FtvOu5uh0Vhc3DgfXwgTxanTyycPxX75+Sx/nJuYurr8oZrrBgAAAPq3cb7f/fy//BzfhTBZLD53evnUmfX+bGv5RKP9usDcxvKi/bpAM1l+OLP8SOyXn9/5o7k9a8sXT/x4+amt3nkAAAAYEWdePPvMk8vLJ3/igQceeNB6MOi/TAAAwFb78su3J356ZPb36+//35j/7kp8cCD2m3Fuv7/E5eV9AuX7AK55v/4TnXnmcus937leM1lvLMZUUvd023bC2nyDnc+bz+Vrdm5nMpNvJsk3m+RL5ykYT9YvuswlGLrMT1iuN5csT+dhHE9yFEn+u7vkAgAAgNLSC88+v3TmxbMPnn72yadPPn3yuSOHj33/2LFDD33voaW1+/qX2u/uBwAAAHajjZt+B10JAAAAAAAAAAAAAAAAAAAAjK46Pk5s0PsIAAAAo+7f50IIK0JkovyAwUHXIXZyrE4NvobhjrBD/x2+/tHgaxBCCCF2R0wN/P9y531iJYTV1fST5gEAAAC21+WLL51ob6+xUmxpvtbWmuvNlZi3bGcf/Nv81ShXu/Bw5/WSvVtaDaOu7t9/+Xdq/qmu4++/urX5p8PG377Q19+/RucGjnf09vSb996lXy+08ocQbh/vM3+6/4/3m7HTwST/vaG//KvvJfmf6Og1+s1/X5J/b5/5r9n/5/vN2On+mH8h9g/e02/+zl0sf0vL/ej3F+C7yf4/FfrNn+x/s8+EiQdifgAYRa3/zVfPDbaQLVYeJZTH0zOxX+5vPNwM6d0Pmz3+byTbGb/uyju3Wx4H3Rr70606OvOWNlt/+X2Zje0NFetM7Za7SnL1b9XPcbvl6p+ouY6qcvVP1lxHVbn6u5+97zy5+qdrrqOqXP19X4gYsFz9u+W6cq7+mZrrqCpX/2zNdVSVq3+z/48PSq7+fTXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7Hy7PP+fiWNlvJv2pLt/Lvl8MAQAAALbVv3bkPBBtVw4GXosQQgghhBDDH/9dXTfoOoQQ2xerq4O8+sCgbe+7mQHYqfz9H21+/qPNz3+0+fnzdcpX4oukXxrrMT7eY3yix/hkMp7+vk71GL8p2e5qeV0zurnH+DfiHuTG9/V4/q09xhd6jN/WY/z2HuN39BgHAABgNNwSW+eHAAAAMLxe/s2nb/z23icuzl86v/94mLxm3vlDsT8VX1t/PfbTee9LE/E1/5/F/q9i+4fY/iNZ3/0nAAAAsP3Kz4nx+j8AAAAMr/JzSp3/AwAAwPCaj63zfwAAABheN8bW+T8AAAAMsWK6++LYltcF7o5tv/P6AQA73zdje2ds98f2rth+K7blccA9sf12TfUBAFvnlz/8+bG3io35/o8k45fj8rK9xsr6lYKi0TmT/57Y7o3td/qsJ/08gH7zl/b1mWe78s9dZ34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHg01r4ePbpQhPDOZ28/+ovJN/56ddldrTUOrH0tYq8ZQphoPa8c3eh/FFe8fPGlE+3tldgW4XAoQtFaHh670Mo0E0JYCQfC56EZPlxa/uqDdx85+PFr07e8efaZV7bxW9CxfwAAADCM/h8AAP//PZYhLQ==")
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, 0x0)

4m25.186120124s ago: executing program 34 (id=2245):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file1\x00', 0x2, &(0x7f0000000400)=ANY=[], 0x1, 0xf0d, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiICYHhCVEEVCnCoOVFwolQJSkUCVKtRT21Or3npCvVCpSqWgHtpIiavYb9a7L/vY9cSetXd/P+nz2zdvdr5vbMeZmZ19G4CR1Vj7evToQhHCO5+9/ejLTxWfXF12V2uNA2tfi9hrhhAm2vpFsr0v4oLLF1860a0twuG1r2U/PHah9dyZEMJKOBA+D83w4dLyVx+8+8jBj1+bvuXNs8+8sk2735LuBwAADKPzf17++33//NMD85fO7z8eplrLy+PzZuzPxOP+Q/FAuTxeboTOftEW7SaT9cZiNJL1xpL1xpM845l8E8l2JjLrTfbIN9a2rNt+AgAAwG5Untc2Q9FY7Og3GouL6+f9V30xN1ksPnd6+dSZARUKAAAAVPafc2s33QohhBBCCCGEEGKIY3Vu0FcgAAAAgFGTzhd2jZWtnamrtbVmf/kvPNzo/nzYAnX//n99/ukB5+9ixPO//6q/OAAAVDesR5PlfpXH0eU8Buk8gmPJ8zZ7/N9ItjO+yTpz8wrulvkGc3Wm39edKlf/Zn+Og5KrP50Pc6fK1Z/O07lT5eqfqrmOqnL1d7nysyPl6t9Tcx1V5erfW3MdVeXqn6m5jqpy9c/WXEdVufpvqLmOqnL176u5jqpy9e+W22pz9TdrrqOqXP3zNddRVa7+G2uuo6pc/TfVXEdVufpvrrmOQbkztuX3YX9mvZku53S75RwPAAAARt3/zP8nhBBCtMf6LRCDr0MIIYQQYkvj3KAvQAAAAAADV74voHzX+2pUjo/1GB9vH5/eWKEcn+jx/Mke41M9xgEAAIAQfvf6qdveKjbmu7ve+fDKeaP2hE+uhArzGKXzEW42//XOe3a9+XfLvGUAAACMluIHn1+5/9H3Xpi/dH7/8baz3yvxfLecB3Q8Xhv4NPbL+wJmk35RnkMf78zTyKyXXh+4Ibe9x69zRwEAAGCElefvzVA0FtvOu5uh0Vhc3DgfXwgTxanTyycPxX75+Sx/nJuYurr8oZrrBgAAAPq3cb7f/fy//BzfhTBZLD53evnUmfX+bGv5RKP9usDcxvKi/bpAM1l+OLP8SOyXn9/5o7k9a8sXT/x4+amt3nkAAAAYEWdePPvMk8vLJ3/igQceeNB6MOi/TAAAwFb78su3J356ZPb36+//35j/7kp8cCD2m3Fuv7/E5eV9AuX7AK55v/4TnXnmcus937leM1lvLMZUUvd023bC2nyDnc+bz+Vrdm5nMpNvJsk3m+RL5ykYT9YvuswlGLrMT1iuN5csT+dhHE9yFEn+u7vkAgAAgNLSC88+v3TmxbMPnn72yadPPn3yuSOHj33/2LFDD33voaW1+/qX2u/uBwAAAHajjZt+B10JAAAAAAAAAAAAAAAAAAAAjK46Pk5s0PsIAAAAo+7f50IIK0JkovyAwUHXIXZyrE4NvobhjrBD/x2+/tHgaxBCCCF2R0wN/P9y531iJYTV1fST5gEAAAC21+WLL51ob6+xUmxpvtbWmuvNlZi3bGcf/Nv81ShXu/Bw5/WSvVtaDaOu7t9/+Xdq/qmu4++/urX5p8PG377Q19+/RucGjnf09vSb996lXy+08ocQbh/vM3+6/4/3m7HTwST/vaG//KvvJfmf6Og1+s1/X5J/b5/5r9n/5/vN2On+mH8h9g/e02/+zl0sf0vL/ej3F+C7yf4/FfrNn+x/s8+EiQdifgAYRa3/zVfPDbaQLVYeJZTH0zOxX+5vPNwM6d0Pmz3+byTbGb/uyju3Wx4H3Rr70606OvOWNlt/+X2Zje0NFetM7Za7SnL1b9XPcbvl6p+ouY6qcvVP1lxHVbn6u5+97zy5+qdrrqOqXP19X4gYsFz9u+W6cq7+mZrrqCpX/2zNdVSVq3+z/48PSq7+fTXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7Hy7PP+fiWNlvJv2pLt/Lvl8MAQAAALbVv3bkPBBtVw4GXosQQgghhBDDH/9dXTfoOoQQ2xerq4O8+sCgbe+7mQHYqfz9H21+/qPNz3+0+fnzdcpX4oukXxrrMT7eY3yix/hkMp7+vk71GL8p2e5qeV0zurnH+DfiHuTG9/V4/q09xhd6jN/WY/z2HuN39BgHAABgNNwSW+eHAAAAMLxe/s2nb/z23icuzl86v/94mLxm3vlDsT8VX1t/PfbTee9LE/E1/5/F/q9i+4fY/iNZ3/0nAAAAsP3Kz4nx+j8AAAAMr/JzSp3/AwAAwPCaj63zfwAAABheN8bW+T8AAAAMsWK6++LYltcF7o5tv/P6AQA73zdje2ds98f2rth+K7blccA9sf12TfUBAFvnlz/8+bG3io35/o8k45fj8rK9xsr6lYKi0TmT/57Y7o3td/qsJ/08gH7zl/b1mWe78s9dZ34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHg01r4ePbpQhPDOZ28/+ovJN/56ddldrTUOrH0tYq8ZQphoPa8c3eh/FFe8fPGlE+3tldgW4XAoQtFaHh670Mo0E0JYCQfC56EZPlxa/uqDdx85+PFr07e8efaZV7bxW9CxfwAAADCM/h8AAP//PZYhLQ==")
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, 0x0)

3m35.325838095s ago: executing program 6 (id=2375):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000002c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@abort}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@nodelalloc}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000080)='.\x00', 0x518282, 0x78e22799f4a46e8e)
pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)="591e78ffdb", 0x5}], 0x10000000000000ba, 0x0, 0x0)

3m31.73963088s ago: executing program 6 (id=2381):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000000000010ac05470200000000000109022400010000500009040002010300010009210000000122f80409058103"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

3m26.751144479s ago: executing program 6 (id=2391):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x7a, &(0x7f0000001400)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "f6ff01", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0xdd86, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x10}, 0x1, {0x7b43}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x5, 0xec, 0x0, 0xd, 0x0, 0x1, 0x1, 0x1, 0x1}}}}}}}}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r1 = getpid()
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
rt_tgsigqueueinfo(r1, r1, 0x1d, &(0x7f0000000040)={0x1f, 0x4, 0xfff})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
preadv(r4, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0xfffffe01}], 0x1, 0x8000, 0x0)

3m24.467097344s ago: executing program 6 (id=2395):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000300)='./file2\x00', 0x80, &(0x7f00000010c0)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098fe0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4ece31c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000000)='./file0\x00', 0x2000494, &(0x7f0000000440)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c00484516000000000037c015c57600912233eefc80e89be5a1ef2c27ebf5171169dcfa4805d89c7e1f70d73d649ba4afab8b2194a9e8b537ad2ed68f8319883b84237da3bf9213365872b3f3"], 0x1, 0x2b9, &(0x7f0000000fc0)="$eJzs3E1rE3sUx/HTpm3SlDa5cLlwL1w96EY3QxtfgAZpQQwotSnqQpjaiYaMSZkJlYjYbMStr6O4dCeoL8BuxI17d0UQ3HQhjjiTaZM2rWmap7bfD5T5Z87/x5ymD5wEJpu3Xz4q5FwjZ5ZlOKYyLFKVLZHk71XNUO047K/HpF5VLk58//z/rTt3r6czmdl51bn0wqWUqk6dffv46atz78sTi6+n3kRlI3lv81vqy8Y/G/9u/lx4mHdHxdViqaymLpVKZXPJtnQ57xYM1Zu2ZbqW5ouu5TTUc3ZpZaWiZnF5Mr7iWK6rZrGiBaui5ZKWnYqaD8x8UQ3D0Mm4nG4jLezJrs/Pm+l9y16kox2h68abnXScdLV5Mbveg54AAMCAOXj+D2b9/ef/zGJwbGv+1/x+87/Ikef/D2O9fy6Pg2rDoz/M/6FE07OxjjWFrnKctBmv/f02Yv4HAAAAAAAAAAAAAAAAAAAAAOA42PK8hOd5ifAYfkVrN3iEj/vdJ7qjzZ//5T61iw6ru3EvJmK/WM2uZoNjUE/nJC+2WDItCfnh/z7UBOu5a5nZafUl5Z29VsuvrWYjEg3zoWSYH/JvQwvyZ/6aCfLamB+VeP31U5KQv5tfP9U0PyYXztflDUnIx/tSEluW/Wvv5J/NqF69kdmVH/f3AQAAAABwEhi6bc/rd7/ub4jJ3nqQP8T7A7teX4/If618RCUAAAAAADgyt/KkYNq25bSxiIrIEeIndRGRgWhj1+KKiAxAG71axEQkOKPtxL9ux1tKeS3sGRGRvj8th1j0+z8TAAAAgE7bGfoPEfr0vIsdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+rT6eWDh/j2lsHBAvO5ykZ5/gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA+RUAAP//ovscvw==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

3m23.044311995s ago: executing program 6 (id=2400):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz0\x00', 0x200002, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x2, 0x3, 0xff)
setsockopt$inet_int(r4, 0x0, 0x17, &(0x7f0000000240)=0x10000, 0x4)
setsockopt$inet_int(r4, 0x0, 0x3, 0x0, 0x0)
setsockopt$inet_int(r4, 0x0, 0x14, &(0x7f0000000140)=0x9, 0x4)
sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x8, 0x4, 0x3}, 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

3m17.968704741s ago: executing program 6 (id=2409):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x2a8, 0x98, 0x2a8, 0x130, 0x1f0, 0x370, 0x370, 0x98, 0x370, 0x370, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x69}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x3, {0x5}}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004004)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, 0x0)
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80800)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40200, 0x0)
ioctl$TIOCPKT(r4, 0x5420, &(0x7f00000000c0)=0x3ff)
sendfile(r3, r4, 0x0, 0x10ffff)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000740)={0x6e, 0x483aa015, 0x0, 0x0, 0x0, "fe00"})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, 0x0)
r5 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000040))
pwritev2(r5, 0x0, 0x0, 0x7f, 0xc, 0x18)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

3m16.300294794s ago: executing program 35 (id=2409):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x2a8, 0x98, 0x2a8, 0x130, 0x1f0, 0x370, 0x370, 0x98, 0x370, 0x370, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x69}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x3, {0x5}}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004004)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, 0x0)
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80800)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40200, 0x0)
ioctl$TIOCPKT(r4, 0x5420, &(0x7f00000000c0)=0x3ff)
sendfile(r3, r4, 0x0, 0x10ffff)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000740)={0x6e, 0x483aa015, 0x0, 0x0, 0x0, "fe00"})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, 0x0)
r5 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000040))
pwritev2(r5, 0x0, 0x0, 0x7f, 0xc, 0x18)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

1m40.797795336s ago: executing program 7 (id=2635):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x4, 0x3, 0x8b, 0x9, 0x1, 0x9, 0x7f, 0x1, 0x10, 0x4f, 0x2, 0x9, 0x5, 0x5}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x52}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x4}, &(0x7f0000000180)=0x8)

1m39.106465638s ago: executing program 7 (id=2639):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f00000000c0)={0x0, 0x2, '\x00', 0x9, 0xf8})

1m38.037112345s ago: executing program 7 (id=2642):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = socket$inet6(0xa, 0x3, 0xff)
r4 = dup2(r3, r3)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)

1m36.864337581s ago: executing program 7 (id=2646):
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1d4)
getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15)

1m35.896063844s ago: executing program 7 (id=2648):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000000000010ac05470200000000000109022400010000500009040002010300010009210000000122f80409058103"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)

1m33.002231522s ago: executing program 7 (id=2655):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
rt_sigqueueinfo(0xffffffffffffffff, 0x7, &(0x7f0000000300)={0x11, 0x2, 0x18d9})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

1m31.283492384s ago: executing program 36 (id=2655):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
rt_sigqueueinfo(0xffffffffffffffff, 0x7, &(0x7f0000000300)={0x11, 0x2, 0x18d9})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

11.169820091s ago: executing program 3 (id=2903):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
socket$kcm(0x29, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10)
connect$inet(r2, &(0x7f0000003580)={0x2, 0x4e21, @dev}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x9, &(0x7f0000000100)=0xfffffffc, 0x56)

10.225080957s ago: executing program 0 (id=2906):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x7, 0x6, 0x8c}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073016e00000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48)

10.081353493s ago: executing program 3 (id=2907):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, 0x0}, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.678615378s ago: executing program 0 (id=2909):
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1f, 0x4, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x208400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
read$msr(0xffffffffffffffff, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40046f41, &(0x7f0000000440)=0x1f)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x8a, &(0x7f0000000040), 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)

9.407535406s ago: executing program 3 (id=2911):
syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904"], 0x0)

9.174272116s ago: executing program 1 (id=2912):
r0 = syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x68b, &(0x7f0000000240)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXL7F3ndhri88nmp3nmedlnuc3Mzu7s4oc4H/WtXNpPE4t1869uVzkVx7NdFYezdzpp5NMJKknjd4qtbtJ7aPkanpLPlNsrLqrPW0/HyzMvv3xpyuf9HKNainr17drt8mV+hYbH1ZLziQ5Uq2fwbr+rm/orzVyd7XVGRYBO9sPHIxbM0l3ne+eWivZ0fDXLXBg1Xr3zU0X9FRyNMlk9Tmgd1fs3bMPtYfjHgAAAADsgxd+WX6FPzbucQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhUv39/1q11PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3j20dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5T20ci+fwff/edW527tydu3jt3cKY0gomBJ2gbIzEzEImXh43ErcMaiUHTZSROruav5Rv5ds7lTN7KYhbyvcxlKfM5k69nLkcyV53PxevU9pG6ui731k4jaZXHpVm9iw4/pqXM5dWy7bEs5Ft5Nzcynyvlv0u5mNdzOZczO3CETw5x1ddHe6c9+4WBh8m/SNIert0+KAZ2fPXuNHjWT5fXwfF1W9ai9OLzvx81Plslin38pFofDBsjcXEgEi9tH4nflG8r9zp3by/emntvyP29Vq2L6+hnB+ouUZwvLxYHq8ytPzuKspc2lk324tWqfnHpla2/4xZlJ1fLdrpSW9VnuM09XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94VOK9jDRTtLfkuzUqpmd6+xNopWkTDT6idH6mRiqcmvt6Lzx+2cZc3PUVslzCVSjOsnuP7j9z263u++HaYtEc5tzfi3RrWwq6g7VfGyJf3WfX4djfmMC9tyFpTvvXbh3/8GXFu7MvTP/zvzd2cuXZ6dnL1/524WbC5356d7ruEcJ7IW1m/64RwIAAAAAAAAAAAAMaz/+W8JTdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9rT9vPBwuzbH3+68kkv16iWsn59XbvmbmbxsFpyJsmRaj1o8hn6u16tdzWyUm11hkXAzvYDB+P23wAAAP//+B8RmQ==")
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r2, 0x89a3, &(0x7f0000000200)='bridge0\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
recvmsg$can_bcm(r3, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000d40)=[{0x0}, {&(0x7f0000000b00)=""/11, 0xb}], 0x2, &(0x7f0000000dc0)=""/125, 0x7d}, 0x10041)
pwrite64(r0, 0x0, 0x0, 0x1c0000000000000)
truncate(&(0x7f0000000040)='./file1\x00', 0x1001bfc)

9.153715305s ago: executing program 0 (id=2913):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$unix(r4, &(0x7f0000000800)={&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000003c0)=[@cred={{0x1c, 0x1, 0x2, {r2}}}], 0x20, 0x8000}, 0x890)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0)
ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f0000000100)={0x345, 0xdc, 0xfa4, 0x13b0, 0xa, "d50eccaa06b0439e502be82c4932d18c4582e2", 0x9, 0x1})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
add_key$user(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
unshare(0x4020400)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x1, 0xa7e, 0x1a}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x0, 0x8, 0x77}, {@remote, 0x4e20, 0x1, 0xcd}}, 0x44)
r6 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x2, @private=0xa010102, 0x4e21, 0x3, 'lblc\x00', 0x5, 0x8, 0x11}, {@remote, 0x4e1d, 0x3}}, 0x44)
sendmsg$sock(r6, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

8.922622026s ago: executing program 8 (id=2915):
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x60240, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201)

7.943217578s ago: executing program 0 (id=2916):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x60240, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201)
close_range(r0, 0xffffffffffffffff, 0x0)

7.544964526s ago: executing program 8 (id=2917):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket(0x22, 0x2, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
recvmsg$kcm(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0)

7.512397802s ago: executing program 0 (id=2918):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, 0x0, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, 0x0, &(0x7f0000001480))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000084}, 0x44884)
write(r4, 0x0, 0x0)

7.054588149s ago: executing program 9 (id=2920):
r0 = socket(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000140), &(0x7f0000000240)=0x4)

7.049843952s ago: executing program 1 (id=2921):
syz_usb_connect$uac1(0x0, 0xc1, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xaf, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7}, @as_header={0x7}, @as_header={0x7}, @as_header={0x7}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x0, 0x0, 0x0, "839253"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x0, 0x0, 0x0, "8a72012f619991247e"}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, "", "0f3f"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x8, 0x1, 0x71, {0x7, 0x25, 0x1, 0x102, 0x40, 0x8}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000000)={0xa}, 0xbf, &(0x7f0000000180)={0x5, 0xf, 0xbf, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "10123ee0edf71955ca288abaf2b151f3"}, @generic={0xa6, 0x10, 0x0, "c68f076287737e3601cd9076313000b57a84d31489e6c7316e5f57bd1a8b9e032bedddb73216ba827d25965448f106245f5fdc59659a58a65dc1022fa78d764611f5a059d74f48c694147fed9c2e18d0130c1df7740e453ea7d74b392e7f35e7dfd7d159e9ed48348dd1a7dc45b82c65543fd4d12192bbbff5b61ca60b37050bedc1c528d2efc351da341ada6f0e901a46bc6585431cbda419bfbc49f6e1e0a9566870"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4}}, {0xc, &(0x7f0000000280)=@string={0xc, 0x3, "f50cbb4ff4ea190a2f02"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000300)=@lang_id={0x4}}, {0x6d, &(0x7f0000000340)=@string={0x6d, 0x3, "f5e0c2ea3bfb4a90eef6005e4dd437b85aa63cee0450baa685175139621b8a8cd5ebd2064681472342ca1d8c1c01c744c91d4cc7acea104a3f17a1cb6fdd594df12b083e4f83af0cb515a4b680f69cd100f72ffb978ba266b6c71f6ff25b00e0ea67f752f4f654cfaa6ab8"}}, {0xcc, &(0x7f00000003c0)=@string={0xcc, 0x3, "008dcfd4fb50eae4cd12a129f1dafaf35956f605065ec7e914b9c5328969fb65076fef84ac32e36d0640becced8e1db27a34c8dba0528b85eb0aada3553a2f599fef4c39caab8515bea97f640cdbbf1aa9189660c3f58a6b81e7cfcd718bf18b9a03fdd5cc81e9e0e9122aa3df9df4a267c72b8355f93c698c781f8d45c8fb9fc19840ac8fa9690ee33022e66c14d5b6991677623846decb63efcb3618da506dfad1b9ee0d7e838144b74a6af29f5e5d8f1b0e0ac7ee125ffa997e8841f845d627f868f267fb6f803544"}}]})

6.61455737s ago: executing program 3 (id=2922):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x7, 0x6, 0x8c}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073016e00000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48)

6.607665598s ago: executing program 9 (id=2923):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0xc010)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

6.510702209s ago: executing program 2 (id=2924):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x3, @broadcast, 'macvlan1\x00'}}, 0x1e)
sendmmsg(r4, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="ab", 0x5ea}], 0x1}}], 0x484, 0x24048084)

6.310508819s ago: executing program 0 (id=2925):
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1f, 0x4, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x208400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = syz_open_dev$MSR(&(0x7f00000003c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40046f41, &(0x7f0000000440)=0x1f)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x8a, &(0x7f0000000040), 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)

6.205526919s ago: executing program 8 (id=2926):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000400)=[{0x1, 0x3, {0x2, 0x0, 0x3}, {0x0, 0xff, 0xb5136b999d190868}, 0x2, 0x2}, {0x1, 0x3, {0x0, 0xf0, 0x4}, {0x1}, 0xff, 0xfe}], 0x40)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)

6.078489442s ago: executing program 9 (id=2927):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x4)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa0)

6.066401271s ago: executing program 3 (id=2928):
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x12, &(0x7f0000000580)=ANY=[@ANYBLOB="636f6465706167653d63703733372c756d61736b3d30303030303030303030303030303030303030373737372c696f636861727365743d6d6163726f6d616e2c00c132f7d36481fcf97dccf78cfa7daf6825ef665eb163db201d6c13cd72fa3afa91aafaf54e6ba6969d3658c9240c7ec3318af10acda672b66e41b1831dfe26a89b1b2820620e55fbf859a609e57f2aab8ea8a7915d75fb4dc53bc4ac3dd3102fbf2571578726077b2b7577f55dfaa53a5bab2258b97b01aff1526a0ab78dcbb8d7485f3f185aaaa507641d3db038d754c159bb71dafcfa23b22342ed24e54f97b9092408b1de3725bb0cd05b4980d46bd9c0556fecbeeb"], 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/49, 0x31)

5.253478684s ago: executing program 2 (id=2929):
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x60240, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201)

4.886374134s ago: executing program 2 (id=2930):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x60240, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201)
close_range(r0, 0xffffffffffffffff, 0x0)

4.746356256s ago: executing program 3 (id=2931):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r5)
io_uring_setup(0x2e34, &(0x7f0000000240)={0x0, 0xe148, 0x0, 0x0, 0xd4})
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
read(r6, &(0x7f0000000840)=""/40, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00'}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0xfef85154c7902b6e)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a})
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)

4.659589103s ago: executing program 8 (id=2932):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r1, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400212100000000000000000200"], 0x28}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x8, 0x2, @dev}]}, 0x20}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}}, 0x18}}, 0x0)

4.655684209s ago: executing program 9 (id=2933):
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040832}, 0xc094)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
dup2(r2, r2)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e652043617074557265272030303030"], 0xb8)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)

4.475977309s ago: executing program 2 (id=2934):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
cachestat(r0, &(0x7f00000000c0)={0xbcb8, 0x3}, &(0x7f0000000100), 0x0)

3.791654357s ago: executing program 9 (id=2935):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
read$dsp(r0, &(0x7f0000000200)=""/133, 0x85)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000300)=0x1)

3.661504544s ago: executing program 1 (id=2936):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x4, [@var={0x3, 0x0, 0x0, 0x11, 0x3}]}, {0x0, [0x0, 0x0]}}, 0x0, 0x2c}, 0x28)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00')
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x102000007, 0x1e3002)
socket(0x10, 0x3, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r1, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0xfffffffffffffffd})

3.31837997s ago: executing program 8 (id=2937):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, 0x0, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, 0x0, &(0x7f0000001480))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000084}, 0x44884)
write(r4, 0x0, 0x0)

2.606657511s ago: executing program 2 (id=2938):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a90000000060a0b0400000000000000000200000064000480240001800b000100736f636b657400001400028008000240000000030800014000000002240001800b0001007470726f787900001400028008000140000000020800024000000003180001800d00010073796e70726f787900000000040002900900010073797a30000000000900020073797a32"], 0xb8}}, 0x40880)

2.384064403s ago: executing program 2 (id=2939):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
socket$kcm(0x29, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6e6577206400000000000000007365723a73797a30303030303030c767303830303030343039330000002b7af273dfb4728c6231c148da1dd87b614325fa2f8bf5b0f51c8e616606c6c87f8b84a2e52b9eeed8d5146c7984374ada6b2bfde7d5be6152d869045847005899ddca8d0fb85abe74dc"], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r4}, 0x18)
r5 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_SET_MASTER(r5, 0x641e)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10)
connect$inet(r3, &(0x7f0000003580)={0x2, 0x4e21, @dev}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000100)=0xfffffffc, 0x56)
openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180)

2.262629474s ago: executing program 1 (id=2940):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0xc010)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

2.04636184s ago: executing program 8 (id=2941):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
socket$kcm(0x29, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6e6577206400000000000000007365723a73797a30303030303030c767303830303030343039330000002b7af273dfb4728c6231c148da1dd87b614325fa2f8bf5b0f51c8e616606c6c87f8b84a2e52b9eeed8d5146c7984374ada6b2bfde7d5be6152d869045847005899ddca8d0fb85abe74dc"], 0x2a, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10)
connect$inet(r2, &(0x7f0000003580)={0x2, 0x4e21, @dev}, 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180)

2.04587569s ago: executing program 9 (id=2942):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000002c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@abort}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@nodelalloc}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000080)='.\x00', 0x518282, 0x78e22799f4a46e8e)
pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)="591e78", 0x3}], 0x1, 0x0, 0x0)

1.715261395s ago: executing program 1 (id=2943):
syz_open_dev$tty1(0xc, 0x4, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0xc0, &(0x7f0000000080)=ANY=[@ANYBLOB="646f74732c6e66732c71756965742c6e6f646f74732c636865636b3d7374726963742c6e66733d7374616c655f72772c646f74732c6572726f72733d636f6e74696e7565008000000000000074732c00"], 0x1, 0x23d, &(0x7f0000000a40)="$eJzs3cFq1EAcBvB/220be7Fn8RDw4qmobxBkBTEgrOSgJwPVSytCeome9jF8Bh/Jx+ipt4hN6NZUPUjadJvfD5Z87MfAzGVnDzO77x9+Ojr8fPKx+fEtkiSNWcQyziL2YzO2orXRPTfP805ctgwAYN0sFmU29hwY0MbVt6oqK7cjYvdKU3y/mUkBAAAAAAAAAAAwNOf/AWB6nP+/+6oqK/e672+/c/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGM9Z09xv/vEae34AwPDs/wAwPfZ/AJge+z8ATM+bt+9eZXk+X6RpEnG6rIu6aJ9t/+JlPn+SnttfjTqt62K7y/n8adun/X6vG//sj/1OPH7U9r+656/zXr8bh9e9eAAAAAAAAAAAAAAAAAAAALglDtILvfv9W21/8Le+TZd+H6B3f38WD2Y3tgwAAAAAAAAAAAAAAAAAAABYaydfvh6Vx8cfKkG4CPfiP0YlcTsmLwwSxv5kAgAAAAAAAAAAAAAAAACA6Vld+h17JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwntX//19fGHuNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDT8DAAA//8GmZGk")
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @empty}}}], 0x20}}], 0x1, 0x40000)

0s ago: executing program 1 (id=2944):
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x12, &(0x7f0000000580)=ANY=[@ANYBLOB="636f6465706167653d63703733372c756d61736b3d30303030303030303030303030303030303030373737372c696f636861727365743d6d6163726f6d616e2c00c132f7d36481fcf97dccf78cfa7daf6825ef665eb163db201d6c13cd72fa3afa91aafaf54e6ba6969d3658c9240c7ec3318af10acda672b66e41b1831dfe26a89b1b2820620e55fbf859a609e57f2aab8ea8a7915d75fb4dc53bc4ac3dd3102fbf2571578726077b2b7577f55dfaa53a5bab2258b97b01aff1526a0ab78dcbb8d7485f3f185aaaa507641d3db038d754c159bb71dafcfa23b22342ed24e54f97b9092408b1de3725bb0cd05b4980d46bd9c0556fecbeeb"], 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

   T30] audit: type=1400 audit(1763171895.910:55): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=12939 comm="syz.7.2233"
[  770.144835][T12945] loop4: detected capacity change from 128 to 0
[  770.390091][T12945] FAT-fs (loop4): Directory bread(block 33) failed
[  770.449342][T12923] loop1: detected capacity change from 0 to 32768
[  770.463319][T12945] FAT-fs (loop4): Directory bread(block 34) failed
[  770.497744][T12945] FAT-fs (loop4): Directory bread(block 35) failed
[  770.536988][T12945] FAT-fs (loop4): Directory bread(block 36) failed
[  770.556596][T12952] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2236'.
[  770.579776][T12923] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  770.605721][T12945] FAT-fs (loop4): Directory bread(block 37) failed
[  770.645496][T12945] FAT-fs (loop4): Directory bread(block 38) failed
[  770.664700][T12945] FAT-fs (loop4): Directory bread(block 39) failed
[  770.672645][T12945] FAT-fs (loop4): Directory bread(block 40) failed
[  770.686943][    T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  770.687832][T12962] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2236'.
[  770.705315][T12945] FAT-fs (loop4): FAT read failed (blocknr 32)
[  770.745841][T12923] XFS (loop1): Ending clean mount
[  770.783583][ T5830] FAT-fs (loop4): Directory bread(block 33) failed
[  770.856773][ T6158] FAT-fs (loop4): bread failed in fat_clusters_flush
[  770.869716][    T9] usb 1-1: Using ep0 maxpacket: 16
[  770.883785][    T9] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  770.903014][ T5830] FAT-fs (loop4): unable to read boot sector to mark fs as dirty
[  770.915306][    T9] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  770.937297][T12967] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  770.946824][    T9] usb 1-1: Product: syz
[  770.957377][T12923] XFS (loop1): User initiated shutdown received.
[  770.967474][    T9] usb 1-1: Manufacturer: syz
[  770.972089][    T9] usb 1-1: SerialNumber: syz
[  770.987036][T12923] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x67/0x190 (fs/xfs/xfs_fsops.c:472).  Shutting down filesystem.
[  771.013034][    T9] usb 1-1: config 0 descriptor??
[  771.027396][T12923] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  771.209638][ T5837] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  771.576295][ T6158] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.747615][T12978] loop0: detected capacity change from 0 to 1024
[  772.393057][T12978] hfsplus: invalid btree flag
[  772.398864][T12978] hfsplus: failed to load extents file
[  772.942520][ T6158] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.247715][ T6158] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.279756][T12983] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  773.381691][T12986] overlayfs: failed to resolve './file0': -2
[  773.603817][T11994] usb 1-1: USB disconnect, device number 50
[  773.681502][ T6158] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.916920][T12995] netlink: 'syz.0.2249': attribute type 32 has an invalid length.
[  773.928677][T12993] loop6: detected capacity change from 0 to 1024
[  773.983937][T12976] xt_TCPMSS: Only works on TCP SYN packets
[  774.456142][   T30] audit: type=1804 audit(1763171900.350:56): pid=13000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2250" name="/newroot/44/file0/bus" dev="loop6" ino=26 res=1 errno=0
[  774.570852][T13001] hfsplus: found bad thread record in catalog
[  774.583574][T13001] hfsplus: found bad thread record in catalog
[  774.781950][T13000] hfsplus: xattr searching failed
[  775.196999][   T30] audit: type=1800 audit(1763171900.690:57): pid=13000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2250" name="bus" dev="loop6" ino=26 res=0 errno=0
[  775.231604][ T1330] hfsplus: b-tree write err: -5, ino 4
[  775.336723][   T30] audit: type=1400 audit(1763171901.190:58): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=13003 comm="syz.0.2252"
[  775.363863][T11678] Bluetooth: hci0: command tx timeout
[  775.437510][T11569] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  775.527259][T11569] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  775.543190][T11569] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  775.544416][ T6158] bridge_slave_1: left allmulticast mode
[  775.561491][T11569] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  775.572684][T11569] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  775.592518][ T6158] bridge_slave_1: left promiscuous mode
[  775.654093][ T6158] bridge0: port 2(bridge_slave_1) entered disabled state
[  775.702593][T13008] loop6: detected capacity change from 0 to 1024
[  775.798051][ T6158] bridge_slave_0: left allmulticast mode
[  775.806910][ T6158] bridge_slave_0: left promiscuous mode
[  775.834522][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state
[  775.987891][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.894479][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.903028][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.916453][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.926891][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.934381][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.947205][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  776.954509][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  777.031937][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  777.062525][T13016] hfsplus: request for non-existent node 16777216 in B*Tree
[  777.220131][   T30] audit: type=1800 audit(1763171903.110:59): pid=13016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2253" name="file1" dev="loop6" ino=20 res=0 errno=0
[  777.648587][T11569] Bluetooth: hci1: command tx timeout
[  779.687086][T11569] Bluetooth: hci1: command tx timeout
[  780.539240][T13040] overlayfs: failed to resolve './file0': -2
[  780.705737][T13044] loop1: detected capacity change from 0 to 1024
[  781.687835][T13049] loop0: detected capacity change from 0 to 32768
[  781.707315][   T30] audit: type=1804 audit(1763171907.600:60): pid=13051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2264" name="/newroot/348/file0/bus" dev="loop1" ino=26 res=1 errno=0
[  781.825182][T13052] hfsplus: found bad thread record in catalog
[  781.843630][T13052] hfsplus: found bad thread record in catalog
[  781.893398][T11569] Bluetooth: hci1: command tx timeout
[  782.051359][T13051] hfsplus: xattr searching failed
[  782.260454][   T30] audit: type=1800 audit(1763171907.950:61): pid=13051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2264" name="bus" dev="loop1" ino=26 res=0 errno=0
[  782.344706][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  782.367796][ T6347] hfsplus: b-tree write err: -5, ino 4
[  782.394104][T13049] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  782.404233][T13049] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  782.430678][T13049] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  782.439892][    T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  782.458225][    T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  782.526316][    T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 68ms
[  782.585329][    T9] gfs2: fsid=syz:syz.0: jid=0: Done
[  782.609920][T13049] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  782.667526][T13059] loop1: detected capacity change from 0 to 128
[  782.769605][T13059] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  782.857247][T13059] ext4 filesystem being mounted at /349/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  783.907247][T11569] Bluetooth: hci1: command tx timeout
[  784.293073][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  784.387200][ T6158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  784.470068][ T6158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  784.532652][ T6158] bond0 (unregistering): Released all slaves
[  784.547662][T11569] Bluetooth: hci4: command 0x0406 tx timeout
[  784.884614][T13005] lo speed is unknown, defaulting to 1000
[  786.618085][ T5906] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  786.643953][T13089] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  787.556798][ T5906] usb 1-1: device descriptor read/64, error -71
[  787.832715][T13096] loop2: detected capacity change from 0 to 128
[  787.858776][ T5906] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  788.006792][ T5906] usb 1-1: device descriptor read/64, error -71
[  788.064064][T13096] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  788.136882][ T5906] usb usb1-port1: attempt power cycle
[  788.202665][T13102] loop6: detected capacity change from 0 to 1024
[  788.246895][T13096] ext4 filesystem being mounted at /384/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  788.273004][T13005] chnl_net:caif_netlink_parms(): no params data found
[  788.547106][ T5906] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  788.757470][   T30] audit: type=1804 audit(1763171914.620:62): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2279" name="/newroot/49/file0/bus" dev="loop6" ino=26 res=1 errno=0
[  788.852392][T13107] hfsplus: found bad thread record in catalog
[  788.865592][T13107] hfsplus: found bad thread record in catalog
[  789.090417][T13106] hfsplus: xattr searching failed
[  789.305640][ T5906] usb 1-1: device descriptor read/8, error -71
[  789.388462][   T30] audit: type=1800 audit(1763171914.990:63): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2279" name="bus" dev="loop6" ino=26 res=0 errno=0
[  789.565180][ T6347] hfsplus: b-tree write err: -5, ino 4
[  789.634271][ T5906] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  790.013126][ T5906] usb 1-1: device descriptor read/8, error -71
[  790.138668][ T5906] usb usb1-port1: unable to enumerate USB device
[  790.165586][ T6158] hsr_slave_0: left promiscuous mode
[  790.459077][ T6158] hsr_slave_1: left promiscuous mode
[  790.567319][T13120] loop0: detected capacity change from 0 to 128
[  790.625602][T13120] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  790.655634][T13120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  791.172022][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  791.291779][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_0
[  791.576968][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  791.584420][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_1
[  791.615431][   T30] audit: type=1326 audit(1763171917.500:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13124 comm="syz.6.2284" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1d5db8f6c9 code=0x0
[  791.691189][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  791.858310][T13132] loop0: detected capacity change from 0 to 512
[  791.908101][ T6158] veth1_macvtap: left promiscuous mode
[  791.936874][ T6158] veth0_macvtap: left promiscuous mode
[  791.954627][ T6158] veth1_vlan: left promiscuous mode
[  791.979026][ T6158] veth0_vlan: left promiscuous mode
[  793.484245][T13144] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  795.507524][T11678] Bluetooth: hci0: command tx timeout
[  796.488189][T13167] loop7: detected capacity change from 0 to 128
[  797.128936][T13167] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[  797.145646][T13167] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  797.170834][    T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  797.436943][    T9] usb 1-1: Using ep0 maxpacket: 32
[  797.456073][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  797.476862][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  797.507026][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  797.516127][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.616919][    T9] usb 1-1: config 0 descriptor??
[  798.646878][    T9] hub 1-1:0.0: USB hub found
[  798.680166][    T9] hub 1-1:0.0: 1 port detected
[  799.084698][    T9] usb 1-1: USB disconnect, device number 55
[  799.118773][ T6158] team0 (unregistering): Port device team_slave_1 removed
[  799.179463][T13180] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2302'.
[  799.217453][ T6158] team0 (unregistering): Port device team_slave_0 removed
[  799.276228][T13181] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2302'.
[  799.500600][T13187] loop6: detected capacity change from 0 to 128
[  799.540813][T13187] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  799.573651][T13187] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  799.657334][T13187] EXT4-fs warning (device loop6): ext4_group_add:1735: No reserved GDT blocks, can't resize
[  799.834287][T11568] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  799.969693][T13198] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  800.564039][T13204] loop6: detected capacity change from 0 to 1024
[  801.491752][T13216] loop6: detected capacity change from 0 to 32768
[  801.504562][T13216] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2315 (13216)
[  801.521179][T13216] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  801.531398][T13216] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  802.201775][T13216] BTRFS info (device loop6): enabling ssd optimizations
[  802.209021][T13216] BTRFS info (device loop6): turning on async discard
[  802.215842][T13216] BTRFS info (device loop6): enabling free space tree
[  802.397496][T11994] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  802.464494][   T30] audit: type=1800 audit(1763171928.360:65): pid=13216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2315" name="file1" dev="loop6" ino=260 res=0 errno=0
[  802.539746][T13242] loop7: detected capacity change from 0 to 16
[  802.578729][T11994] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  802.592035][T13242] erofs (device loop7): mounted with root inode @ nid 36.
[  802.621755][T11994] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  802.665985][T11994] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.741834][T11994] usb 3-1: config 0 descriptor??
[  802.914282][T11568] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  803.424825][T11994] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor
[  803.484812][T11994] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0014/input/input14
[  803.760230][T13005] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.126827][T13005] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.134104][T13005] bridge_slave_0: entered allmulticast mode
[  804.169111][T13005] bridge_slave_0: entered promiscuous mode
[  804.254213][T13005] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.325126][T13005] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.373954][T13005] bridge_slave_1: entered allmulticast mode
[  804.435572][T13005] bridge_slave_1: entered promiscuous mode
[  804.518087][T13267] loop7: detected capacity change from 0 to 512
[  804.549634][T13267] EXT4-fs (loop7): Test dummy encryption mode enabled
[  804.576871][T13267] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended
[  804.620503][T11994] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  804.637783][T11994] usb 3-1: USB disconnect, device number 31
[  804.644880][T13267] EXT4-fs (loop7): Errors on filesystem, clearing orphan list.
[  804.717061][T13267] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  804.743961][T13267] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2324'.
[  805.011007][T13005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  805.502013][T13271] fido_id[13271]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  806.338877][T11673] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  807.217534][T13005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  807.729994][T13291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2332'.
[  807.782433][T13300] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2332'.
[  807.941337][T13005] team0: Port device team_slave_0 added
[  807.977003][ T1211] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  808.034983][ T6158] IPVS: stop unused estimator thread 0...
[  808.076415][T13005] team0: Port device team_slave_1 added
[  808.207959][ T1211] usb 7-1: Using ep0 maxpacket: 16
[  808.230163][ T1211] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  808.251058][ T1211] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.356287][T13005] batman_adv: batadv0: Adding interface: batadv_slave_0
[  808.394784][ T1211] usb 7-1: Product: syz
[  808.413426][ T1211] usb 7-1: Manufacturer: syz
[  808.428554][T13005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  808.431900][ T1211] usb 7-1: SerialNumber: syz
[  808.539928][ T1211] usb 7-1: config 0 descriptor??
[  808.562984][T13005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  808.612520][T13005] batman_adv: batadv0: Adding interface: batadv_slave_1
[  808.643372][T13005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  808.717934][T13005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  808.936099][T13313] loop2: detected capacity change from 0 to 1024
[  808.953585][T13313] EXT4-fs: Ignoring removed oldalloc option
[  808.967411][T13313] EXT4-fs: Ignoring removed bh option
[  809.000952][T13313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  809.043257][ T1211] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  809.079379][T13005] hsr_slave_0: entered promiscuous mode
[  809.095662][T13005] hsr_slave_1: entered promiscuous mode
[  809.136453][ T1211] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  809.196249][ T1211] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  809.228587][ T1211] usb 7-1: media controller created
[  809.235829][T13297] dtv5100: wlen = 0, aborting.
[  809.289716][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  809.403902][ T1211] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  809.541798][ T1211] zl10353_read_register: readreg error (reg=127, ret==0)
[  809.562479][ T1211] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  809.591987][ T1211] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  809.680697][ T1211] usb 7-1: USB disconnect, device number 3
[  809.924911][ T1211] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  810.161429][T13329] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  810.332587][T13005] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  810.395149][T13005] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  810.487341][T13005] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  810.536971][T13005] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  810.563792][T13340] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  810.865919][T13005] 8021q: adding VLAN 0 to HW filter on device bond0
[  810.987631][T13005] 8021q: adding VLAN 0 to HW filter on device team0
[  811.092206][ T6157] bridge0: port 1(bridge_slave_0) entered blocking state
[  811.099460][ T6157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  811.447735][T13358] loop2: detected capacity change from 0 to 1024
[  812.045942][ T6158] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.053273][ T6158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  812.313624][T13005] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  812.420252][T13005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  812.557076][   T30] audit: type=1804 audit(1763171938.420:66): pid=13372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2345" name="/newroot/396/file0/bus" dev="loop2" ino=26 res=1 errno=0
[  812.648250][T13374] hfsplus: found bad thread record in catalog
[  812.663241][T13374] hfsplus: found bad thread record in catalog
[  812.688661][T11678] Bluetooth: hci0: command tx timeout
[  812.863806][T13372] hfsplus: xattr searching failed
[  813.196702][   T30] audit: type=1800 audit(1763171938.770:67): pid=13372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2345" name="bus" dev="loop2" ino=26 res=0 errno=0
[  813.220293][   T13] hfsplus: b-tree write err: -5, ino 4
[  813.299514][ T5926] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  813.747006][ T5926] usb 7-1: Using ep0 maxpacket: 8
[  813.961044][ T5926] usb 7-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  814.060731][ T5926] usb 7-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  814.113878][ T5926] usb 7-1: config 0 interface 0 has no altsetting 0
[  814.863754][T13384] loop1: detected capacity change from 0 to 4096
[  815.079712][ T5926] usb 7-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  815.089072][ T5926] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  815.105428][ T5926] usb 7-1: config 0 descriptor??
[  816.127980][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2351'.
[  816.293246][T13005] 8021q: adding VLAN 0 to HW filter on device batadv0
[  816.321607][ T5926] usbhid 7-1:0.0: can't add hid device: -71
[  816.340168][ T5926] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  816.437821][ T5926] usb 7-1: USB disconnect, device number 4
[  816.524566][T13406] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  816.709746][T13409] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  816.811589][T13409] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  818.045657][T13433] loop6: detected capacity change from 0 to 1024
[  818.322102][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  818.332210][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  818.756756][T11678] Bluetooth: hci0: command tx timeout
[  819.089292][ T5938] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  819.103686][   T30] audit: type=1804 audit(1763171944.990:68): pid=13440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2362" name="/newroot/67/file0/bus" dev="loop6" ino=26 res=1 errno=0
[  819.209067][T13441] hfsplus: found bad thread record in catalog
[  819.221611][T13441] hfsplus: found bad thread record in catalog
[  819.399319][T13440] hfsplus: xattr searching failed
[  819.500166][   T30] audit: type=1800 audit(1763171945.300:69): pid=13440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2362" name="bus" dev="loop6" ino=26 res=0 errno=0
[  819.597404][ T5938] usb 2-1: device descriptor read/64, error -71
[  819.815997][ T6157] hfsplus: b-tree write err: -5, ino 4
[  819.838251][T13449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2365'.
[  819.869257][ T5938] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  820.303044][ T5938] usb 2-1: device descriptor read/64, error -71
[  821.323394][ T5938] usb usb2-port1: attempt power cycle
[  821.347850][T13005] veth0_vlan: entered promiscuous mode
[  821.544642][T13005] veth1_vlan: entered promiscuous mode
[  822.511579][T13005] veth0_macvtap: entered promiscuous mode
[  822.550431][T13005] veth1_macvtap: entered promiscuous mode
[  822.600055][T13471] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2370'.
[  822.611727][T13476] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  822.625968][T13475] fuse: Bad value for 'group_id'
[  822.659486][T13478] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2370'.
[  822.676839][T13475] fuse: Bad value for 'group_id'
[  822.714454][T13479] loop0: detected capacity change from 0 to 128
[  822.744260][T13479] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  822.790377][T13479] ext4 filesystem being mounted at /435/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  823.953025][T13005] batman_adv: batadv0: Interface activated: batadv_slave_0
[  824.233362][T13005] batman_adv: batadv0: Interface activated: batadv_slave_1
[  824.308510][T13491] loop6: detected capacity change from 0 to 1024
[  824.330786][ T1330] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  824.339390][T13491] EXT4-fs: Ignoring removed oldalloc option
[  824.342432][ T5844] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  824.345415][T13491] EXT4-fs: Ignoring removed bh option
[  824.357526][ T1330] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  824.403144][T13493] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2377'.
[  824.421509][ T1330] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  824.465226][ T1330] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  824.564245][T13497] loop7: detected capacity change from 0 to 1024
[  824.597704][T13500] binder: 13492:13500 ioctl c00c620f 2000000000c0 returned -22
[  824.627330][T11678] Bluetooth: hci0: command tx timeout
[  824.628923][T13491] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  825.879976][T13510] hfsplus: found bad thread record in catalog
[  825.895550][T13510] hfsplus: found bad thread record in catalog
[  826.093314][T13509] hfsplus: xattr searching failed
[  826.368465][   T30] audit: type=1804 audit(1763171951.660:70): pid=13509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2379" name="/newroot/67/file0/bus" dev="loop7" ino=26 res=1 errno=0
[  826.702005][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  826.705419][   T30] audit: type=1800 audit(1763171952.000:71): pid=13509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2379" name="bus" dev="loop7" ino=26 res=0 errno=0
[  827.067412][ T6158] hfsplus: b-tree write err: -5, ino 4
[  827.096834][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.104238][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.143298][T11568] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  827.198212][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.206041][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.217190][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.224612][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.273570][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.475454][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.598004][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  827.713760][ T5906] hid-generic 0003:0003:0000.0015: unknown main item tag 0x0
[  827.915220][ T5906] hid-generic 0003:0003:0000.0015: hidraw0: USB HID v0.00 Device [syz1] on syz1
[  827.920164][T11916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.006753][T11916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.016736][    T9] usb 3-1: device descriptor read/64, error -71
[  828.172469][ T6158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.194813][ T6158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.267071][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  828.311962][T13524] fido_id[13524]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  828.346994][ T5906] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  828.476810][    T9] usb 3-1: device descriptor read/64, error -71
[  828.533191][ T5906] usb 7-1: Using ep0 maxpacket: 16
[  828.562962][ T5906] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  828.585820][ T5906] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  828.613323][    T9] usb usb3-port1: attempt power cycle
[  829.584344][ T5906] usb 7-1: config 0 interface 0 has no altsetting 0
[  829.593499][ T5906] usb 7-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  829.624283][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.034496][ T5906] usb 7-1: config 0 descriptor??
[  830.066828][    T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  830.087553][    T9] usb 3-1: device descriptor read/8, error -71
[  830.097664][T13542] fuse: Bad value for 'group_id'
[  830.102620][T13542] fuse: Bad value for 'group_id'
[  830.118512][T13539] loop8: detected capacity change from 0 to 4096
[  830.347125][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  830.387407][T13522] loop7: detected capacity change from 0 to 32768
[  830.415805][    T9] usb 3-1: device descriptor read/8, error -71
[  830.452002][T13546] loop1: detected capacity change from 0 to 128
[  830.461075][T13522] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2380 (13522)
[  830.496338][T13539] EXT4-fs (loop8): Test dummy encryption mode enabled
[  830.503271][    C0] raw-gadget.1 gadget.6: ignoring, device is not running
[  830.523196][ T5906] usbhid 7-1:0.0: can't add hid device: -71
[  831.216845][    T9] usb usb3-port1: unable to enumerate USB device
[  831.234083][ T5906] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  831.295476][ T5906] usb 7-1: USB disconnect, device number 5
[  831.310733][T13539] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  831.329315][T13546] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  831.382882][T13522] BTRFS error (device loop7): open_ctree failed: -4
[  831.475846][T13546] ext4 filesystem being mounted at /368/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  831.729976][T13555] loop0: detected capacity change from 0 to 128
[  833.050183][T13555] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  833.273746][T13555] ext4 filesystem being mounted at /439/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  833.701817][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  833.829380][T13555] fscrypt: loop0: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  833.876341][T13005] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  833.910417][T13573] loop6: detected capacity change from 0 to 128
[  834.152411][ T5844] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  837.596755][    T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  838.317796][ T5906] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  838.578349][T13607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2405'.
[  838.639248][T13607] binder: 13606:13607 ioctl c00c620f 2000000000c0 returned -22
[  838.660325][    T9] usb 1-1: no configurations
[  838.665375][    T9] usb 1-1: can't read configurations, error -22
[  838.736700][ T5906] usb 9-1: Using ep0 maxpacket: 16
[  838.823167][ T5906] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  838.872516][T13611] loop1: detected capacity change from 0 to 128
[  838.893595][    T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  839.034257][ T5906] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  839.250957][    T9] usb 1-1: no configurations
[  839.255599][    T9] usb 1-1: can't read configurations, error -22
[  839.285370][T13611] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  839.298263][ T5906] usb 9-1: config 0 interface 0 has no altsetting 0
[  839.304910][ T5906] usb 9-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  839.360208][    T9] usb usb1-port1: attempt power cycle
[  839.389533][T13611] ext4 filesystem being mounted at /372/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  839.410220][ T5906] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  839.490256][ T5906] usb 9-1: config 0 descriptor??
[  839.727624][    T9] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  840.087769][    T9] usb 1-1: no configurations
[  840.204815][    T9] usb 1-1: can't read configurations, error -22
[  840.316238][ T5906] usbhid 9-1:0.0: can't add hid device: -71
[  840.457608][    T9] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  840.687304][ T5906] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  840.742926][    T9] usb 1-1: device descriptor read/8, error -71
[  840.794650][ T5906] usb 9-1: USB disconnect, device number 2
[  840.845109][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  840.888257][    T9] usb usb1-port1: unable to enumerate USB device
[  841.154459][ T6158] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.642769][ T6158] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.846274][ T6158] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.330164][ T6158] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.352788][T13651] loop1: detected capacity change from 0 to 1024
[  842.380520][T13651] EXT4-fs: Ignoring removed oldalloc option
[  842.432573][T13651] EXT4-fs: Ignoring removed bh option
[  843.007045][T13657] lo speed is unknown, defaulting to 1000
[  843.273756][T13651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  844.230475][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  844.776238][T11569] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  844.792636][T11569] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  844.802762][T11569] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  844.816984][T11569] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  844.825392][T11569] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  844.901656][T13671] loop7: detected capacity change from 0 to 512
[  844.997660][T13671] EXT4-fs (loop7): blocks per group (95) and clusters per group (32768) inconsistent
[  845.435435][T13669] lo speed is unknown, defaulting to 1000
[  845.447532][T13674] loop2: detected capacity change from 0 to 1024
[  846.025589][T13682] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  846.216902][ T1826] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  846.227137][T13682] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  846.292670][ T6158] bridge_slave_1: left allmulticast mode
[  846.319743][ T6158] bridge_slave_1: left promiscuous mode
[  846.325613][ T6158] bridge0: port 2(bridge_slave_1) entered disabled state
[  846.554740][ T6158] bridge_slave_0: left allmulticast mode
[  846.561041][ T6158] bridge_slave_0: left promiscuous mode
[  846.569336][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state
[  847.025217][T11678] Bluetooth: hci4: command tx timeout
[  847.041300][   T30] audit: type=1804 audit(1763171972.930:72): pid=13688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2423" name="/newroot/409/file0/bus" dev="loop2" ino=26 res=1 errno=0
[  847.072612][ T1826] usb 2-1: no configurations
[  847.081635][ T1826] usb 2-1: can't read configurations, error -22
[  847.092198][T13689] hfsplus: found bad thread record in catalog
[  847.156058][   T30] audit: type=1800 audit(1763171973.010:73): pid=13688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2423" name="bus" dev="loop2" ino=26 res=0 errno=0
[  847.289781][ T1826] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  847.387475][   T12] hfsplus: b-tree write err: -5, ino 4
[  847.497063][ T1826] usb 2-1: no configurations
[  847.501853][ T1826] usb 2-1: can't read configurations, error -22
[  847.520257][ T1826] usb usb2-port1: attempt power cycle
[  847.886893][ T1826] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  847.925248][ T1826] usb 2-1: no configurations
[  847.930276][ T1826] usb 2-1: can't read configurations, error -22
[  848.594181][T13699] ceph: No mds server is up or the cluster is laggy
[  848.603701][T11994] libceph: connect (1)[c::]:6789 error -101
[  848.629619][T11994] libceph: mon0 (1)[c::]:6789 connect error
[  849.132451][T11678] Bluetooth: hci4: command tx timeout
[  849.750798][T13710] loop8: detected capacity change from 0 to 4096
[  849.927114][ T5984] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  850.623754][ T6158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  850.638329][ T6158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  850.650144][ T6158] bond0 (unregistering): Released all slaves
[  850.744137][T13697] sit0: entered promiscuous mode
[  850.786750][ T5984] usb 1-1: Using ep0 maxpacket: 8
[  850.800874][ T5984] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  850.851693][ T5984] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  850.867594][T13697] netlink: 'syz.2.2427': attribute type 1 has an invalid length.
[  850.897774][T13697] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2427'.
[  850.904321][ T5984] usb 1-1: config 1 has no interface number 1
[  850.916201][ T5984] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  850.954012][ T5984] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  850.968121][ T5984] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  850.996740][ T5984] usb 1-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  851.186905][T11678] Bluetooth: hci4: command tx timeout
[  853.266799][T11678] Bluetooth: hci4: command tx timeout
[  853.417375][T13727] atomic_op ffff888078afb198 conn xmit_atomic 0000000000000000
[  853.685551][ T5984] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  853.929177][ T5984] usb 1-1: USB disconnect, device number 60
[  854.030151][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  854.375640][T13750] loop0: detected capacity change from 0 to 256
[  854.382173][T13749] loop8: detected capacity change from 0 to 128
[  854.396169][T13753] loop1: detected capacity change from 0 to 1024
[  854.433839][T13749] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  854.460433][T13730] syzkaller0: entered promiscuous mode
[  854.465937][T13730] syzkaller0: entered allmulticast mode
[  854.490758][T13749] ext4 filesystem being mounted at /7/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  854.518996][T13750] FAT-fs (loop0): Directory bread(block 64) failed
[  854.562908][T13750] FAT-fs (loop0): Directory bread(block 65) failed
[  854.607063][T13750] FAT-fs (loop0): Directory bread(block 66) failed
[  854.637060][T13750] FAT-fs (loop0): Directory bread(block 67) failed
[  854.654000][T13750] FAT-fs (loop0): Directory bread(block 68) failed
[  854.675240][T13750] FAT-fs (loop0): Directory bread(block 69) failed
[  854.749340][T13750] FAT-fs (loop0): Directory bread(block 70) failed
[  854.776854][T13750] FAT-fs (loop0): Directory bread(block 71) failed
[  854.783508][T13750] FAT-fs (loop0): Directory bread(block 72) failed
[  854.817513][T13750] FAT-fs (loop0): Directory bread(block 73) failed
[  855.041929][   T30] audit: type=1804 audit(1763171980.930:74): pid=13760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2439" name="/newroot/380/file0/bus" dev="loop1" ino=26 res=1 errno=0
[  855.077538][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  855.154312][T13761] hfsplus: found bad thread record in catalog
[  855.653165][   T30] audit: type=1800 audit(1763171981.130:75): pid=13760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2439" name="bus" dev="loop1" ino=26 res=0 errno=0
[  855.688022][ T6348] hfsplus: b-tree write err: -5, ino 4
[  856.397298][T13767] loop8: detected capacity change from 0 to 128
[  856.435128][T13770] loop7: detected capacity change from 0 to 128
[  856.446138][T13767] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  856.602461][T13767] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  857.079773][T13770] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  857.127136][T13770] ext4 filesystem being mounted at /77/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  857.359320][ T6158] hsr_slave_0: left promiscuous mode
[  857.530621][ T6158] hsr_slave_1: left promiscuous mode
[  857.876273][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  858.160914][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_0
[  858.415539][ T6158] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  859.246731][ T6158] batman_adv: batadv0: Removing interface: batadv_slave_1
[  859.446773][ T6158] veth1_macvtap: left promiscuous mode
[  859.452357][ T6158] veth0_macvtap: left promiscuous mode
[  859.465288][ T6158] veth1_vlan: left promiscuous mode
[  859.474969][ T6158] veth0_vlan: left promiscuous mode
[  859.499225][T11673] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  859.542847][T13792] loop2: detected capacity change from 0 to 4096
[  859.583876][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  860.197137][ T5984] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  860.448211][ T5984] usb 2-1: Using ep0 maxpacket: 16
[  860.469662][ T5984] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  860.518052][ T5984] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  860.531382][ T5984] usb 2-1: Product: syz
[  860.535583][ T5984] usb 2-1: Manufacturer: syz
[  860.546688][ T5984] usb 2-1: SerialNumber: syz
[  860.578067][ T5984] usb 2-1: config 0 descriptor??
[  862.537508][T13820] input: syz0 as /devices/virtual/input/input15
[  862.586555][T13820] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input16
[  862.977346][ T5984] usb 2-1: USB disconnect, device number 46
[  863.726997][T13830] loop1: detected capacity change from 0 to 128
[  864.088301][T13836] loop2: detected capacity change from 0 to 128
[  864.156286][T13830] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  864.349180][T13830] ext4 filesystem being mounted at /384/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  865.302126][T13836] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  865.441579][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  865.463198][T13836] ext4 filesystem being mounted at /417/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  865.738014][T13843] loop0: detected capacity change from 0 to 1024
[  865.838532][T13843] EXT4-fs: Ignoring removed oldalloc option
[  865.963487][T13843] EXT4-fs: Ignoring removed bh option
[  866.220826][T13849] loop7: detected capacity change from 0 to 512
[  866.301474][T13843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  866.345629][T13849] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  866.381244][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  866.390355][T13849] ext4 filesystem being mounted at /80/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  866.516833][T13849] EXT4-fs error (device loop7): ext4_ext_check_inode:523: inode #2: comm syz.7.2465: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  866.698591][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  866.712081][T11673] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  866.723038][ T6158] team0 (unregistering): Port device team_slave_1 removed
[  866.814990][ T6158] team0 (unregistering): Port device team_slave_0 removed
[  868.896872][   T24] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  868.967032][ T5926] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  869.088298][   T24] usb 3-1: Using ep0 maxpacket: 32
[  869.136823][ T5926] usb 1-1: Using ep0 maxpacket: 8
[  869.150998][   T24] usb 3-1: config 0 has no interfaces?
[  869.163955][ T5926] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  869.191563][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=817a, bcdDevice=eb.19
[  869.208629][ T5926] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  869.225480][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.253717][ T5926] usb 1-1: config 1 has no interface number 1
[  869.278466][   T24] usb 3-1: Product: syz
[  869.284414][   T24] usb 3-1: Manufacturer: syz
[  869.295812][ T5926] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  869.315033][   T24] usb 3-1: SerialNumber: syz
[  869.401800][ T5926] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  869.424403][   T24] usb 3-1: config 0 descriptor??
[  869.480296][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.552568][ T5926] usb 1-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  869.594387][ T5926] usb 1-1: SerialNumber: כּ遊帀푍렷Ꙛ倄ꚺច㥑᭢貊ے腆⍇쩂谝Ĝ䓇᷉음䨐᜿쮡䵙⯱㸈荏ಯᖵ뚤톜אָ讗暢잶漟寲柪勷코檪
[  869.731584][   T24] usb 3-1: USB disconnect, device number 36
[  869.903406][T13877] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  869.903406][T13877] The task syz.7.2473 (13877) triggered the difference, watch for misbehavior.
[  869.960389][ T5926] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  870.007618][ T5926] usb 1-1: USB disconnect, device number 61
[  870.022508][T13878] loop7: detected capacity change from 0 to 512
[  870.486959][T13669] chnl_net:caif_netlink_parms(): no params data found
[  870.908296][T13894] loop0: detected capacity change from 0 to 128
[  871.734512][T13894] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  872.002695][T13894] ext4 filesystem being mounted at /458/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  872.557909][T13669] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.895988][T13669] bridge0: port 1(bridge_slave_0) entered disabled state
[  872.960586][T13669] bridge_slave_0: entered allmulticast mode
[  873.130638][T13669] bridge_slave_0: entered promiscuous mode
[  873.185590][T13669] bridge0: port 2(bridge_slave_1) entered blocking state
[  873.222299][T13669] bridge0: port 2(bridge_slave_1) entered disabled state
[  873.232693][ T5844] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  873.531004][T13669] bridge_slave_1: entered allmulticast mode
[  873.542314][T13669] bridge_slave_1: entered promiscuous mode
[  875.259473][T13936] overlayfs: failed to resolve './file0': -2
[  876.779256][T13669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  876.856982][T13669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  877.006757][   T43] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  877.089935][T13669] team0: Port device team_slave_0 added
[  877.124736][T13669] team0: Port device team_slave_1 added
[  877.131722][ T6158] IPVS: stop unused estimator thread 0...
[  877.187996][   T43] usb 3-1: Using ep0 maxpacket: 8
[  877.193583][   T43] usb 3-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=92.0d
[  877.193627][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.193663][   T43] usb 3-1: Product: syz
[  877.193690][   T43] usb 3-1: Manufacturer: syz
[  877.193717][   T43] usb 3-1: SerialNumber: syz
[  877.197108][   T43] usb 3-1: config 0 descriptor??
[  877.286812][T13669] batman_adv: batadv0: Adding interface: batadv_slave_0
[  877.317112][ T5938] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  877.344256][T13669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  877.344311][T13669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  877.358241][T13669] batman_adv: batadv0: Adding interface: batadv_slave_1
[  877.358266][T13669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  877.358314][T13669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  877.417278][   T43] usb 3-1: USB disconnect, device number 37
[  877.476821][ T5938] usb 9-1: Using ep0 maxpacket: 8
[  877.478856][ T5938] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  877.478894][ T5938] usb 9-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  877.478934][ T5938] usb 9-1: config 1 has no interface number 1
[  877.478994][ T5938] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  877.481699][ T5938] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  877.481742][ T5938] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.481779][ T5938] usb 9-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  877.481809][ T5938] usb 9-1: SerialNumber: כּ遊帀푍렷Ꙛ倄ꚺច㥑᭢貊ے腆⍇쩂谝Ĝ䓇᷉음䨐᜿쮡䵙⯱㸈荏ಯᖵ뚤톜אָ讗暢잶漟寲柪勷코檪
[  877.553825][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.619357][T13669] hsr_slave_0: entered promiscuous mode
[  877.916562][T13669] hsr_slave_1: entered promiscuous mode
[  878.026952][T13669] debugfs: 'hsr0' already exists in 'hsr'
[  878.027012][T13669] Cannot create hsr debugfs directory
[  878.261239][ T5938] usb 9-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  878.311253][ T5938] usb 9-1: USB disconnect, device number 3
[  878.540092][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  879.247782][T13979] loop1: detected capacity change from 0 to 128
[  879.876194][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  879.894095][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  880.243874][T13979] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  880.257975][T13979] ext4 filesystem being mounted at /390/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  880.487407][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  881.521810][T13669] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  881.588438][T13669] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  881.647940][T13669] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  881.907064][T13669] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  883.292323][T13669] 8021q: adding VLAN 0 to HW filter on device bond0
[  883.794455][T14036] loop2: detected capacity change from 0 to 764
[  883.853345][T13669] 8021q: adding VLAN 0 to HW filter on device team0
[  883.929446][ T6157] bridge0: port 1(bridge_slave_0) entered blocking state
[  883.936594][ T6157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  883.953864][ T6157] bridge0: port 2(bridge_slave_1) entered blocking state
[  883.961061][ T6157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  883.986319][T14036] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  884.085287][T13669] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  884.137665][T13669] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  884.201325][T14039] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2508'.
[  885.914596][T13669] 8021q: adding VLAN 0 to HW filter on device batadv0
[  890.910510][T13669] veth0_vlan: entered promiscuous mode
[  891.614117][T13669] veth1_vlan: entered promiscuous mode
[  891.753742][T13669] veth0_macvtap: entered promiscuous mode
[  891.788226][T13669] veth1_macvtap: entered promiscuous mode
[  891.880806][T13669] batman_adv: batadv0: Interface activated: batadv_slave_0
[  891.964621][T13669] batman_adv: batadv0: Interface activated: batadv_slave_1
[  892.093976][ T5973] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  892.156052][ T5973] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  892.221977][ T5973] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  892.327196][ T5973] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  892.452943][T14116] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2523'.
[  892.518534][T14121] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2523'.
[  892.777175][   T24] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  893.217516][   T24] usb 1-1: Using ep0 maxpacket: 32
[  893.245261][   T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  893.298404][   T24] usb 1-1: config 0 has no interface number 0
[  893.357324][   T24] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=2c.d8
[  893.367417][   T24] usb 1-1: New USB device strings: Mfr=193, Product=2, SerialNumber=3
[  893.375616][   T24] usb 1-1: Product: syz
[  893.381156][   T24] usb 1-1: Manufacturer: syz
[  893.385946][   T24] usb 1-1: SerialNumber: syz
[  893.417330][   T24] usb 1-1: config 0 descriptor??
[  893.707827][   T24] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  893.903681][ T6347] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  893.937223][   T24] usb 1-1: selecting invalid altsetting 1
[  893.943003][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  893.962519][ T6347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  894.045601][   T24] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  894.107168][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  894.147019][   T24] usb 1-1: media controller created
[  894.199206][ T6347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.219258][T14134] loop1: detected capacity change from 0 to 1024
[  894.240889][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  894.251018][ T6347] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  894.252388][T14134] EXT4-fs: Ignoring removed oldalloc option
[  894.304358][T14134] EXT4-fs: Ignoring removed bh option
[  894.338699][T14139] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2530'.
[  894.362284][   T24] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  894.379377][   T24] zl10353_read_register: readreg error (reg=127, ret==-32)
[  894.390543][T14134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  894.404484][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  894.436860][   T43] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  894.590493][   T24] usb 1-1: USB disconnect, device number 62
[  894.607142][   T43] usb 9-1: Using ep0 maxpacket: 8
[  894.647104][   T43] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  894.673269][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  894.677787][   T43] usb 9-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  894.691771][   T43] usb 9-1: config 1 has no interface number 1
[  894.700808][   T43] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  894.733662][   T43] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  894.748690][   T43] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.842222][   T43] usb 9-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  894.873754][T14147] loop7: detected capacity change from 0 to 2048
[  894.925988][T14122] loop2: detected capacity change from 0 to 32768
[  894.967073][T14147] NILFS (loop7): invalid segment: Inconsistency found
[  894.974003][T14147] NILFS (loop7): trying rollback from an earlier position
[  895.720218][    C1] raw-gadget.1 gadget.8: ignoring, device is not running
[  895.750910][T14147] NILFS (loop7): recovery complete
[  895.787816][T14122] JBD2: journal reset failed
[  895.800048][T14155] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  895.836767][T14122] (syz.2.2524,14122,0):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  895.892119][   T43] usb 9-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  895.899869][T14122] (syz.2.2524,14122,0):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4
[  896.038135][   T43] usb 9-1: USB disconnect, device number 4
[  896.096854][T14147] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  896.865599][T14168] xt_socket: unknown flags 0x50
[  896.874270][T14168] overlayfs: missing 'lowerdir'
[  896.978118][T14170] loop1: detected capacity change from 0 to 512
[  897.613421][T14176] loop8: detected capacity change from 0 to 512
[  897.830582][T14176] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  897.862936][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  898.684643][T11678] Bluetooth: hci2: unknown advertising packet type: 0x70
[  899.670775][T14196] loop2: detected capacity change from 0 to 128
[  899.748574][T14199] netlink: 'syz.0.2542': attribute type 39 has an invalid length.
[  900.110576][T14195] loop1: detected capacity change from 0 to 40427
[  900.126005][T14195] F2FS-fs (loop1): invalid crc value
[  900.210394][T14195] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  900.221280][T14195] F2FS-fs (loop1): Start checkpoint disabled!
[  900.235774][T14195] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  900.326921][T14195] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  900.724812][T14196] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  901.002353][T14196] ext4 filesystem being mounted at /435/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  902.308442][T11569] Bluetooth: hci1: command 0x0406 tx timeout
[  902.872406][T14208] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2543'.
[  903.478890][T14199] syz_tun (unregistering): left allmulticast mode
[  903.565922][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  903.690989][   T36] kworker/u8:2: attempt to access beyond end of device
[  903.690989][   T36] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  903.929370][ T6157] kworker/u8:10: attempt to access beyond end of device
[  903.929370][ T6157] loop1: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  903.962303][ T6157] CPU: 1 UID: 0 PID: 6157 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  903.962358][ T6157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  903.962382][ T6157] Workqueue: writeback wb_workfn (flush-7:1)
[  903.962442][ T6157] Call Trace:
[  903.962454][ T6157]  <TASK>
[  903.962467][ T6157]  dump_stack_lvl+0x16c/0x1f0
[  903.962520][ T6157]  f2fs_handle_critical_error+0x624/0x9f0
[  903.962564][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.962608][ T6157]  ? f2fs_build_fault_attr+0x53/0x1f0
[  903.962680][ T6157]  f2fs_write_end_io+0x958/0xcf0
[  903.962730][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  903.962781][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.962837][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  903.962880][ T6157]  bio_endio+0x713/0x860
[  903.962935][ T6157]  submit_bio_noacct+0x306/0x1f60
[  903.962989][ T6157]  __submit_merged_bio+0x33c/0x770
[  903.963040][ T6157]  __submit_merged_write_cond+0x319/0x3f0
[  903.963099][ T6157]  f2fs_write_cache_pages+0x2067/0x2570
[  903.963191][ T6157]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  903.963245][ T6157]  ? __kernel_text_address+0xd/0x40
[  903.963285][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963329][ T6157]  ? unwind_get_return_address+0x59/0xa0
[  903.963372][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963415][ T6157]  ? arch_stack_walk+0x88/0x100
[  903.963471][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963615][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963659][ T6157]  ? lockdep_hardirqs_on+0x7c/0x110
[  903.963706][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963755][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963807][ T6157]  f2fs_write_data_pages+0x4ad/0xd90
[  903.963870][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  903.963936][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.963984][ T6157]  ? __lock_acquire+0xb8a/0x1c90
[  903.964044][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  903.964098][ T6157]  do_writepages+0x27a/0x600
[  903.964151][ T6157]  ? __pfx_do_writepages+0x10/0x10
[  903.964185][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.964228][ T6157]  ? reacquire_held_locks+0xcd/0x1f0
[  903.964286][ T6157]  ? writeback_sb_inodes+0x3b0/0xfa0
[  903.964341][ T6157]  __writeback_single_inode+0x160/0xfb0
[  903.964392][ T6157]  ? __pfx___writeback_single_inode+0x10/0x10
[  903.964438][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.964481][ T6157]  ? do_raw_spin_unlock+0x172/0x230
[  903.964523][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.964576][ T6157]  writeback_sb_inodes+0x60d/0xfa0
[  903.964650][ T6157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  903.964776][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.964820][ T6157]  ? rcu_is_watching+0x12/0xc0
[  903.964868][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.964912][ T6157]  ? queue_io+0x3f6/0x520
[  903.964958][ T6157]  wb_writeback+0x419/0xb70
[  903.965025][ T6157]  ? __pfx_wb_writeback+0x10/0x10
[  903.965068][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965134][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965178][ T6157]  ? mark_held_locks+0x49/0x80
[  903.965246][ T6157]  wb_workfn+0x14d/0xbe0
[  903.965300][ T6157]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  903.965354][ T6157]  ? __pfx_wb_workfn+0x10/0x10
[  903.965406][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965456][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965505][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965549][ T6157]  ? rcu_is_watching+0x12/0xc0
[  903.965606][ T6157]  process_one_work+0x9cf/0x1b70
[  903.965670][ T6157]  ? __pfx_process_one_work+0x10/0x10
[  903.965712][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965769][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965812][ T6157]  ? assign_work+0x1a0/0x250
[  903.965855][ T6157]  worker_thread+0x6c8/0xf10
[  903.965908][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965954][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.965997][ T6157]  ? __kthread_parkme+0x19e/0x250
[  903.966049][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.966097][ T6157]  ? __pfx_worker_thread+0x10/0x10
[  903.966144][ T6157]  kthread+0x3c5/0x780
[  903.966183][ T6157]  ? __pfx_kthread+0x10/0x10
[  903.966223][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  903.966266][ T6157]  ? rcu_is_watching+0x12/0xc0
[  903.966314][ T6157]  ? __pfx_kthread+0x10/0x10
[  903.966354][ T6157]  ret_from_fork+0x675/0x7d0
[  903.966385][ T6157]  ? __pfx_kthread+0x10/0x10
[  903.966423][ T6157]  ret_from_fork_asm+0x1a/0x30
[  903.966507][ T6157]  </TASK>
[  904.413634][ T6157] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  904.420745][ T6157] CPU: 0 UID: 0 PID: 6157 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  904.420792][ T6157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  904.420816][ T6157] Workqueue: writeback wb_workfn (flush-7:1)
[  904.420874][ T6157] Call Trace:
[  904.420885][ T6157]  <TASK>
[  904.420898][ T6157]  dump_stack_lvl+0x16c/0x1f0
[  904.420947][ T6157]  f2fs_handle_critical_error+0x624/0x9f0
[  904.420990][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.421034][ T6157]  ? f2fs_build_fault_attr+0x53/0x1f0
[  904.421103][ T6157]  f2fs_write_end_io+0x958/0xcf0
[  904.421151][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  904.421200][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.421253][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  904.421295][ T6157]  bio_endio+0x713/0x860
[  904.421349][ T6157]  submit_bio_noacct+0x306/0x1f60
[  904.421404][ T6157]  __submit_merged_bio+0x33c/0x770
[  904.421454][ T6157]  __submit_merged_write_cond+0x319/0x3f0
[  904.421510][ T6157]  f2fs_write_cache_pages+0x2067/0x2570
[  904.421589][ T6157]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  904.421641][ T6157]  ? __kernel_text_address+0xd/0x40
[  904.421681][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.421724][ T6157]  ? unwind_get_return_address+0x59/0xa0
[  904.421767][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.421814][ T6157]  ? arch_stack_walk+0x88/0x100
[  904.421867][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.421994][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422038][ T6157]  ? lockdep_hardirqs_on+0x7c/0x110
[  904.422084][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422132][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422183][ T6157]  f2fs_write_data_pages+0x4ad/0xd90
[  904.422242][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  904.422304][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422346][ T6157]  ? __lock_acquire+0xb8a/0x1c90
[  904.422415][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  904.422468][ T6157]  do_writepages+0x27a/0x600
[  904.422512][ T6157]  ? __pfx_do_writepages+0x10/0x10
[  904.422546][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422588][ T6157]  ? reacquire_held_locks+0xcd/0x1f0
[  904.422645][ T6157]  ? writeback_sb_inodes+0x3b0/0xfa0
[  904.422697][ T6157]  __writeback_single_inode+0x160/0xfb0
[  904.422748][ T6157]  ? __pfx___writeback_single_inode+0x10/0x10
[  904.422794][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422836][ T6157]  ? do_raw_spin_unlock+0x172/0x230
[  904.422877][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.422928][ T6157]  writeback_sb_inodes+0x60d/0xfa0
[  904.422996][ T6157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  904.423109][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423157][ T6157]  ? rcu_is_watching+0x12/0xc0
[  904.423204][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423247][ T6157]  ? queue_io+0x3f6/0x520
[  904.423291][ T6157]  wb_writeback+0x419/0xb70
[  904.423348][ T6157]  ? __pfx_wb_writeback+0x10/0x10
[  904.423397][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423453][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423496][ T6157]  ? mark_held_locks+0x49/0x80
[  904.423561][ T6157]  wb_workfn+0x14d/0xbe0
[  904.423615][ T6157]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  904.423662][ T6157]  ? __pfx_wb_workfn+0x10/0x10
[  904.423713][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423761][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423809][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.423852][ T6157]  ? rcu_is_watching+0x12/0xc0
[  904.423907][ T6157]  process_one_work+0x9cf/0x1b70
[  904.423967][ T6157]  ? __pfx_process_one_work+0x10/0x10
[  904.424008][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424062][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424106][ T6157]  ? assign_work+0x1a0/0x250
[  904.424146][ T6157]  worker_thread+0x6c8/0xf10
[  904.424196][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424241][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424284][ T6157]  ? __kthread_parkme+0x19e/0x250
[  904.424336][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424389][ T6157]  ? __pfx_worker_thread+0x10/0x10
[  904.424429][ T6157]  kthread+0x3c5/0x780
[  904.424466][ T6157]  ? __pfx_kthread+0x10/0x10
[  904.424504][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[  904.424547][ T6157]  ? rcu_is_watching+0x12/0xc0
[  904.424593][ T6157]  ? __pfx_kthread+0x10/0x10
[  904.424632][ T6157]  ret_from_fork+0x675/0x7d0
[  904.424662][ T6157]  ? __pfx_kthread+0x10/0x10
[  904.424698][ T6157]  ret_from_fork_asm+0x1a/0x30
[  904.424774][ T6157]  </TASK>
[  904.425445][ T6157] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  906.032495][T14244] loop7: detected capacity change from 0 to 512
[  906.159273][T14243] loop0: detected capacity change from 0 to 4096
[  906.176878][    T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  906.346703][    T9] usb 10-1: Using ep0 maxpacket: 8
[  906.366167][    T9] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  906.427033][T14250] loop2: detected capacity change from 0 to 128
[  906.439203][    T9] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  906.596442][    T9] usb 10-1: config 1 has no interface number 1
[  906.639778][    T9] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  906.786396][T14252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'.
[  906.875399][T14250] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  906.944724][T14250] ext4 filesystem being mounted at /438/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  906.955366][    T9] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  907.023856][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.109482][    T9] usb 10-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  907.329441][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  907.402970][    T9] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  907.446780][   T24] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  907.528000][    T9] usb 10-1: USB disconnect, device number 2
[  907.628990][   T24] usb 9-1: Using ep0 maxpacket: 16
[  907.658068][   T24] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  907.681841][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  907.696754][   T24] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  907.699039][T14265] loop2: detected capacity change from 0 to 128
[  907.715027][T14266] loop0: detected capacity change from 0 to 1024
[  907.748947][   T24] usb 9-1: config 0 interface 0 has no altsetting 0
[  907.770338][   T24] usb 9-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  907.781314][T14266] EXT4-fs: Ignoring removed oldalloc option
[  907.794316][T14265] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  907.807764][T14266] EXT4-fs: Ignoring removed bh option
[  907.811065][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.840594][   T24] usb 9-1: config 0 descriptor??
[  907.866171][T14265] ext4 filesystem being mounted at /439/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  907.921196][T14266] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  908.214958][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  908.391029][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  908.506960][T14281] loop2: detected capacity change from 0 to 128
[  908.542922][   T24] usbhid 9-1:0.0: can't add hid device: -71
[  908.560170][   T24] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  908.602510][T14281] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  908.640027][   T24] usb 9-1: USB disconnect, device number 5
[  908.640142][T14281] ext4 filesystem being mounted at /440/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  908.755286][T14288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2562'.
[  909.016896][T11994] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  909.281555][T14292] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2562'.
[  909.382469][T14295] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2564'.
[  909.409950][T11994] usb 2-1: Using ep0 maxpacket: 32
[  909.420178][T11994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  909.449876][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  909.459272][T11994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  909.459338][T11994] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  909.459377][T11994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  909.512185][T11994] usb 2-1: config 0 descriptor??
[  910.422608][T11994] kone 0003:1E7D:2CED.0016: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0
[  910.552786][T14312] loop0: detected capacity change from 0 to 512
[  910.606285][T11994] kone 0003:1E7D:2CED.0016: couldn't init struct kone_device
[  910.615931][T11994] kone 0003:1E7D:2CED.0016: couldn't install mouse
[  910.714689][T11994] kone 0003:1E7D:2CED.0016: probe with driver kone failed with error -5
[  910.733193][T11994] usb 2-1: USB disconnect, device number 47
[  910.852896][ T5982] IPVS: starting estimator thread 0...
[  910.860946][T14317] fido_id[14317]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  911.006968][T14318] IPVS: using max 28 ests per chain, 67200 per kthread
[  911.297830][T14324] loop8: detected capacity change from 0 to 128
[  911.426249][T14324] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  911.485759][T14324] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  911.558176][T14330] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2573'.
[  911.685014][T14330] binder: 14328:14330 ioctl c00c620f 2000000000c0 returned -22
[  911.711540][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  911.777018][T11994] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  912.926789][T11994] usb 10-1: Using ep0 maxpacket: 8
[  912.963854][T11994] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  912.990071][T11994] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  913.036732][T11994] usb 10-1: config 1 has no interface number 1
[  913.067078][T11994] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  913.085694][T14354] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2580'.
[  913.308708][T11994] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  913.386327][T11994] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.480080][T11994] usb 10-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ
[  913.537499][ T5926] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  914.355257][T11994] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  915.663939][ T5926] usb 3-1: Using ep0 maxpacket: 16
[  915.714320][T11994] usb 10-1: USB disconnect, device number 3
[  916.107184][ T5926] usb 3-1: device descriptor read/all, error -71
[  916.692621][T14375] loop8: detected capacity change from 0 to 512
[  917.310575][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  917.906462][T14378] netlink: 220 bytes leftover after parsing attributes in process `syz.0.2583'.
[  918.696100][T14386] loop9: detected capacity change from 0 to 1024
[  918.762740][T14386] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  918.815725][T14390] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2591'.
[  918.838365][T14386] [U] 00000
[  918.841929][T14386] [U] 
[  918.844657][T14386] [U] 
[  918.847383][T14386] [U] 
[  918.850117][T14386] [U] 
[  918.852845][T14386] [U] 
[  918.855574][T14386] [U] 
[  918.858306][T14386] [U] 
[  918.886956][T14386] [U] 
[  918.889678][T14386] [U] ��J�
��
[  918.893017][T14386] [U] m�&Fee�e0e���$N7�6�ЃQ`=l���v����06;ŊvZ�f���ix_>�(Y��8�d��1�/������|ɇo
[  918.903446][T14386] [U] ���~��M�(b�z�o��
[  918.918820][T14390] binder: 14389:14390 ioctl c00c620f 2000000000c0 returned -22
[  918.981441][T14388] loop1: detected capacity change from 0 to 4096
[  919.091582][T14384] [U] w��o�VVVVR'9�r��y6煜�9�弞�͜7r���f���Qˏ���s(�ɜgs^�9��Z��9��y#�[9o�\���ֽ
[  920.004184][T14400] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2594'.
[  921.252629][T14412] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2595'.
[  921.262717][T14412] unsupported nlmsg_type 40
[  922.057136][   T43] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  922.239453][T14422] loop8: detected capacity change from 0 to 512
[  922.277215][   T43] usb 3-1: Using ep0 maxpacket: 16
[  923.286382][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  923.511099][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  923.521990][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  923.529409][   T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  923.539772][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.743851][   T43] usb 3-1: config 0 descriptor??
[  925.280488][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  925.446459][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  925.939393][   T43] usb 3-1: USB disconnect, device number 40
[  927.291220][T14442] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2606'.
[  927.838953][T14444] loop2: detected capacity change from 0 to 1024
[  927.877174][T14444] EXT4-fs: Ignoring removed oldalloc option
[  927.884541][T14447] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2606'.
[  927.902332][T14444] EXT4-fs: Ignoring removed bh option
[  927.992866][T14444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  928.295860][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  928.878361][T14471] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2611'.
[  931.616227][T14488] loop1: detected capacity change from 0 to 128
[  931.714267][T14474] loop2: detected capacity change from 0 to 4096
[  931.730569][T14488] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  931.807057][T14488] ext4 filesystem being mounted at /412/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  933.369510][ T5837] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  933.421930][   T43] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  933.499155][T14506] loop9: detected capacity change from 0 to 4096
[  933.617679][   T43] usb 1-1: Using ep0 maxpacket: 16
[  933.654693][   T43] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  933.721423][   T43] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  933.775071][   T43] usb 1-1: config 0 interface 0 has no altsetting 0
[  933.813983][   T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  934.043097][T14515] loop1: detected capacity change from 0 to 1024
[  934.043595][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.247801][T14515] EXT4-fs: Ignoring removed oldalloc option
[  934.253873][T14515] EXT4-fs: Ignoring removed bh option
[  934.569378][T14520] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2621'.
[  934.864317][   T43] usb 1-1: config 0 descriptor??
[  934.955164][T14515] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  936.043077][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  936.334409][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  936.356967][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  937.493990][T14544] loop2: detected capacity change from 0 to 1024
[  937.627414][   T43] usb 1-1: USB disconnect, device number 63
[  938.485620][   T30] audit: type=1804 audit(1763172064.380:76): pid=14555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2633" name="/newroot/454/file0/bus" dev="loop2" ino=26 res=1 errno=0
[  938.600172][T14556] hfsplus: found bad thread record in catalog
[  938.612558][T14556] hfsplus: found bad thread record in catalog
[  938.811507][T14555] hfsplus: xattr searching failed
[  938.959870][   T30] audit: type=1800 audit(1763172064.720:77): pid=14555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2633" name="bus" dev="loop2" ino=26 res=0 errno=0
[  939.092750][T14562] loop8: detected capacity change from 0 to 128
[  939.149575][   T36] hfsplus: b-tree write err: -5, ino 4
[  939.209435][T14554] loop0: detected capacity change from 0 to 4096
[  939.220391][T14562] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  939.267211][T11994] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  939.299108][T14562] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  939.415425][T14567] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  939.437164][T11994] usb 2-1: Using ep0 maxpacket: 16
[  939.466931][T11994] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  939.484821][T11994] usb 2-1: config 0 has no interface number 0
[  939.485779][T14569] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2640'.
[  939.513033][T11994] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  939.598813][T11994] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  939.766245][T14570] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2640'.
[  939.830764][T11994] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  939.976887][T11994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.109842][T11994] usb 2-1: Product: syz
[  940.129157][T11994] usb 2-1: Manufacturer: syz
[  940.164649][T11994] usb 2-1: SerialNumber: syz
[  940.199775][T11994] usb 2-1: config 0 descriptor??
[  940.231546][T11994] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  940.352798][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  941.192268][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  941.199015][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  941.407634][ T5938] usb 2-1: USB disconnect, device number 48
[  941.426806][T11678] Bluetooth: hci0: command tx timeout
[  941.545258][T14588] loop7: detected capacity change from 0 to 64
[  942.176579][T14585] loop8: detected capacity change from 0 to 4096
[  942.256450][T14585] ntfs3(loop8): Different NTFS sector size (4096) and media sector size (512).
[  942.393655][T11673] VFS: Lookup of '�.' in minix loop7 would have caused loop
[  942.449658][T11673] VFS: Lookup of '�.' in minix loop7 would have caused loop
[  942.657181][T14599] loop2: detected capacity change from 0 to 512
[  943.506526][T14585] ntfs3(loop8): ino=3, ntfs_set_state failed, -22.
[  943.550961][T14585] ntfs3(loop8): Failed to initialize $Extend/$Reparse.
[  944.954957][ T6348] ntfs3(loop8): ino=3, ntfs3_write_inode failed, -22.
[  944.998867][T13005] ntfs3(loop8): ino=3, ntfs_set_state failed, -22.
[  945.005597][T13005] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  945.091019][T13005] ntfs3(loop8): ino=3, ntfs_set_state failed, -22.
[  945.115563][T14614] loop1: detected capacity change from 0 to 1024
[  945.120145][ T6347] ntfs3(loop8): ino=3, ntfs3_write_inode failed, -22.
[  945.534249][T14619] loop8: detected capacity change from 0 to 1024
[  945.819051][T14624] hfsplus: found bad thread record in catalog
[  945.834846][T14624] hfsplus: found bad thread record in catalog
[  946.447450][   T13] hfsplus: b-tree write err: -5, ino 4
[  947.118513][T14641] loop2: detected capacity change from 0 to 16
[  947.175095][T14641] erofs (device loop2): mounted with root inode @ nid 36.
[  947.175679][T14622] loop9: detected capacity change from 0 to 32768
[  947.404656][T14622] JBD2: Ignoring recovery information on journal
[  947.557422][   T30] audit: type=1400 audit(1763172073.450:78): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=14638 comm="syz.2.2660"
[  947.877248][T14622] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  949.200821][T13669] ocfs2: Unmounting device (7,9) on (node local)
[  949.801210][T14672] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2669'.
[  950.407493][T14665] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2669'.
[  950.532901][T14675] loop1: detected capacity change from 0 to 4096
[  950.694496][T14679] loop0: detected capacity change from 0 to 1024
[  950.848359][T11569] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  950.876526][T11569] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  950.894569][T11569] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  950.953009][T11569] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  951.032934][T11569] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  951.791008][T14683] lo speed is unknown, defaulting to 1000
[  951.905117][T14692] hfsplus: found bad thread record in catalog
[  951.919782][T14692] hfsplus: found bad thread record in catalog
[  952.425931][ T6347] hfsplus: b-tree write err: -5, ino 4
[  952.852034][T14698] loop0: detected capacity change from 0 to 1024
[  953.267257][T11678] Bluetooth: hci0: command tx timeout
[  953.630047][T14722] loop2: detected capacity change from 0 to 512
[  954.575388][T14683] chnl_net:caif_netlink_parms(): no params data found
[  954.925288][T11994] IPVS: starting estimator thread 0...
[  955.036976][T14731] IPVS: using max 21 ests per chain, 50400 per kthread
[  955.296540][T14737] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2683'.
[  955.386910][T11678] Bluetooth: hci0: command tx timeout
[  957.427033][T11678] Bluetooth: hci0: command tx timeout
[  957.769001][T14748] fuse: Bad value for 'fd'
[  959.255773][T14756] loop1: detected capacity change from 0 to 16
[  959.317420][T14756] erofs (device loop1): mounted with root inode @ nid 36.
[  959.506955][T11678] Bluetooth: hci0: command tx timeout
[  959.616110][   T30] audit: type=1400 audit(1763172085.510:79): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=14755 comm="syz.1.2688"
[  959.781581][T14683] bridge0: port 1(bridge_slave_0) entered blocking state
[  959.808208][T14683] bridge0: port 1(bridge_slave_0) entered disabled state
[  959.890981][T14683] bridge_slave_0: entered allmulticast mode
[  960.407973][T14683] bridge_slave_0: entered promiscuous mode
[  960.660431][T14683] bridge0: port 2(bridge_slave_1) entered blocking state
[  961.196854][T14683] bridge0: port 2(bridge_slave_1) entered disabled state
[  961.206441][T14683] bridge_slave_1: entered allmulticast mode
[  961.238031][T14683] bridge_slave_1: entered promiscuous mode
[  961.479447][T14773] loop0: detected capacity change from 0 to 128
[  961.652326][T14785] loop9: detected capacity change from 0 to 512
[  961.744674][T14787] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2695'.
[  961.918079][T14683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  961.931528][T14773] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  962.080491][T14788] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2695'.
[  962.163903][T14773] ext4 filesystem being mounted at /495/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  962.487128][T14683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  963.001466][T14796] fuse: Invalid rootmode
[  963.702298][T14683] team0: Port device team_slave_0 added
[  963.769485][T14683] team0: Port device team_slave_1 added
[  964.112717][T14683] batman_adv: batadv0: Adding interface: batadv_slave_0
[  964.122156][ T5844] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  964.143695][T14683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  964.169691][    C0] vkms_vblank_simulate: vblank timer overrun
[  964.236693][T14683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  964.272173][T14683] batman_adv: batadv0: Adding interface: batadv_slave_1
[  964.316682][T14683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  964.343167][    C0] vkms_vblank_simulate: vblank timer overrun
[  964.445927][T14683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  964.642651][T14683] hsr_slave_0: entered promiscuous mode
[  964.648505][ T5906] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  964.726772][T14683] hsr_slave_1: entered promiscuous mode
[  964.845187][T14683] debugfs: 'hsr0' already exists in 'hsr'
[  964.930655][T14683] Cannot create hsr debugfs directory
[  964.951936][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  965.276750][ T5906] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  965.310133][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  965.346829][ T5906] usb 1-1: Product: syz
[  965.356702][ T5906] usb 1-1: Manufacturer: syz
[  965.391304][ T5906] usb 1-1: SerialNumber: syz
[  965.425895][ T5906] usb 1-1: config 0 descriptor??
[  965.870407][ T5984] usb 1-1: USB disconnect, device number 64
[  965.969514][T14811] loop1: detected capacity change from 0 to 32768
[  966.032716][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  966.212626][T14811] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  966.549518][ T5837] (syz-executor,5837,0):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[  966.822401][ T5837] ocfs2: Unmounting device (7,1) on (node local)
[  966.833457][T14829] loop2: detected capacity change from 0 to 4096
[  967.276715][T14841] fuse: Invalid rootmode
[  967.677669][T14845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2710'.
[  970.763446][T14683] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  970.843033][T14683] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  970.958823][T14683] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  971.073697][T14683] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  971.093904][T14893] fuse: Invalid rootmode
[  973.613209][T14683] 8021q: adding VLAN 0 to HW filter on device bond0
[  973.843109][T14683] 8021q: adding VLAN 0 to HW filter on device team0
[  974.642290][ T6157] bridge0: port 1(bridge_slave_0) entered blocking state
[  974.649529][ T6157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  974.779448][ T6157] bridge0: port 2(bridge_slave_1) entered blocking state
[  974.786747][ T6157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  975.373149][T14917] loop9: detected capacity change from 0 to 1024
[  975.422665][T14917] EXT4-fs: Ignoring removed oldalloc option
[  975.481342][T14917] EXT4-fs: Ignoring removed bh option
[  975.556424][T14917] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  976.016757][T13669] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  977.101251][T14942] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  977.564278][T14948] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2734'.
[  978.080231][T14683] 8021q: adding VLAN 0 to HW filter on device batadv0
[  979.061514][T14683] veth0_vlan: entered promiscuous mode
[  979.367994][T14683] veth1_vlan: entered promiscuous mode
[  980.687875][T14683] veth0_macvtap: entered promiscuous mode
[  980.724493][T14683] veth1_macvtap: entered promiscuous mode
[  980.824299][T14683] batman_adv: batadv0: Interface activated: batadv_slave_0
[  980.892404][T14683] batman_adv: batadv0: Interface activated: batadv_slave_1
[  980.941041][T14976] loop8: detected capacity change from 0 to 2048
[  980.974533][T11916] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  981.010394][T14976] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  981.025849][T11916] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  981.028903][T14981] loop0: detected capacity change from 0 to 1024
[  981.057647][ T6349] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  981.095739][T14984] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  981.118447][T14981] EXT4-fs: Ignoring removed oldalloc option
[  981.127051][ T6349] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  981.166012][T14981] EXT4-fs: Ignoring removed bh option
[  981.328857][T14981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  981.550405][T14990] loop2: detected capacity change from 0 to 128
[  981.582460][T14992] loop8: detected capacity change from 0 to 128
[  981.591053][T11916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  981.628423][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  981.637870][T11916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  981.693037][T14990] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  981.728658][T14992] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  981.791066][T14990] ext4 filesystem being mounted at /480/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  981.826258][T14992] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  981.896771][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  981.904636][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  982.620099][T15004] loop0: detected capacity change from 0 to 1024
[  982.740180][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  982.768542][T14972] loop1: detected capacity change from 0 to 32768
[  982.984320][T14972] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  983.910281][T15019] hfsplus: found bad thread record in catalog
[  983.919986][T15019] hfsplus: found bad thread record in catalog
[  984.257762][ T5837] (syz-executor,5837,0):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[  984.291082][ T6348] hfsplus: b-tree write err: -5, ino 4
[  984.368732][ T5837] ocfs2: Unmounting device (7,1) on (node local)
[  984.652205][T15023] netlink: 256 bytes leftover after parsing attributes in process `syz.8.2752'.
[  985.458275][T15033] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  987.711013][T15052] loop9: detected capacity change from 0 to 1024
[  987.749554][T15052] EXT4-fs: Ignoring removed oldalloc option
[  987.776128][T15052] EXT4-fs: Ignoring removed bh option
[  987.915621][T15052] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  988.204510][T13669] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  988.642820][T15068] loop9: detected capacity change from 0 to 128
[  988.728884][T15068] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  988.881870][T15068] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  989.002501][ T5832] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  990.190190][T15075] loop8: detected capacity change from 0 to 16
[  990.251295][T15075] erofs (device loop8): mounted with root inode @ nid 36.
[  990.375973][   T30] audit: type=1400 audit(1763172116.260:80): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A2F2F47170749D4C1 pid=15073 comm="syz.8.2764"
[  990.513127][T13669] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  990.682055][T15086] loop8: detected capacity change from 0 to 1024
[  991.259887][T15086] hfsplus: found bad thread record in catalog
[  991.266858][T15086] hfsplus: found bad thread record in catalog
[  992.906733][T15108] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2771'.
[  994.059470][T15117] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2776'.
[  994.079522][T15117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2776'.
[  994.120860][ T6158] hfsplus: b-tree write err: -5, ino 4
[  994.294459][T15119] loop1: detected capacity change from 0 to 1024
[  994.294469][T15122] loop0: detected capacity change from 0 to 1024
[  994.368629][T15119] EXT4-fs: Ignoring removed oldalloc option
[  994.374810][T15119] EXT4-fs: Ignoring removed bh option
[  994.714154][T15119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  995.431888][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  995.442036][T15136] fuse: Bad value for 'rootmode'
[  995.482602][T15137] loop3: detected capacity change from 0 to 16
[  995.743294][T15137] erofs (device loop3): mounted with root inode @ nid 36.
[  996.289959][   T30] audit: type=1400 audit(1763172122.170:81): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=15134 comm="syz.3.2780"
[  997.048521][T15162] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2788'.
[  997.965582][T15169] loop2: detected capacity change from 0 to 1024
[  998.214809][T15179] loop0: detected capacity change from 0 to 512
[  999.390137][T15177] loop9: detected capacity change from 0 to 1024
[  999.493562][T15182] hfsplus: found bad thread record in catalog
[  999.506289][T15182] hfsplus: found bad thread record in catalog
[ 1000.002378][T15177] EXT4-fs: Ignoring removed oldalloc option
[ 1000.056849][T15177] EXT4-fs: Ignoring removed bh option
[ 1000.089908][ T6348] hfsplus: b-tree write err: -5, ino 4
[ 1000.202917][T15177] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1000.311063][T15191] fuse: Bad value for 'fd'
[ 1000.822773][T13669] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1000.836859][T15183] Bluetooth: hci0: Opcode 0x0401 failed: -4
[ 1001.243240][T15206] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[ 1001.576960][T11994] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1001.751282][T11994] usb 10-1: Using ep0 maxpacket: 16
[ 1001.801008][T11994] usb 10-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1001.846734][T11994] usb 10-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1001.885552][T11994] usb 10-1: Product: syz
[ 1001.901667][T11994] usb 10-1: Manufacturer: syz
[ 1001.918782][T11994] usb 10-1: SerialNumber: syz
[ 1001.953237][T11994] usb 10-1: config 0 descriptor??
[ 1002.008107][T15225] loop8: detected capacity change from 0 to 16
[ 1002.057546][T15225] MTD: Attempt to mount non-MTD device "/dev/loop8"
[ 1002.090804][ T5846] udevd[5846]: incorrect cramfs checksum on /dev/loop8
[ 1002.215558][T15230] loop0: detected capacity change from 0 to 512
[ 1002.280969][T11678] Bluetooth: hci0: command 0x0401 tx timeout
[ 1002.635135][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1002.641872][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1002.960765][ T5818] udevd[5818]: incorrect cramfs checksum on /dev/loop8
[ 1003.015866][T15234] fuse: Unknown parameter 'use00000000000000000000'
[ 1003.211156][ T5818] udevd[5818]: incorrect cramfs checksum on /dev/loop8
[ 1003.246727][T11994] usb 10-1: USB disconnect, device number 4
[ 1003.341158][T15237] loop1: detected capacity change from 0 to 1024
[ 1003.381007][T15237] EXT4-fs: Ignoring removed oldalloc option
[ 1003.424836][T15237] EXT4-fs: Ignoring removed bh option
[ 1003.455747][T15241] overlayfs: missing 'lowerdir'
[ 1003.483805][T10444] udevd[10444]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1003.487537][T15201] loop3: detected capacity change from 0 to 32768
[ 1003.586555][T15237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1003.650811][T15201] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1003.964431][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1003.974030][T14683] (syz-executor,14683,1):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[ 1004.044109][ T5984] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1004.096321][T14683] ocfs2: Unmounting device (7,3) on (node local)
[ 1004.260038][ T5984] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1004.293186][ T5984] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1004.378522][ T5984] usb 9-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1004.406724][ T5984] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.411597][T15267] netlink: 'syz.3.2819': attribute type 10 has an invalid length.
[ 1004.446764][ T5984] usb 9-1: Product: syz
[ 1004.451001][ T5984] usb 9-1: Manufacturer: syz
[ 1004.455611][ T5984] usb 9-1: SerialNumber: syz
[ 1004.456846][T15267] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2819'.
[ 1004.553663][ T5984] usb 9-1: config 0 descriptor??
[ 1004.633240][T15267] team0: Port device geneve0 added
[ 1004.877272][ T5906] usb 9-1: USB disconnect, device number 6
[ 1005.835424][T15259] loop2: detected capacity change from 0 to 40427
[ 1005.926704][T15259] F2FS-fs (loop2): Image doesn't support compression
[ 1005.953163][T15259] F2FS-fs (loop2): invalid crc value
[ 1006.004637][T15299] fuse: Unknown parameter 'use00000000000000000000'
[ 1006.087202][T15302] loop8: detected capacity change from 0 to 128
[ 1006.092332][T15298] loop9: detected capacity change from 0 to 1024
[ 1006.134092][T15298] EXT4-fs: Ignoring removed oldalloc option
[ 1006.171804][T15298] EXT4-fs: Ignoring removed bh option
[ 1006.177815][T15302] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1006.234043][T15259] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1006.250677][T15259] F2FS-fs (loop2): Start checkpoint disabled!
[ 1006.263962][T15298] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1006.295489][T15302] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1006.322144][T15259] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[ 1006.471249][T15259] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[ 1006.585096][T13669] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1006.620944][ T5906] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1006.986966][ T5906] usb 4-1: Using ep0 maxpacket: 16
[ 1007.064694][ T5906] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1007.121910][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1007.194241][ T5906] usb 4-1: Product: syz
[ 1007.208765][ T5906] usb 4-1: Manufacturer: syz
[ 1007.236437][ T5906] usb 4-1: SerialNumber: syz
[ 1007.524876][T13005] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1007.564713][ T5906] usb 4-1: config 0 descriptor??
[ 1007.577002][ T6157] kworker/u8:10: attempt to access beyond end of device
[ 1007.577002][ T6157] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1007.683653][T15327] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2835'.
[ 1008.119185][ T6157] CPU: 1 UID: 0 PID: 6157 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[ 1008.119233][ T6157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1008.119258][ T6157] Workqueue: writeback wb_workfn (flush-7:2)
[ 1008.119318][ T6157] Call Trace:
[ 1008.119330][ T6157]  <TASK>
[ 1008.119349][ T6157]  dump_stack_lvl+0x16c/0x1f0
[ 1008.119397][ T6157]  f2fs_handle_critical_error+0x624/0x9f0
[ 1008.119440][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.119484][ T6157]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1008.119554][ T6157]  f2fs_write_end_io+0x958/0xcf0
[ 1008.119601][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1008.119650][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.119704][ T6157]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1008.119746][ T6157]  bio_endio+0x713/0x860
[ 1008.119800][ T6157]  submit_bio_noacct+0x306/0x1f60
[ 1008.119850][ T6157]  __submit_merged_bio+0x33c/0x770
[ 1008.119899][ T6157]  __submit_merged_write_cond+0x319/0x3f0
[ 1008.119955][ T6157]  f2fs_write_cache_pages+0x2067/0x2570
[ 1008.120034][ T6157]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1008.120090][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120133][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120176][ T6157]  ? find_held_lock+0x2b/0x80
[ 1008.120225][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120273][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120316][ T6157]  ? do_raw_spin_unlock+0x172/0x230
[ 1008.120379][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120422][ T6157]  ? f2fs_available_free_memory+0x279/0xa30
[ 1008.120548][ T6157]  ? __lock_acquire+0xb8a/0x1c90
[ 1008.120610][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120662][ T6157]  f2fs_write_data_pages+0x4ad/0xd90
[ 1008.120722][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1008.120785][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.120828][ T6157]  ? __lock_acquire+0xb8a/0x1c90
[ 1008.120888][ T6157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1008.120942][ T6157]  do_writepages+0x27a/0x600
[ 1008.120985][ T6157]  ? __pfx_do_writepages+0x10/0x10
[ 1008.121020][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121063][ T6157]  ? reacquire_held_locks+0xcd/0x1f0
[ 1008.121121][ T6157]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 1008.121173][ T6157]  __writeback_single_inode+0x160/0xfb0
[ 1008.121224][ T6157]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1008.121270][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121313][ T6157]  ? do_raw_spin_unlock+0x172/0x230
[ 1008.121361][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121412][ T6157]  writeback_sb_inodes+0x60d/0xfa0
[ 1008.121481][ T6157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1008.121528][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121571][ T6157]  ? mark_held_locks+0x49/0x80
[ 1008.121690][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121733][ T6157]  ? rcu_is_watching+0x12/0xc0
[ 1008.121780][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.121827][ T6157]  ? queue_io+0x3f6/0x520
[ 1008.121872][ T6157]  wb_writeback+0x419/0xb70
[ 1008.121930][ T6157]  ? __pfx_wb_writeback+0x10/0x10
[ 1008.121972][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122029][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122071][ T6157]  ? mark_held_locks+0x49/0x80
[ 1008.122137][ T6157]  wb_workfn+0x14d/0xbe0
[ 1008.122189][ T6157]  ? try_to_wake_up+0x160/0x1870
[ 1008.122236][ T6157]  ? __pfx_wb_workfn+0x10/0x10
[ 1008.122288][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122336][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122388][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122431][ T6157]  ? rcu_is_watching+0x12/0xc0
[ 1008.122486][ T6157]  process_one_work+0x9cf/0x1b70
[ 1008.122542][ T6157]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 1008.122605][ T6157]  ? __pfx_process_one_work+0x10/0x10
[ 1008.122646][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122701][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122744][ T6157]  ? assign_work+0x1a0/0x250
[ 1008.122785][ T6157]  worker_thread+0x6c8/0xf10
[ 1008.122836][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122881][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.122924][ T6157]  ? __kthread_parkme+0x19e/0x250
[ 1008.122976][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.123023][ T6157]  ? __pfx_worker_thread+0x10/0x10
[ 1008.123063][ T6157]  kthread+0x3c5/0x780
[ 1008.123100][ T6157]  ? __pfx_kthread+0x10/0x10
[ 1008.123138][ T6157]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1008.123181][ T6157]  ? rcu_is_watching+0x12/0xc0
[ 1008.123229][ T6157]  ? __pfx_kthread+0x10/0x10
[ 1008.123267][ T6157]  ret_from_fork+0x675/0x7d0
[ 1008.123298][ T6157]  ? __pfx_kthread+0x10/0x10
[ 1008.123335][ T6157]  ret_from_fork_asm+0x1a/0x30
[ 1008.123418][ T6157]  </TASK>
[ 1008.123431][ T6157] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[ 1008.732248][ T5906] usb 4-1: USB disconnect, device number 31
[ 1008.821676][T15329] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2839'.
[ 1008.896451][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1009.055705][T15337] loop1: detected capacity change from 0 to 1024
[ 1009.647625][T15344] hfsplus: found bad thread record in catalog
[ 1009.660556][T15344] hfsplus: found bad thread record in catalog
[ 1010.279779][ T6350] hfsplus: b-tree write err: -5, ino 4
[ 1011.077857][T15360] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1011.465841][T15364] loop1: detected capacity change from 0 to 4096
[ 1011.678771][T15382] loop0: detected capacity change from 0 to 16
[ 1011.749163][T15385] loop3: detected capacity change from 0 to 512
[ 1012.528678][T15382] erofs (device loop0): mounted with root inode @ nid 36.
[ 1012.629218][T15386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2847'.
[ 1013.452193][   T30] audit: type=1400 audit(1763172139.350:82): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=15381 comm="syz.0.2854"
[ 1013.973534][T11516] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[ 1014.606877][T11516] usb 10-1: Using ep0 maxpacket: 8
[ 1014.644927][T11516] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1014.682825][T11516] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1014.904702][T11516] usb 10-1: config 1 has no interface number 1
[ 1015.622419][T11516] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1015.661498][T15403] Bluetooth: hci0: Opcode 0x0401 failed: -4
[ 1015.772160][T11516] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1015.789444][T11516] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1015.826820][ T5984] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1016.012736][T11516] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1016.046775][ T5984] usb 4-1: Using ep0 maxpacket: 16
[ 1016.071011][ T5984] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1016.101369][T15415] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1016.119266][ T5984] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1016.128298][T11516] usb 10-1: USB disconnect, device number 5
[ 1016.174124][ T5984] usb 4-1: Product: syz
[ 1016.187816][ T5984] usb 4-1: Manufacturer: syz
[ 1016.230678][ T5984] usb 4-1: SerialNumber: syz
[ 1016.238876][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1016.284213][ T5984] usb 4-1: config 0 descriptor??
[ 1016.391282][T15421] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1017.116690][T11678] Bluetooth: hci0: command 0x0401 tx timeout
[ 1017.239185][ T5984] usb 4-1: USB disconnect, device number 32
[ 1017.380501][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1018.693053][T15444] loop1: detected capacity change from 0 to 512
[ 1019.690826][T15445] loop8: detected capacity change from 0 to 16
[ 1019.756288][T15445] erofs (device loop8): mounted with root inode @ nid 36.
[ 1020.334053][   T30] audit: type=1400 audit(1763172146.230:83): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=15440 comm="syz.8.2870"
[ 1021.206796][T15461] mkiss: ax0: crc mode is auto.
[ 1021.799075][T15480] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1021.835470][T15482] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1021.908419][T15484] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2883'.
[ 1022.184691][T15491] loop3: detected capacity change from 0 to 1024
[ 1022.985504][T15500] loop1: detected capacity change from 0 to 512
[ 1022.997115][T15499] hfsplus: found bad thread record in catalog
[ 1023.003863][T15499] hfsplus: found bad thread record in catalog
[ 1023.494959][ T6349] hfsplus: b-tree write err: -5, ino 4
[ 1024.361163][T15513] loop3: detected capacity change from 0 to 1024
[ 1024.388563][T15516] loop0: detected capacity change from 0 to 16
[ 1024.422270][T15516] erofs (device loop0): mounted with root inode @ nid 36.
[ 1024.822809][   T30] audit: type=1400 audit(1763172150.720:84): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="://" pid=15508 comm="syz.0.2891"
[ 1026.254644][T15530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2895'.
[ 1026.471738][T15537] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1026.530811][T15539] loop9: detected capacity change from 0 to 16
[ 1026.607228][T11516] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1026.626602][T15539] MTD: Attempt to mount non-MTD device "/dev/loop9"
[ 1026.798837][T11516] usb 2-1: Using ep0 maxpacket: 8
[ 1026.826330][ T6173] udevd[6173]: incorrect cramfs checksum on /dev/loop9
[ 1026.838515][T11516] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1026.872885][T15545] loop8: detected capacity change from 0 to 1024
[ 1026.876779][T11516] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1026.916781][T11516] usb 2-1: config 1 has no interface number 1
[ 1026.975800][ T6173] udevd[6173]: incorrect cramfs checksum on /dev/loop9
[ 1026.976797][T11516] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1027.084566][T11516] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1027.106837][T11516] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1027.162585][T11516] usb 2-1: Manufacturer: ೵侻ਙȯ
[ 1027.520832][T15556] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1027.545023][T15554] hfsplus: found bad thread record in catalog
[ 1027.551840][T15554] hfsplus: found bad thread record in catalog
[ 1027.558115][T15557] loop3: detected capacity change from 0 to 128
[ 1027.839261][T15557] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1027.858918][T15446] hfsplus: b-tree write err: -5, ino 4
[ 1027.887725][T11516] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1027.900015][T15557] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1028.025643][T11516] usb 2-1: USB disconnect, device number 49
[ 1028.172472][T14683] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1028.274625][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1029.189396][T15584] loop1: detected capacity change from 0 to 1024
[ 1029.271082][T11516] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[ 1030.237199][T11516] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1030.288819][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.352331][T11516] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[ 1030.356899][T15592] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2914'.
[ 1030.376788][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.384199][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.406788][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.416366][T11516] usb 4-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[ 1030.448335][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.476707][T11516] usb 4-1: Product: syz
[ 1030.483636][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.501454][T11516] usb 4-1: SerialNumber: syz
[ 1030.515292][T11516] usb 4-1: config 0 descriptor??
[ 1030.583029][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.590987][T11516] usb 4-1: selecting invalid altsetting 1
[ 1030.591021][T11516] usb 4-1: Can not set alternate setting to 1, error: -22
[ 1030.591060][T11516] synaptics_usb 4-1:0.0: probe with driver synaptics_usb failed with error -22
[ 1030.704851][T15584] hfsplus: request for non-existent node 16777216 in B*Tree
[ 1030.791237][   T30] audit: type=1800 audit(1763172156.680:85): pid=15584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2912" name="file1" dev="loop1" ino=20 res=0 errno=0
[ 1030.800557][   T43] usb 4-1: USB disconnect, device number 33
[ 1031.777000][ T5906] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1031.790196][T15618] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1031.996815][ T5906] usb 2-1: Using ep0 maxpacket: 8
[ 1032.014586][ T5906] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1032.064547][ T5906] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1032.123977][ T5906] usb 2-1: config 1 has no interface number 1
[ 1032.239764][ T5906] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1033.057411][ T5906] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1033.069517][T15633] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2926'.
[ 1033.084416][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1033.148879][ T5906] usb 2-1: Manufacturer: ೵侻ਙȯ
[ 1033.183150][T15639] loop3: detected capacity change from 0 to 64
[ 1033.287100][T15641] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1033.425107][ T5906] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1033.696040][ T5906] usb 2-1: USB disconnect, device number 50
[ 1033.853830][T15650] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2932'.
[ 1034.049237][ T6173] udevd[6173]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1036.220342][T15676] loop2: detected capacity change from 0 to 128
[ 1036.261140][T15678] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1036.373194][T15680] loop9: detected capacity change from 0 to 1024
[ 1036.410294][T15676] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1036.437148][T15680] EXT4-fs: Ignoring removed oldalloc option
[ 1036.443130][T15680] EXT4-fs: Ignoring removed bh option
[ 1036.470665][T15676] ext4 filesystem being mounted at /507/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1036.507841][T15684] loop8: detected capacity change from 0 to 128
[ 1036.597302][T15680] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1037.684993][T15696] loop1: detected capacity change from 0 to 512
[ 1038.217359][T15684] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1038.244257][T15684] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1038.469405][    C1] ------------[ cut here ]------------
[ 1038.475503][    C1] ODEBUG: free active (active state 0) object: ffff888028bf7090 object type: timer_list hint: rose_t0timer_expiry+0x0/0x150
[ 1038.489187][    C1] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[ 1038.498462][    C1] Modules linked in:
[ 1038.502723][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1038.511723][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1038.521853][    C1] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1038.527713][    C1] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 20 87 f0 8b 4c 89 e6 48 c7 c7 a0 7b f0 8b e8 ff 87 d0 fc 90 <0f> 0b 90 90 58 83 05 f6 e5 d7 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1038.547378][    C1] RSP: 0018:ffffc90000a08a18 EFLAGS: 00010282
[ 1038.553455][    C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817b1cd8
[ 1038.561481][    C1] RDX: ffff88801d28dac0 RSI: ffffffff817b1ce5 RDI: 0000000000000001
[ 1038.569482][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1038.577514][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8bf08240
[ 1038.585487][    C1] R13: ffffffff8b9021e0 R14: ffffffff8a4bcdd0 R15: ffffc90000a08b18
[ 1038.593508][    C1] FS:  0000000000000000(0000) GS:ffff888124b07000(0000) knlGS:0000000000000000
[ 1038.602831][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1038.609437][    C1] CR2: 000020000000a000 CR3: 0000000042dce000 CR4: 0000000000350ef0
[ 1038.617441][    C1] Call Trace:
[ 1038.620712][    C1]  <IRQ>
[ 1038.623547][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1038.629238][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1038.635051][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.640730][    C1]  debug_check_no_obj_freed+0x4b7/0x600
[ 1038.646359][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1038.652480][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.658238][    C1]  ? mark_held_locks+0x49/0x80
[ 1038.663051][    C1]  ? kasan_quarantine_put+0x10a/0x240
[ 1038.668468][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.674117][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1038.679383][    C1]  kfree+0x291/0x6d0
[ 1038.683290][    C1]  ? rose_timer_expiry+0x53f/0x630
[ 1038.688440][    C1]  ? rose_timer_expiry+0x53f/0x630
[ 1038.693560][    C1]  rose_timer_expiry+0x53f/0x630
[ 1038.698578][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1038.704046][    C1]  call_timer_fn+0x19a/0x620
[ 1038.708686][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1038.713874][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.719601][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.725421][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1038.730277][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1038.735752][    C1]  __run_timers+0x6ef/0x960
[ 1038.740294][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1038.745353][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.751027][    C1]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1038.756697][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1038.761944][    C1]  run_timer_base+0x114/0x190
[ 1038.766698][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1038.771915][    C1]  run_timer_softirq+0x1a/0x40
[ 1038.776715][    C1]  handle_softirqs+0x219/0x8e0
[ 1038.781531][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1038.786854][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.792506][    C1]  __irq_exit_rcu+0x109/0x170
[ 1038.797287][    C1]  irq_exit_rcu+0x9/0x30
[ 1038.801543][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1038.807215][    C1]  </IRQ>
[ 1038.810141][    C1]  <TASK>
[ 1038.813115][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1038.819138][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[ 1038.825601][    C1] Code: fb 09 00 00 44 8b 05 29 63 f8 0e 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 0f d4 3a 00 fb 65 48 8b 1d ee 79 17 12 <48> 8d bb 58 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[ 1038.845248][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1038.851539][    C1] RSP: 0018:ffffc90000197bc8 EFLAGS: 00000202
[ 1038.857642][    C1] RAX: 000000000154344f RBX: ffff88801d28dac0 RCX: ffffffff81c4e92f
[ 1038.865645][    C1] RDX: 0000000000000000 RSI: ffffffff8da2a6ed RDI: ffffffff8bf07640
[ 1038.873652][    C1] RBP: ffffc90000197c10 R08: 0000000000000001 R09: 0000000000000001
[ 1038.881674][    C1] R10: ffffffff908248d7 R11: 0000000000000001 R12: ffff8880b853a4c0
[ 1038.889672][    C1] R13: ffff88802f3c8000 R14: ffff8880b843a4c0 R15: ffff8880b853b2f0
[ 1038.897698][    C1]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1038.903706][    C1]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1038.909551][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.915223][    C1]  ? __switch_to+0x7af/0x11b0
[ 1038.919949][    C1]  __schedule+0x1198/0x5de0
[ 1038.924485][    C1]  ? __pfx___schedule+0x10/0x10
[ 1038.929382][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.935025][    C1]  ? find_held_lock+0x2b/0x80
[ 1038.939754][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1038.945436][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1038.950343][    C1]  schedule_idle+0x5c/0x90
[ 1038.954774][    C1]  do_idle+0x2b3/0x500
[ 1038.958887][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1038.963521][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1038.968761][    C1]  cpu_startup_entry+0x4f/0x60
[ 1038.973537][    C1]  start_secondary+0x21d/0x2b0
[ 1038.978360][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1038.983716][    C1]  common_startup_64+0x13e/0x148
[ 1038.988807][    C1]  </TASK>
[ 1038.991853][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1038.999129][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1039.008067][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1039.018132][    C1] Call Trace:
[ 1039.021412][    C1]  <IRQ>
[ 1039.024246][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1039.028855][    C1]  vpanic+0x640/0x6f0
[ 1039.032865][    C1]  ? debug_print_object+0x1a2/0x2b0
[ 1039.038073][    C1]  panic+0xca/0xd0
[ 1039.041823][    C1]  ? __pfx_panic+0x10/0x10
[ 1039.046267][    C1]  ? check_panic_on_warn+0x1f/0xb0
[ 1039.051401][    C1]  check_panic_on_warn+0xab/0xb0
[ 1039.056369][    C1]  __warn+0xf6/0x3c0
[ 1039.060269][    C1]  ? debug_print_object+0x1a2/0x2b0
[ 1039.065472][    C1]  report_bug+0x3c3/0x580
[ 1039.069805][    C1]  ? debug_print_object+0x1a2/0x2b0
[ 1039.075098][    C1]  handle_bug+0x184/0x210
[ 1039.079449][    C1]  exc_invalid_op+0x17/0x50
[ 1039.083968][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1039.088822][    C1] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1039.094638][    C1] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 20 87 f0 8b 4c 89 e6 48 c7 c7 a0 7b f0 8b e8 ff 87 d0 fc 90 <0f> 0b 90 90 58 83 05 f6 e5 d7 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1039.114251][    C1] RSP: 0018:ffffc90000a08a18 EFLAGS: 00010282
[ 1039.120329][    C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817b1cd8
[ 1039.128298][    C1] RDX: ffff88801d28dac0 RSI: ffffffff817b1ce5 RDI: 0000000000000001
[ 1039.136269][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1039.144241][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8bf08240
[ 1039.152212][    C1] R13: ffffffff8b9021e0 R14: ffffffff8a4bcdd0 R15: ffffc90000a08b18
[ 1039.160183][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1039.165857][    C1]  ? __warn_printk+0x198/0x350
[ 1039.170653][    C1]  ? __warn_printk+0x1a5/0x350
[ 1039.175478][    C1]  ? debug_print_object+0x1a1/0x2b0
[ 1039.180684][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1039.186340][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1039.192182][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.197829][    C1]  debug_check_no_obj_freed+0x4b7/0x600
[ 1039.203406][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1039.209498][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.215150][    C1]  ? mark_held_locks+0x49/0x80
[ 1039.219976][    C1]  ? kasan_quarantine_put+0x10a/0x240
[ 1039.225376][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.231033][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1039.236254][    C1]  kfree+0x291/0x6d0
[ 1039.240159][    C1]  ? rose_timer_expiry+0x53f/0x630
[ 1039.245373][    C1]  ? rose_timer_expiry+0x53f/0x630
[ 1039.250487][    C1]  rose_timer_expiry+0x53f/0x630
[ 1039.255435][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1039.260898][    C1]  call_timer_fn+0x19a/0x620
[ 1039.265491][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1039.270620][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.276268][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.281907][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1039.286744][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1039.292211][    C1]  __run_timers+0x6ef/0x960
[ 1039.296745][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1039.301800][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.307450][    C1]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1039.313086][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1039.318313][    C1]  run_timer_base+0x114/0x190
[ 1039.323019][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1039.328227][    C1]  run_timer_softirq+0x1a/0x40
[ 1039.333010][    C1]  handle_softirqs+0x219/0x8e0
[ 1039.337788][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1039.343084][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.348731][    C1]  __irq_exit_rcu+0x109/0x170
[ 1039.353417][    C1]  irq_exit_rcu+0x9/0x30
[ 1039.357667][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1039.363312][    C1]  </IRQ>
[ 1039.366238][    C1]  <TASK>
[ 1039.369163][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1039.375182][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[ 1039.381612][    C1] Code: fb 09 00 00 44 8b 05 29 63 f8 0e 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 0f d4 3a 00 fb 65 48 8b 1d ee 79 17 12 <48> 8d bb 58 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[ 1039.401338][    C1] RSP: 0018:ffffc90000197bc8 EFLAGS: 00000202
[ 1039.407418][    C1] RAX: 000000000154344f RBX: ffff88801d28dac0 RCX: ffffffff81c4e92f
[ 1039.415474][    C1] RDX: 0000000000000000 RSI: ffffffff8da2a6ed RDI: ffffffff8bf07640
[ 1039.423445][    C1] RBP: ffffc90000197c10 R08: 0000000000000001 R09: 0000000000000001
[ 1039.431416][    C1] R10: ffffffff908248d7 R11: 0000000000000001 R12: ffff8880b853a4c0
[ 1039.439385][    C1] R13: ffff88802f3c8000 R14: ffff8880b843a4c0 R15: ffff8880b853b2f0
[ 1039.447370][    C1]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1039.453380][    C1]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1039.459217][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.464857][    C1]  ? __switch_to+0x7af/0x11b0
[ 1039.469547][    C1]  __schedule+0x1198/0x5de0
[ 1039.474085][    C1]  ? __pfx___schedule+0x10/0x10
[ 1039.478942][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.484588][    C1]  ? find_held_lock+0x2b/0x80
[ 1039.489296][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1039.494940][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1039.499726][    C1]  schedule_idle+0x5c/0x90
[ 1039.504156][    C1]  do_idle+0x2b3/0x500
[ 1039.508245][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1039.512847][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1039.518058][    C1]  cpu_startup_entry+0x4f/0x60
[ 1039.522842][    C1]  start_secondary+0x21d/0x2b0
[ 1039.527645][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1039.532956][    C1]  common_startup_64+0x13e/0x148
[ 1039.537919][    C1]  </TASK>
[ 1039.541209][    C1] Kernel Offset: disabled
[ 1039.545531][    C1] Rebooting in 86400 seconds..